TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 422ab1f835300e3a5d88e3011f7c85e7ee0b0e51 / . / tests / opt-testcases / tls13-compat.sh
blob: 31a79e7481e7103cd60cd94fa80df9cc49ca0621 [file] [log] [blame]
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1#!/bin/sh
2
3# tls13-compat.sh
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# Purpose
21#
22# List TLS1.3 compat test cases. They are generated by
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]23# `./tests/scripts/generate_tls13_compat_tests.py -a -o ./tests/opt-testcases/tls13-compat.sh`.
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24#
25# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
26# AND REGENERATE THIS FILE.
27#
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]28requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]29requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]30requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]31requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
32requires_openssl_tls1_3
33run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]34 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]35 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]36 0 \
37 -s "Protocol is TLSv1.3" \
38 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
39 -s "received signature algorithm: 0x403" \
40 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]41 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]42 -C "received HelloRetryRequest message"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]43
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]44requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]45requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]46requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]47requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
48requires_openssl_tls1_3
49run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]50 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]51 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]52 0 \
53 -s "Protocol is TLSv1.3" \
54 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
55 -s "received signature algorithm: 0x503" \
56 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]57 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]58 -C "received HelloRetryRequest message"
59
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]60requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]61requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]62requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]63requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
64requires_openssl_tls1_3
65run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]66 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]67 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]68 0 \
69 -s "Protocol is TLSv1.3" \
70 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
71 -s "received signature algorithm: 0x603" \
72 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]73 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]74 -C "received HelloRetryRequest message"
75
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]76requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]77requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]78requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]79requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
80requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
81requires_openssl_tls1_3
82run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]83 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]84 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]85 0 \
86 -s "Protocol is TLSv1.3" \
87 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
88 -s "received signature algorithm: 0x804" \
89 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]90 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]91 -C "received HelloRetryRequest message"
92
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]93requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]94requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]95requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]96requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
97requires_openssl_tls1_3
98run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]99 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]100 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]101 0 \
102 -s "Protocol is TLSv1.3" \
103 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
104 -s "received signature algorithm: 0x403" \
105 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]106 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]107 -C "received HelloRetryRequest message"
108
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]109requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]110requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]111requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]112requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
113requires_openssl_tls1_3
114run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]115 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]116 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]117 0 \
118 -s "Protocol is TLSv1.3" \
119 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
120 -s "received signature algorithm: 0x503" \
121 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]122 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]123 -C "received HelloRetryRequest message"
124
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]125requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]126requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]127requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]128requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
129requires_openssl_tls1_3
130run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]131 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]132 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]133 0 \
134 -s "Protocol is TLSv1.3" \
135 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
136 -s "received signature algorithm: 0x603" \
137 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]138 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]139 -C "received HelloRetryRequest message"
140
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]141requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]142requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]144requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
145requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
146requires_openssl_tls1_3
147run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]148 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]149 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]150 0 \
151 -s "Protocol is TLSv1.3" \
152 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
153 -s "received signature algorithm: 0x804" \
154 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]155 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]156 -C "received HelloRetryRequest message"
157
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]158requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]159requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]160requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
162requires_openssl_tls1_3
163run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]164 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]165 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]166 0 \
167 -s "Protocol is TLSv1.3" \
168 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
169 -s "received signature algorithm: 0x403" \
170 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]171 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]172 -C "received HelloRetryRequest message"
173
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]174requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]175requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]176requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]177requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
178requires_openssl_tls1_3
179run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]180 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]181 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]182 0 \
183 -s "Protocol is TLSv1.3" \
184 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
185 -s "received signature algorithm: 0x503" \
186 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]187 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]188 -C "received HelloRetryRequest message"
189
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]190requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]191requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]192requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]193requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
194requires_openssl_tls1_3
195run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]196 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]197 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]198 0 \
199 -s "Protocol is TLSv1.3" \
200 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
201 -s "received signature algorithm: 0x603" \
202 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]203 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]204 -C "received HelloRetryRequest message"
205
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]206requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]207requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]208requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]209requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
210requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
211requires_openssl_tls1_3
212run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]213 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]214 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]215 0 \
216 -s "Protocol is TLSv1.3" \
217 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
218 -s "received signature algorithm: 0x804" \
219 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]220 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]221 -C "received HelloRetryRequest message"
222
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]223requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]224requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]225requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]226requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
227requires_openssl_tls1_3
228run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]229 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]230 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]231 0 \
232 -s "Protocol is TLSv1.3" \
233 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
234 -s "received signature algorithm: 0x403" \
235 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]236 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]237 -C "received HelloRetryRequest message"
238
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]239requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]240requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]241requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]242requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
243requires_openssl_tls1_3
244run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]245 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]246 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]247 0 \
248 -s "Protocol is TLSv1.3" \
249 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
250 -s "received signature algorithm: 0x503" \
251 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]252 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]253 -C "received HelloRetryRequest message"
254
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]255requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]256requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]257requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]258requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
259requires_openssl_tls1_3
260run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]261 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]262 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]263 0 \
264 -s "Protocol is TLSv1.3" \
265 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
266 -s "received signature algorithm: 0x603" \
267 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]268 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]269 -C "received HelloRetryRequest message"
270
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]271requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]272requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]273requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]274requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
275requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
276requires_openssl_tls1_3
277run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]278 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]279 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]280 0 \
281 -s "Protocol is TLSv1.3" \
282 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
283 -s "received signature algorithm: 0x804" \
284 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]285 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]286 -C "received HelloRetryRequest message"
287
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]288requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]289requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]291requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
292requires_openssl_tls1_3
293run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]294 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]295 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]296 0 \
297 -s "Protocol is TLSv1.3" \
298 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
299 -s "received signature algorithm: 0x403" \
300 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]301 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]302 -C "received HelloRetryRequest message"
303
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]304requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]305requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]306requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]307requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
308requires_openssl_tls1_3
309run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]310 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]311 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]312 0 \
313 -s "Protocol is TLSv1.3" \
314 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
315 -s "received signature algorithm: 0x503" \
316 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]317 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]318 -C "received HelloRetryRequest message"
319
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]320requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]321requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]322requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]323requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
324requires_openssl_tls1_3
325run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]326 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]327 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]328 0 \
329 -s "Protocol is TLSv1.3" \
330 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
331 -s "received signature algorithm: 0x603" \
332 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]333 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]334 -C "received HelloRetryRequest message"
335
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]336requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]337requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]338requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
340requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
341requires_openssl_tls1_3
342run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]343 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]344 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]345 0 \
346 -s "Protocol is TLSv1.3" \
347 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
348 -s "received signature algorithm: 0x804" \
349 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]350 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]351 -C "received HelloRetryRequest message"
352
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]353requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]354requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]355requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]356requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
357requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]358requires_openssl_3_x
359run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
360 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
361 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
362 0 \
363 -s "Protocol is TLSv1.3" \
364 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
365 -s "received signature algorithm: 0x403" \
366 -s "got named group: ffdhe2048(0100)" \
367 -s "Certificate verification was skipped" \
368 -C "received HelloRetryRequest message"
369
370requires_config_enabled MBEDTLS_SSL_SRV_C
371requires_config_enabled MBEDTLS_DEBUG_C
372requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
373requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
374requires_openssl_tls1_3
375requires_openssl_3_x
376run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
377 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
378 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
379 0 \
380 -s "Protocol is TLSv1.3" \
381 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
382 -s "received signature algorithm: 0x503" \
383 -s "got named group: ffdhe2048(0100)" \
384 -s "Certificate verification was skipped" \
385 -C "received HelloRetryRequest message"
386
387requires_config_enabled MBEDTLS_SSL_SRV_C
388requires_config_enabled MBEDTLS_DEBUG_C
389requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
390requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
391requires_openssl_tls1_3
392requires_openssl_3_x
393run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
394 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
395 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
396 0 \
397 -s "Protocol is TLSv1.3" \
398 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
399 -s "received signature algorithm: 0x603" \
400 -s "got named group: ffdhe2048(0100)" \
401 -s "Certificate verification was skipped" \
402 -C "received HelloRetryRequest message"
403
404requires_config_enabled MBEDTLS_SSL_SRV_C
405requires_config_enabled MBEDTLS_DEBUG_C
406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
407requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
408requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
409requires_openssl_tls1_3
410requires_openssl_3_x
411run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
412 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
413 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
414 0 \
415 -s "Protocol is TLSv1.3" \
416 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
417 -s "received signature algorithm: 0x804" \
418 -s "got named group: ffdhe2048(0100)" \
419 -s "Certificate verification was skipped" \
420 -C "received HelloRetryRequest message"
421
422requires_config_enabled MBEDTLS_SSL_SRV_C
423requires_config_enabled MBEDTLS_DEBUG_C
424requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
425requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
426requires_openssl_tls1_3
427requires_openssl_3_x
428run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
429 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
430 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe3072 -msg -tls1_3" \
431 0 \
432 -s "Protocol is TLSv1.3" \
433 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
434 -s "received signature algorithm: 0x403" \
435 -s "got named group: ffdhe3072(0101)" \
436 -s "Certificate verification was skipped" \
437 -C "received HelloRetryRequest message"
438
439requires_config_enabled MBEDTLS_SSL_SRV_C
440requires_config_enabled MBEDTLS_DEBUG_C
441requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
442requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
443requires_openssl_tls1_3
444requires_openssl_3_x
445run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
446 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
447 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe3072 -msg -tls1_3" \
448 0 \
449 -s "Protocol is TLSv1.3" \
450 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
451 -s "received signature algorithm: 0x503" \
452 -s "got named group: ffdhe3072(0101)" \
453 -s "Certificate verification was skipped" \
454 -C "received HelloRetryRequest message"
455
456requires_config_enabled MBEDTLS_SSL_SRV_C
457requires_config_enabled MBEDTLS_DEBUG_C
458requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
459requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
460requires_openssl_tls1_3
461requires_openssl_3_x
462run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
463 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
464 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe3072 -msg -tls1_3" \
465 0 \
466 -s "Protocol is TLSv1.3" \
467 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
468 -s "received signature algorithm: 0x603" \
469 -s "got named group: ffdhe3072(0101)" \
470 -s "Certificate verification was skipped" \
471 -C "received HelloRetryRequest message"
472
473requires_config_enabled MBEDTLS_SSL_SRV_C
474requires_config_enabled MBEDTLS_DEBUG_C
475requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
476requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
477requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
478requires_openssl_tls1_3
479requires_openssl_3_x
480run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
481 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
482 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe3072 -msg -tls1_3" \
483 0 \
484 -s "Protocol is TLSv1.3" \
485 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
486 -s "received signature algorithm: 0x804" \
487 -s "got named group: ffdhe3072(0101)" \
488 -s "Certificate verification was skipped" \
489 -C "received HelloRetryRequest message"
490
491requires_config_enabled MBEDTLS_SSL_SRV_C
492requires_config_enabled MBEDTLS_DEBUG_C
493requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
494requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
495requires_openssl_tls1_3
496requires_openssl_3_x
497run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
498 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
499 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe4096 -msg -tls1_3" \
500 0 \
501 -s "Protocol is TLSv1.3" \
502 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
503 -s "received signature algorithm: 0x403" \
504 -s "got named group: ffdhe4096(0102)" \
505 -s "Certificate verification was skipped" \
506 -C "received HelloRetryRequest message"
507
508requires_config_enabled MBEDTLS_SSL_SRV_C
509requires_config_enabled MBEDTLS_DEBUG_C
510requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
511requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
512requires_openssl_tls1_3
513requires_openssl_3_x
514run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
515 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
516 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe4096 -msg -tls1_3" \
517 0 \
518 -s "Protocol is TLSv1.3" \
519 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
520 -s "received signature algorithm: 0x503" \
521 -s "got named group: ffdhe4096(0102)" \
522 -s "Certificate verification was skipped" \
523 -C "received HelloRetryRequest message"
524
525requires_config_enabled MBEDTLS_SSL_SRV_C
526requires_config_enabled MBEDTLS_DEBUG_C
527requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
528requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
529requires_openssl_tls1_3
530requires_openssl_3_x
531run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
532 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
533 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe4096 -msg -tls1_3" \
534 0 \
535 -s "Protocol is TLSv1.3" \
536 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
537 -s "received signature algorithm: 0x603" \
538 -s "got named group: ffdhe4096(0102)" \
539 -s "Certificate verification was skipped" \
540 -C "received HelloRetryRequest message"
541
542requires_config_enabled MBEDTLS_SSL_SRV_C
543requires_config_enabled MBEDTLS_DEBUG_C
544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
545requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
546requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
547requires_openssl_tls1_3
548requires_openssl_3_x
549run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
550 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
551 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe4096 -msg -tls1_3" \
552 0 \
553 -s "Protocol is TLSv1.3" \
554 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
555 -s "received signature algorithm: 0x804" \
556 -s "got named group: ffdhe4096(0102)" \
557 -s "Certificate verification was skipped" \
558 -C "received HelloRetryRequest message"
559
560requires_config_enabled MBEDTLS_SSL_SRV_C
561requires_config_enabled MBEDTLS_DEBUG_C
562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
564requires_openssl_tls1_3
565requires_openssl_3_x
566run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
567 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
568 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe6144 -msg -tls1_3" \
569 0 \
570 -s "Protocol is TLSv1.3" \
571 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
572 -s "received signature algorithm: 0x403" \
573 -s "got named group: ffdhe6144(0103)" \
574 -s "Certificate verification was skipped" \
575 -C "received HelloRetryRequest message"
576
577requires_config_enabled MBEDTLS_SSL_SRV_C
578requires_config_enabled MBEDTLS_DEBUG_C
579requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
580requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
581requires_openssl_tls1_3
582requires_openssl_3_x
583run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
584 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
585 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe6144 -msg -tls1_3" \
586 0 \
587 -s "Protocol is TLSv1.3" \
588 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
589 -s "received signature algorithm: 0x503" \
590 -s "got named group: ffdhe6144(0103)" \
591 -s "Certificate verification was skipped" \
592 -C "received HelloRetryRequest message"
593
594requires_config_enabled MBEDTLS_SSL_SRV_C
595requires_config_enabled MBEDTLS_DEBUG_C
596requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
597requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
598requires_openssl_tls1_3
599requires_openssl_3_x
600run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
601 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
602 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe6144 -msg -tls1_3" \
603 0 \
604 -s "Protocol is TLSv1.3" \
605 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
606 -s "received signature algorithm: 0x603" \
607 -s "got named group: ffdhe6144(0103)" \
608 -s "Certificate verification was skipped" \
609 -C "received HelloRetryRequest message"
610
611requires_config_enabled MBEDTLS_SSL_SRV_C
612requires_config_enabled MBEDTLS_DEBUG_C
613requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
614requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
615requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
616requires_openssl_tls1_3
617requires_openssl_3_x
618run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
619 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
620 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe6144 -msg -tls1_3" \
621 0 \
622 -s "Protocol is TLSv1.3" \
623 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
624 -s "received signature algorithm: 0x804" \
625 -s "got named group: ffdhe6144(0103)" \
626 -s "Certificate verification was skipped" \
627 -C "received HelloRetryRequest message"
628
629requires_config_enabled MBEDTLS_SSL_SRV_C
630requires_config_enabled MBEDTLS_DEBUG_C
631requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
632requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
633requires_openssl_tls1_3
634requires_openssl_3_x
635run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
636 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
637 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
638 0 \
639 -s "Protocol is TLSv1.3" \
640 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
641 -s "received signature algorithm: 0x403" \
642 -s "got named group: ffdhe8192(0104)" \
643 -s "Certificate verification was skipped" \
644 -C "received HelloRetryRequest message"
645
646requires_config_enabled MBEDTLS_SSL_SRV_C
647requires_config_enabled MBEDTLS_DEBUG_C
648requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
649requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
650requires_openssl_tls1_3
651requires_openssl_3_x
652run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
653 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
654 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
655 0 \
656 -s "Protocol is TLSv1.3" \
657 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
658 -s "received signature algorithm: 0x503" \
659 -s "got named group: ffdhe8192(0104)" \
660 -s "Certificate verification was skipped" \
661 -C "received HelloRetryRequest message"
662
663requires_config_enabled MBEDTLS_SSL_SRV_C
664requires_config_enabled MBEDTLS_DEBUG_C
665requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
666requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
667requires_openssl_tls1_3
668requires_openssl_3_x
669run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
670 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
671 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
672 0 \
673 -s "Protocol is TLSv1.3" \
674 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
675 -s "received signature algorithm: 0x603" \
676 -s "got named group: ffdhe8192(0104)" \
677 -s "Certificate verification was skipped" \
678 -C "received HelloRetryRequest message"
679
680requires_config_enabled MBEDTLS_SSL_SRV_C
681requires_config_enabled MBEDTLS_DEBUG_C
682requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
683requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
684requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
685requires_openssl_tls1_3
686requires_openssl_3_x
687run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
688 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
689 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
690 0 \
691 -s "Protocol is TLSv1.3" \
692 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
693 -s "received signature algorithm: 0x804" \
694 -s "got named group: ffdhe8192(0104)" \
695 -s "Certificate verification was skipped" \
696 -C "received HelloRetryRequest message"
697
698requires_config_enabled MBEDTLS_SSL_SRV_C
699requires_config_enabled MBEDTLS_DEBUG_C
700requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
701requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
702requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]703run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]704 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]705 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]706 0 \
707 -s "Protocol is TLSv1.3" \
708 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
709 -s "received signature algorithm: 0x403" \
710 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]711 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]712 -C "received HelloRetryRequest message"
713
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]714requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]715requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]716requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
718requires_openssl_tls1_3
719run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]720 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]721 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]722 0 \
723 -s "Protocol is TLSv1.3" \
724 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
725 -s "received signature algorithm: 0x503" \
726 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]727 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]728 -C "received HelloRetryRequest message"
729
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]730requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]731requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]732requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]733requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
734requires_openssl_tls1_3
735run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]736 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]737 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]738 0 \
739 -s "Protocol is TLSv1.3" \
740 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
741 -s "received signature algorithm: 0x603" \
742 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]743 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]744 -C "received HelloRetryRequest message"
745
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]746requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]747requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]748requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]749requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
750requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
751requires_openssl_tls1_3
752run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]753 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]754 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]755 0 \
756 -s "Protocol is TLSv1.3" \
757 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
758 -s "received signature algorithm: 0x804" \
759 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]760 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]761 -C "received HelloRetryRequest message"
762
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]763requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]764requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]765requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]766requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
767requires_openssl_tls1_3
768run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]769 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]770 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]771 0 \
772 -s "Protocol is TLSv1.3" \
773 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
774 -s "received signature algorithm: 0x403" \
775 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]776 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]777 -C "received HelloRetryRequest message"
778
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]779requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]780requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]781requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]782requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
783requires_openssl_tls1_3
784run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]785 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]786 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]787 0 \
788 -s "Protocol is TLSv1.3" \
789 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
790 -s "received signature algorithm: 0x503" \
791 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]792 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]793 -C "received HelloRetryRequest message"
794
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]795requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]796requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]797requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]798requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
799requires_openssl_tls1_3
800run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]801 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]802 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]803 0 \
804 -s "Protocol is TLSv1.3" \
805 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
806 -s "received signature algorithm: 0x603" \
807 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]808 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]809 -C "received HelloRetryRequest message"
810
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]811requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]812requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]813requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]814requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
815requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
816requires_openssl_tls1_3
817run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]818 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]819 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]820 0 \
821 -s "Protocol is TLSv1.3" \
822 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
823 -s "received signature algorithm: 0x804" \
824 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]825 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]826 -C "received HelloRetryRequest message"
827
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]828requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]829requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]830requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]831requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
832requires_openssl_tls1_3
833run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]834 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]835 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]836 0 \
837 -s "Protocol is TLSv1.3" \
838 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
839 -s "received signature algorithm: 0x403" \
840 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]841 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]842 -C "received HelloRetryRequest message"
843
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]844requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]845requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]846requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]847requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
848requires_openssl_tls1_3
849run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]850 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]851 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]852 0 \
853 -s "Protocol is TLSv1.3" \
854 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
855 -s "received signature algorithm: 0x503" \
856 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]857 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]858 -C "received HelloRetryRequest message"
859
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]860requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]861requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]862requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]863requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
864requires_openssl_tls1_3
865run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]866 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]867 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]868 0 \
869 -s "Protocol is TLSv1.3" \
870 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
871 -s "received signature algorithm: 0x603" \
872 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]873 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]874 -C "received HelloRetryRequest message"
875
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]876requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]877requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]878requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]879requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
880requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
881requires_openssl_tls1_3
882run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]883 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]884 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]885 0 \
886 -s "Protocol is TLSv1.3" \
887 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
888 -s "received signature algorithm: 0x804" \
889 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]890 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]891 -C "received HelloRetryRequest message"
892
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]893requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]894requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]895requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]896requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
897requires_openssl_tls1_3
898run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]899 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]900 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]901 0 \
902 -s "Protocol is TLSv1.3" \
903 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
904 -s "received signature algorithm: 0x403" \
905 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]906 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]907 -C "received HelloRetryRequest message"
908
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]909requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]910requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]911requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]912requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
913requires_openssl_tls1_3
914run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]915 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]916 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]917 0 \
918 -s "Protocol is TLSv1.3" \
919 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
920 -s "received signature algorithm: 0x503" \
921 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]922 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]923 -C "received HelloRetryRequest message"
924
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]925requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]926requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]927requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]928requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
929requires_openssl_tls1_3
930run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]931 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]932 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]933 0 \
934 -s "Protocol is TLSv1.3" \
935 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
936 -s "received signature algorithm: 0x603" \
937 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]938 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]939 -C "received HelloRetryRequest message"
940
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]941requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]942requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]943requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]944requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
945requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
946requires_openssl_tls1_3
947run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]948 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]949 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]950 0 \
951 -s "Protocol is TLSv1.3" \
952 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
953 -s "received signature algorithm: 0x804" \
954 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]955 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]956 -C "received HelloRetryRequest message"
957
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]958requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]959requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]960requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]961requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
962requires_openssl_tls1_3
963run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]964 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]965 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]966 0 \
967 -s "Protocol is TLSv1.3" \
968 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
969 -s "received signature algorithm: 0x403" \
970 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]971 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]972 -C "received HelloRetryRequest message"
973
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]974requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]975requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]976requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]977requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
978requires_openssl_tls1_3
979run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]980 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]981 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]982 0 \
983 -s "Protocol is TLSv1.3" \
984 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
985 -s "received signature algorithm: 0x503" \
986 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]987 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]988 -C "received HelloRetryRequest message"
989
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]990requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]991requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]992requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]993requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
994requires_openssl_tls1_3
995run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]996 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]997 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]998 0 \
999 -s "Protocol is TLSv1.3" \
1000 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1001 -s "received signature algorithm: 0x603" \
1002 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1003 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1004 -C "received HelloRetryRequest message"
1005
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1006requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1007requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1008requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1009requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1010requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1011requires_openssl_tls1_3
1012run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1013 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1014 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1015 0 \
1016 -s "Protocol is TLSv1.3" \
1017 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1018 -s "received signature algorithm: 0x804" \
1019 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1020 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1021 -C "received HelloRetryRequest message"
1022
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1023requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1024requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1025requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1026requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1027requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]1028requires_openssl_3_x
1029run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
1030 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1031 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
1032 0 \
1033 -s "Protocol is TLSv1.3" \
1034 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1035 -s "received signature algorithm: 0x403" \
1036 -s "got named group: ffdhe2048(0100)" \
1037 -s "Certificate verification was skipped" \
1038 -C "received HelloRetryRequest message"
1039
1040requires_config_enabled MBEDTLS_SSL_SRV_C
1041requires_config_enabled MBEDTLS_DEBUG_C
1042requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1043requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1044requires_openssl_tls1_3
1045requires_openssl_3_x
1046run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
1047 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1048 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
1049 0 \
1050 -s "Protocol is TLSv1.3" \
1051 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1052 -s "received signature algorithm: 0x503" \
1053 -s "got named group: ffdhe2048(0100)" \
1054 -s "Certificate verification was skipped" \
1055 -C "received HelloRetryRequest message"
1056
1057requires_config_enabled MBEDTLS_SSL_SRV_C
1058requires_config_enabled MBEDTLS_DEBUG_C
1059requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1060requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1061requires_openssl_tls1_3
1062requires_openssl_3_x
1063run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
1064 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1065 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
1066 0 \
1067 -s "Protocol is TLSv1.3" \
1068 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1069 -s "received signature algorithm: 0x603" \
1070 -s "got named group: ffdhe2048(0100)" \
1071 -s "Certificate verification was skipped" \
1072 -C "received HelloRetryRequest message"
1073
1074requires_config_enabled MBEDTLS_SSL_SRV_C
1075requires_config_enabled MBEDTLS_DEBUG_C
1076requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1077requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1078requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1079requires_openssl_tls1_3
1080requires_openssl_3_x
1081run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
1082 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1083 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
1084 0 \
1085 -s "Protocol is TLSv1.3" \
1086 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1087 -s "received signature algorithm: 0x804" \
1088 -s "got named group: ffdhe2048(0100)" \
1089 -s "Certificate verification was skipped" \
1090 -C "received HelloRetryRequest message"
1091
1092requires_config_enabled MBEDTLS_SSL_SRV_C
1093requires_config_enabled MBEDTLS_DEBUG_C
1094requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1095requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1096requires_openssl_tls1_3
1097requires_openssl_3_x
1098run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp256r1_sha256" \
1099 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1100 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe3072 -msg -tls1_3" \
1101 0 \
1102 -s "Protocol is TLSv1.3" \
1103 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1104 -s "received signature algorithm: 0x403" \
1105 -s "got named group: ffdhe3072(0101)" \
1106 -s "Certificate verification was skipped" \
1107 -C "received HelloRetryRequest message"
1108
1109requires_config_enabled MBEDTLS_SSL_SRV_C
1110requires_config_enabled MBEDTLS_DEBUG_C
1111requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1112requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1113requires_openssl_tls1_3
1114requires_openssl_3_x
1115run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp384r1_sha384" \
1116 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1117 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe3072 -msg -tls1_3" \
1118 0 \
1119 -s "Protocol is TLSv1.3" \
1120 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1121 -s "received signature algorithm: 0x503" \
1122 -s "got named group: ffdhe3072(0101)" \
1123 -s "Certificate verification was skipped" \
1124 -C "received HelloRetryRequest message"
1125
1126requires_config_enabled MBEDTLS_SSL_SRV_C
1127requires_config_enabled MBEDTLS_DEBUG_C
1128requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1129requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1130requires_openssl_tls1_3
1131requires_openssl_3_x
1132run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp521r1_sha512" \
1133 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1134 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe3072 -msg -tls1_3" \
1135 0 \
1136 -s "Protocol is TLSv1.3" \
1137 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1138 -s "received signature algorithm: 0x603" \
1139 -s "got named group: ffdhe3072(0101)" \
1140 -s "Certificate verification was skipped" \
1141 -C "received HelloRetryRequest message"
1142
1143requires_config_enabled MBEDTLS_SSL_SRV_C
1144requires_config_enabled MBEDTLS_DEBUG_C
1145requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1146requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1147requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1148requires_openssl_tls1_3
1149requires_openssl_3_x
1150run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe3072,rsa_pss_rsae_sha256" \
1151 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1152 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe3072 -msg -tls1_3" \
1153 0 \
1154 -s "Protocol is TLSv1.3" \
1155 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1156 -s "received signature algorithm: 0x804" \
1157 -s "got named group: ffdhe3072(0101)" \
1158 -s "Certificate verification was skipped" \
1159 -C "received HelloRetryRequest message"
1160
1161requires_config_enabled MBEDTLS_SSL_SRV_C
1162requires_config_enabled MBEDTLS_DEBUG_C
1163requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1164requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1165requires_openssl_tls1_3
1166requires_openssl_3_x
1167run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp256r1_sha256" \
1168 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1169 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe4096 -msg -tls1_3" \
1170 0 \
1171 -s "Protocol is TLSv1.3" \
1172 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1173 -s "received signature algorithm: 0x403" \
1174 -s "got named group: ffdhe4096(0102)" \
1175 -s "Certificate verification was skipped" \
1176 -C "received HelloRetryRequest message"
1177
1178requires_config_enabled MBEDTLS_SSL_SRV_C
1179requires_config_enabled MBEDTLS_DEBUG_C
1180requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1181requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1182requires_openssl_tls1_3
1183requires_openssl_3_x
1184run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp384r1_sha384" \
1185 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1186 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe4096 -msg -tls1_3" \
1187 0 \
1188 -s "Protocol is TLSv1.3" \
1189 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1190 -s "received signature algorithm: 0x503" \
1191 -s "got named group: ffdhe4096(0102)" \
1192 -s "Certificate verification was skipped" \
1193 -C "received HelloRetryRequest message"
1194
1195requires_config_enabled MBEDTLS_SSL_SRV_C
1196requires_config_enabled MBEDTLS_DEBUG_C
1197requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1198requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1199requires_openssl_tls1_3
1200requires_openssl_3_x
1201run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp521r1_sha512" \
1202 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1203 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe4096 -msg -tls1_3" \
1204 0 \
1205 -s "Protocol is TLSv1.3" \
1206 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1207 -s "received signature algorithm: 0x603" \
1208 -s "got named group: ffdhe4096(0102)" \
1209 -s "Certificate verification was skipped" \
1210 -C "received HelloRetryRequest message"
1211
1212requires_config_enabled MBEDTLS_SSL_SRV_C
1213requires_config_enabled MBEDTLS_DEBUG_C
1214requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1215requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1216requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1217requires_openssl_tls1_3
1218requires_openssl_3_x
1219run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe4096,rsa_pss_rsae_sha256" \
1220 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1221 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe4096 -msg -tls1_3" \
1222 0 \
1223 -s "Protocol is TLSv1.3" \
1224 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1225 -s "received signature algorithm: 0x804" \
1226 -s "got named group: ffdhe4096(0102)" \
1227 -s "Certificate verification was skipped" \
1228 -C "received HelloRetryRequest message"
1229
1230requires_config_enabled MBEDTLS_SSL_SRV_C
1231requires_config_enabled MBEDTLS_DEBUG_C
1232requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1233requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1234requires_openssl_tls1_3
1235requires_openssl_3_x
1236run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp256r1_sha256" \
1237 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1238 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe6144 -msg -tls1_3" \
1239 0 \
1240 -s "Protocol is TLSv1.3" \
1241 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1242 -s "received signature algorithm: 0x403" \
1243 -s "got named group: ffdhe6144(0103)" \
1244 -s "Certificate verification was skipped" \
1245 -C "received HelloRetryRequest message"
1246
1247requires_config_enabled MBEDTLS_SSL_SRV_C
1248requires_config_enabled MBEDTLS_DEBUG_C
1249requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1250requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1251requires_openssl_tls1_3
1252requires_openssl_3_x
1253run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp384r1_sha384" \
1254 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1255 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe6144 -msg -tls1_3" \
1256 0 \
1257 -s "Protocol is TLSv1.3" \
1258 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1259 -s "received signature algorithm: 0x503" \
1260 -s "got named group: ffdhe6144(0103)" \
1261 -s "Certificate verification was skipped" \
1262 -C "received HelloRetryRequest message"
1263
1264requires_config_enabled MBEDTLS_SSL_SRV_C
1265requires_config_enabled MBEDTLS_DEBUG_C
1266requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1267requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1268requires_openssl_tls1_3
1269requires_openssl_3_x
1270run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp521r1_sha512" \
1271 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1272 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe6144 -msg -tls1_3" \
1273 0 \
1274 -s "Protocol is TLSv1.3" \
1275 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1276 -s "received signature algorithm: 0x603" \
1277 -s "got named group: ffdhe6144(0103)" \
1278 -s "Certificate verification was skipped" \
1279 -C "received HelloRetryRequest message"
1280
1281requires_config_enabled MBEDTLS_SSL_SRV_C
1282requires_config_enabled MBEDTLS_DEBUG_C
1283requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1284requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1285requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1286requires_openssl_tls1_3
1287requires_openssl_3_x
1288run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe6144,rsa_pss_rsae_sha256" \
1289 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1290 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe6144 -msg -tls1_3" \
1291 0 \
1292 -s "Protocol is TLSv1.3" \
1293 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1294 -s "received signature algorithm: 0x804" \
1295 -s "got named group: ffdhe6144(0103)" \
1296 -s "Certificate verification was skipped" \
1297 -C "received HelloRetryRequest message"
1298
1299requires_config_enabled MBEDTLS_SSL_SRV_C
1300requires_config_enabled MBEDTLS_DEBUG_C
1301requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1302requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1303requires_openssl_tls1_3
1304requires_openssl_3_x
1305run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
1306 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1307 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
1308 0 \
1309 -s "Protocol is TLSv1.3" \
1310 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1311 -s "received signature algorithm: 0x403" \
1312 -s "got named group: ffdhe8192(0104)" \
1313 -s "Certificate verification was skipped" \
1314 -C "received HelloRetryRequest message"
1315
1316requires_config_enabled MBEDTLS_SSL_SRV_C
1317requires_config_enabled MBEDTLS_DEBUG_C
1318requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1319requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1320requires_openssl_tls1_3
1321requires_openssl_3_x
1322run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
1323 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1324 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
1325 0 \
1326 -s "Protocol is TLSv1.3" \
1327 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1328 -s "received signature algorithm: 0x503" \
1329 -s "got named group: ffdhe8192(0104)" \
1330 -s "Certificate verification was skipped" \
1331 -C "received HelloRetryRequest message"
1332
1333requires_config_enabled MBEDTLS_SSL_SRV_C
1334requires_config_enabled MBEDTLS_DEBUG_C
1335requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1336requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1337requires_openssl_tls1_3
1338requires_openssl_3_x
1339run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
1340 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1341 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
1342 0 \
1343 -s "Protocol is TLSv1.3" \
1344 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1345 -s "received signature algorithm: 0x603" \
1346 -s "got named group: ffdhe8192(0104)" \
1347 -s "Certificate verification was skipped" \
1348 -C "received HelloRetryRequest message"
1349
1350requires_config_enabled MBEDTLS_SSL_SRV_C
1351requires_config_enabled MBEDTLS_DEBUG_C
1352requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1353requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1354requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1355requires_openssl_tls1_3
1356requires_openssl_3_x
1357run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
1358 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1359 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
1360 0 \
1361 -s "Protocol is TLSv1.3" \
1362 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
1363 -s "received signature algorithm: 0x804" \
1364 -s "got named group: ffdhe8192(0104)" \
1365 -s "Certificate verification was skipped" \
1366 -C "received HelloRetryRequest message"
1367
1368requires_config_enabled MBEDTLS_SSL_SRV_C
1369requires_config_enabled MBEDTLS_DEBUG_C
1370requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1371requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1372requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1373run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1374 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1375 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1376 0 \
1377 -s "Protocol is TLSv1.3" \
1378 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1379 -s "received signature algorithm: 0x403" \
1380 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1381 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1382 -C "received HelloRetryRequest message"
1383
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1384requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1385requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1386requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1387requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1388requires_openssl_tls1_3
1389run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1390 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1391 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1392 0 \
1393 -s "Protocol is TLSv1.3" \
1394 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1395 -s "received signature algorithm: 0x503" \
1396 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1397 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1398 -C "received HelloRetryRequest message"
1399
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1400requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1401requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1402requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1403requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1404requires_openssl_tls1_3
1405run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1406 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1407 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1408 0 \
1409 -s "Protocol is TLSv1.3" \
1410 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1411 -s "received signature algorithm: 0x603" \
1412 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1413 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1414 -C "received HelloRetryRequest message"
1415
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1416requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1417requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1418requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1419requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1420requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1421requires_openssl_tls1_3
1422run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1423 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1424 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1425 0 \
1426 -s "Protocol is TLSv1.3" \
1427 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1428 -s "received signature algorithm: 0x804" \
1429 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1430 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1431 -C "received HelloRetryRequest message"
1432
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1433requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1434requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1435requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1436requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1437requires_openssl_tls1_3
1438run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1439 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1440 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1441 0 \
1442 -s "Protocol is TLSv1.3" \
1443 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1444 -s "received signature algorithm: 0x403" \
1445 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1446 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1447 -C "received HelloRetryRequest message"
1448
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1449requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1450requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1451requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1452requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1453requires_openssl_tls1_3
1454run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1455 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1456 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1457 0 \
1458 -s "Protocol is TLSv1.3" \
1459 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1460 -s "received signature algorithm: 0x503" \
1461 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1462 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1463 -C "received HelloRetryRequest message"
1464
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1465requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1466requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1467requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1468requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1469requires_openssl_tls1_3
1470run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1471 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1472 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1473 0 \
1474 -s "Protocol is TLSv1.3" \
1475 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1476 -s "received signature algorithm: 0x603" \
1477 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1478 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1479 -C "received HelloRetryRequest message"
1480
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1481requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1482requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1483requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1484requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1485requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1486requires_openssl_tls1_3
1487run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1488 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1489 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1490 0 \
1491 -s "Protocol is TLSv1.3" \
1492 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1493 -s "received signature algorithm: 0x804" \
1494 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1495 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1496 -C "received HelloRetryRequest message"
1497
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1498requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1499requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1500requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1501requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1502requires_openssl_tls1_3
1503run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1504 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1505 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1506 0 \
1507 -s "Protocol is TLSv1.3" \
1508 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1509 -s "received signature algorithm: 0x403" \
1510 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1511 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1512 -C "received HelloRetryRequest message"
1513
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1514requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1515requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1516requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1517requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1518requires_openssl_tls1_3
1519run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1520 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1521 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1522 0 \
1523 -s "Protocol is TLSv1.3" \
1524 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1525 -s "received signature algorithm: 0x503" \
1526 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1527 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1528 -C "received HelloRetryRequest message"
1529
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1530requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1531requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1532requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1533requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1534requires_openssl_tls1_3
1535run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1536 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1537 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1538 0 \
1539 -s "Protocol is TLSv1.3" \
1540 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1541 -s "received signature algorithm: 0x603" \
1542 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1543 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1544 -C "received HelloRetryRequest message"
1545
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1546requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1547requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1548requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1549requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1550requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1551requires_openssl_tls1_3
1552run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1553 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1554 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1555 0 \
1556 -s "Protocol is TLSv1.3" \
1557 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1558 -s "received signature algorithm: 0x804" \
1559 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1560 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1561 -C "received HelloRetryRequest message"
1562
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1563requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1564requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1565requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1566requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1567requires_openssl_tls1_3
1568run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1569 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1570 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1571 0 \
1572 -s "Protocol is TLSv1.3" \
1573 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1574 -s "received signature algorithm: 0x403" \
1575 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1576 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1577 -C "received HelloRetryRequest message"
1578
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1579requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1580requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1581requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1582requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1583requires_openssl_tls1_3
1584run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1585 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1586 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1587 0 \
1588 -s "Protocol is TLSv1.3" \
1589 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1590 -s "received signature algorithm: 0x503" \
1591 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1592 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1593 -C "received HelloRetryRequest message"
1594
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1595requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1596requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1597requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1598requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1599requires_openssl_tls1_3
1600run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1601 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1602 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1603 0 \
1604 -s "Protocol is TLSv1.3" \
1605 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1606 -s "received signature algorithm: 0x603" \
1607 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1608 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1609 -C "received HelloRetryRequest message"
1610
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1611requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1612requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1613requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1614requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1615requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1616requires_openssl_tls1_3
1617run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1618 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1619 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1620 0 \
1621 -s "Protocol is TLSv1.3" \
1622 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1623 -s "received signature algorithm: 0x804" \
1624 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1625 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1626 -C "received HelloRetryRequest message"
1627
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1628requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1629requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1630requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1631requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1632requires_openssl_tls1_3
1633run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1634 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1635 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1636 0 \
1637 -s "Protocol is TLSv1.3" \
1638 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1639 -s "received signature algorithm: 0x403" \
1640 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1641 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1642 -C "received HelloRetryRequest message"
1643
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1644requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1645requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1646requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1647requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1648requires_openssl_tls1_3
1649run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1650 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1651 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1652 0 \
1653 -s "Protocol is TLSv1.3" \
1654 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1655 -s "received signature algorithm: 0x503" \
1656 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1657 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1658 -C "received HelloRetryRequest message"
1659
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1660requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1661requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1662requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1663requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1664requires_openssl_tls1_3
1665run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1666 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1667 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1668 0 \
1669 -s "Protocol is TLSv1.3" \
1670 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1671 -s "received signature algorithm: 0x603" \
1672 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1673 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1674 -C "received HelloRetryRequest message"
1675
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1676requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1677requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1679requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1680requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1681requires_openssl_tls1_3
1682run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]1683 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1684 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1685 0 \
1686 -s "Protocol is TLSv1.3" \
1687 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1688 -s "received signature algorithm: 0x804" \
1689 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1690 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1691 -C "received HelloRetryRequest message"
1692
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1693requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1694requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1695requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1696requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1697requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]1698requires_openssl_3_x
1699run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
1700 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1701 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
1702 0 \
1703 -s "Protocol is TLSv1.3" \
1704 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1705 -s "received signature algorithm: 0x403" \
1706 -s "got named group: ffdhe2048(0100)" \
1707 -s "Certificate verification was skipped" \
1708 -C "received HelloRetryRequest message"
1709
1710requires_config_enabled MBEDTLS_SSL_SRV_C
1711requires_config_enabled MBEDTLS_DEBUG_C
1712requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1713requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1714requires_openssl_tls1_3
1715requires_openssl_3_x
1716run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
1717 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1718 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
1719 0 \
1720 -s "Protocol is TLSv1.3" \
1721 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1722 -s "received signature algorithm: 0x503" \
1723 -s "got named group: ffdhe2048(0100)" \
1724 -s "Certificate verification was skipped" \
1725 -C "received HelloRetryRequest message"
1726
1727requires_config_enabled MBEDTLS_SSL_SRV_C
1728requires_config_enabled MBEDTLS_DEBUG_C
1729requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1730requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1731requires_openssl_tls1_3
1732requires_openssl_3_x
1733run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
1734 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1735 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
1736 0 \
1737 -s "Protocol is TLSv1.3" \
1738 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1739 -s "received signature algorithm: 0x603" \
1740 -s "got named group: ffdhe2048(0100)" \
1741 -s "Certificate verification was skipped" \
1742 -C "received HelloRetryRequest message"
1743
1744requires_config_enabled MBEDTLS_SSL_SRV_C
1745requires_config_enabled MBEDTLS_DEBUG_C
1746requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1747requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1748requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1749requires_openssl_tls1_3
1750requires_openssl_3_x
1751run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
1752 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1753 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
1754 0 \
1755 -s "Protocol is TLSv1.3" \
1756 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1757 -s "received signature algorithm: 0x804" \
1758 -s "got named group: ffdhe2048(0100)" \
1759 -s "Certificate verification was skipped" \
1760 -C "received HelloRetryRequest message"
1761
1762requires_config_enabled MBEDTLS_SSL_SRV_C
1763requires_config_enabled MBEDTLS_DEBUG_C
1764requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1765requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1766requires_openssl_tls1_3
1767requires_openssl_3_x
1768run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
1769 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1770 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe3072 -msg -tls1_3" \
1771 0 \
1772 -s "Protocol is TLSv1.3" \
1773 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1774 -s "received signature algorithm: 0x403" \
1775 -s "got named group: ffdhe3072(0101)" \
1776 -s "Certificate verification was skipped" \
1777 -C "received HelloRetryRequest message"
1778
1779requires_config_enabled MBEDTLS_SSL_SRV_C
1780requires_config_enabled MBEDTLS_DEBUG_C
1781requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1782requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1783requires_openssl_tls1_3
1784requires_openssl_3_x
1785run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
1786 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1787 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe3072 -msg -tls1_3" \
1788 0 \
1789 -s "Protocol is TLSv1.3" \
1790 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1791 -s "received signature algorithm: 0x503" \
1792 -s "got named group: ffdhe3072(0101)" \
1793 -s "Certificate verification was skipped" \
1794 -C "received HelloRetryRequest message"
1795
1796requires_config_enabled MBEDTLS_SSL_SRV_C
1797requires_config_enabled MBEDTLS_DEBUG_C
1798requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1799requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1800requires_openssl_tls1_3
1801requires_openssl_3_x
1802run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
1803 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1804 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe3072 -msg -tls1_3" \
1805 0 \
1806 -s "Protocol is TLSv1.3" \
1807 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1808 -s "received signature algorithm: 0x603" \
1809 -s "got named group: ffdhe3072(0101)" \
1810 -s "Certificate verification was skipped" \
1811 -C "received HelloRetryRequest message"
1812
1813requires_config_enabled MBEDTLS_SSL_SRV_C
1814requires_config_enabled MBEDTLS_DEBUG_C
1815requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1816requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1817requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1818requires_openssl_tls1_3
1819requires_openssl_3_x
1820run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
1821 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1822 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe3072 -msg -tls1_3" \
1823 0 \
1824 -s "Protocol is TLSv1.3" \
1825 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1826 -s "received signature algorithm: 0x804" \
1827 -s "got named group: ffdhe3072(0101)" \
1828 -s "Certificate verification was skipped" \
1829 -C "received HelloRetryRequest message"
1830
1831requires_config_enabled MBEDTLS_SSL_SRV_C
1832requires_config_enabled MBEDTLS_DEBUG_C
1833requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1834requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1835requires_openssl_tls1_3
1836requires_openssl_3_x
1837run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
1838 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1839 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe4096 -msg -tls1_3" \
1840 0 \
1841 -s "Protocol is TLSv1.3" \
1842 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1843 -s "received signature algorithm: 0x403" \
1844 -s "got named group: ffdhe4096(0102)" \
1845 -s "Certificate verification was skipped" \
1846 -C "received HelloRetryRequest message"
1847
1848requires_config_enabled MBEDTLS_SSL_SRV_C
1849requires_config_enabled MBEDTLS_DEBUG_C
1850requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1851requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1852requires_openssl_tls1_3
1853requires_openssl_3_x
1854run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
1855 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1856 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe4096 -msg -tls1_3" \
1857 0 \
1858 -s "Protocol is TLSv1.3" \
1859 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1860 -s "received signature algorithm: 0x503" \
1861 -s "got named group: ffdhe4096(0102)" \
1862 -s "Certificate verification was skipped" \
1863 -C "received HelloRetryRequest message"
1864
1865requires_config_enabled MBEDTLS_SSL_SRV_C
1866requires_config_enabled MBEDTLS_DEBUG_C
1867requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1868requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1869requires_openssl_tls1_3
1870requires_openssl_3_x
1871run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
1872 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1873 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe4096 -msg -tls1_3" \
1874 0 \
1875 -s "Protocol is TLSv1.3" \
1876 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1877 -s "received signature algorithm: 0x603" \
1878 -s "got named group: ffdhe4096(0102)" \
1879 -s "Certificate verification was skipped" \
1880 -C "received HelloRetryRequest message"
1881
1882requires_config_enabled MBEDTLS_SSL_SRV_C
1883requires_config_enabled MBEDTLS_DEBUG_C
1884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1886requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1887requires_openssl_tls1_3
1888requires_openssl_3_x
1889run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
1890 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1891 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe4096 -msg -tls1_3" \
1892 0 \
1893 -s "Protocol is TLSv1.3" \
1894 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1895 -s "received signature algorithm: 0x804" \
1896 -s "got named group: ffdhe4096(0102)" \
1897 -s "Certificate verification was skipped" \
1898 -C "received HelloRetryRequest message"
1899
1900requires_config_enabled MBEDTLS_SSL_SRV_C
1901requires_config_enabled MBEDTLS_DEBUG_C
1902requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1903requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1904requires_openssl_tls1_3
1905requires_openssl_3_x
1906run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
1907 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1908 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe6144 -msg -tls1_3" \
1909 0 \
1910 -s "Protocol is TLSv1.3" \
1911 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1912 -s "received signature algorithm: 0x403" \
1913 -s "got named group: ffdhe6144(0103)" \
1914 -s "Certificate verification was skipped" \
1915 -C "received HelloRetryRequest message"
1916
1917requires_config_enabled MBEDTLS_SSL_SRV_C
1918requires_config_enabled MBEDTLS_DEBUG_C
1919requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1920requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1921requires_openssl_tls1_3
1922requires_openssl_3_x
1923run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
1924 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1925 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe6144 -msg -tls1_3" \
1926 0 \
1927 -s "Protocol is TLSv1.3" \
1928 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1929 -s "received signature algorithm: 0x503" \
1930 -s "got named group: ffdhe6144(0103)" \
1931 -s "Certificate verification was skipped" \
1932 -C "received HelloRetryRequest message"
1933
1934requires_config_enabled MBEDTLS_SSL_SRV_C
1935requires_config_enabled MBEDTLS_DEBUG_C
1936requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1937requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1938requires_openssl_tls1_3
1939requires_openssl_3_x
1940run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
1941 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1942 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe6144 -msg -tls1_3" \
1943 0 \
1944 -s "Protocol is TLSv1.3" \
1945 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1946 -s "received signature algorithm: 0x603" \
1947 -s "got named group: ffdhe6144(0103)" \
1948 -s "Certificate verification was skipped" \
1949 -C "received HelloRetryRequest message"
1950
1951requires_config_enabled MBEDTLS_SSL_SRV_C
1952requires_config_enabled MBEDTLS_DEBUG_C
1953requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1954requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1955requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1956requires_openssl_tls1_3
1957requires_openssl_3_x
1958run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
1959 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1960 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe6144 -msg -tls1_3" \
1961 0 \
1962 -s "Protocol is TLSv1.3" \
1963 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1964 -s "received signature algorithm: 0x804" \
1965 -s "got named group: ffdhe6144(0103)" \
1966 -s "Certificate verification was skipped" \
1967 -C "received HelloRetryRequest message"
1968
1969requires_config_enabled MBEDTLS_SSL_SRV_C
1970requires_config_enabled MBEDTLS_DEBUG_C
1971requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1972requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1973requires_openssl_tls1_3
1974requires_openssl_3_x
1975run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
1976 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1977 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
1978 0 \
1979 -s "Protocol is TLSv1.3" \
1980 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1981 -s "received signature algorithm: 0x403" \
1982 -s "got named group: ffdhe8192(0104)" \
1983 -s "Certificate verification was skipped" \
1984 -C "received HelloRetryRequest message"
1985
1986requires_config_enabled MBEDTLS_SSL_SRV_C
1987requires_config_enabled MBEDTLS_DEBUG_C
1988requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1989requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1990requires_openssl_tls1_3
1991requires_openssl_3_x
1992run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
1993 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1994 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
1995 0 \
1996 -s "Protocol is TLSv1.3" \
1997 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1998 -s "received signature algorithm: 0x503" \
1999 -s "got named group: ffdhe8192(0104)" \
2000 -s "Certificate verification was skipped" \
2001 -C "received HelloRetryRequest message"
2002
2003requires_config_enabled MBEDTLS_SSL_SRV_C
2004requires_config_enabled MBEDTLS_DEBUG_C
2005requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2006requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2007requires_openssl_tls1_3
2008requires_openssl_3_x
2009run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
2010 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2011 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
2012 0 \
2013 -s "Protocol is TLSv1.3" \
2014 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2015 -s "received signature algorithm: 0x603" \
2016 -s "got named group: ffdhe8192(0104)" \
2017 -s "Certificate verification was skipped" \
2018 -C "received HelloRetryRequest message"
2019
2020requires_config_enabled MBEDTLS_SSL_SRV_C
2021requires_config_enabled MBEDTLS_DEBUG_C
2022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2023requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2024requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2025requires_openssl_tls1_3
2026requires_openssl_3_x
2027run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
2028 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2029 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
2030 0 \
2031 -s "Protocol is TLSv1.3" \
2032 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2033 -s "received signature algorithm: 0x804" \
2034 -s "got named group: ffdhe8192(0104)" \
2035 -s "Certificate verification was skipped" \
2036 -C "received HelloRetryRequest message"
2037
2038requires_config_enabled MBEDTLS_SSL_SRV_C
2039requires_config_enabled MBEDTLS_DEBUG_C
2040requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2041requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2042requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2043run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2044 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2045 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2046 0 \
2047 -s "Protocol is TLSv1.3" \
2048 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2049 -s "received signature algorithm: 0x403" \
2050 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2051 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2052 -C "received HelloRetryRequest message"
2053
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2054requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2055requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2056requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2057requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2058requires_openssl_tls1_3
2059run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2060 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2061 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2062 0 \
2063 -s "Protocol is TLSv1.3" \
2064 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2065 -s "received signature algorithm: 0x503" \
2066 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2067 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2068 -C "received HelloRetryRequest message"
2069
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2070requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2071requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2072requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2073requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2074requires_openssl_tls1_3
2075run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2076 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2077 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2078 0 \
2079 -s "Protocol is TLSv1.3" \
2080 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2081 -s "received signature algorithm: 0x603" \
2082 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2083 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2084 -C "received HelloRetryRequest message"
2085
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2086requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2087requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2088requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2089requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2090requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2091requires_openssl_tls1_3
2092run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2093 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2094 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2095 0 \
2096 -s "Protocol is TLSv1.3" \
2097 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2098 -s "received signature algorithm: 0x804" \
2099 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2100 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2101 -C "received HelloRetryRequest message"
2102
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2103requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2104requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2105requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2106requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2107requires_openssl_tls1_3
2108run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2109 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2110 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2111 0 \
2112 -s "Protocol is TLSv1.3" \
2113 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2114 -s "received signature algorithm: 0x403" \
2115 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2116 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2117 -C "received HelloRetryRequest message"
2118
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2119requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2120requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2121requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2122requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2123requires_openssl_tls1_3
2124run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2125 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2126 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2127 0 \
2128 -s "Protocol is TLSv1.3" \
2129 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2130 -s "received signature algorithm: 0x503" \
2131 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2132 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2133 -C "received HelloRetryRequest message"
2134
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2135requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2136requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2137requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2138requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2139requires_openssl_tls1_3
2140run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2141 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2142 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2143 0 \
2144 -s "Protocol is TLSv1.3" \
2145 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2146 -s "received signature algorithm: 0x603" \
2147 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2148 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2149 -C "received HelloRetryRequest message"
2150
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2151requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2152requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2153requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2154requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2155requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2156requires_openssl_tls1_3
2157run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2158 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2159 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2160 0 \
2161 -s "Protocol is TLSv1.3" \
2162 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2163 -s "received signature algorithm: 0x804" \
2164 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2165 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2166 -C "received HelloRetryRequest message"
2167
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2168requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2169requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2170requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2171requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2172requires_openssl_tls1_3
2173run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2174 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2175 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2176 0 \
2177 -s "Protocol is TLSv1.3" \
2178 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2179 -s "received signature algorithm: 0x403" \
2180 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2181 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2182 -C "received HelloRetryRequest message"
2183
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2184requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2185requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2186requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2188requires_openssl_tls1_3
2189run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2190 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2191 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2192 0 \
2193 -s "Protocol is TLSv1.3" \
2194 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2195 -s "received signature algorithm: 0x503" \
2196 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2197 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2198 -C "received HelloRetryRequest message"
2199
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2200requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2201requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2202requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2203requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2204requires_openssl_tls1_3
2205run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2206 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2207 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2208 0 \
2209 -s "Protocol is TLSv1.3" \
2210 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2211 -s "received signature algorithm: 0x603" \
2212 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2213 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2214 -C "received HelloRetryRequest message"
2215
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2216requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2217requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2220requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2221requires_openssl_tls1_3
2222run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2223 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2224 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2225 0 \
2226 -s "Protocol is TLSv1.3" \
2227 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2228 -s "received signature algorithm: 0x804" \
2229 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2230 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2231 -C "received HelloRetryRequest message"
2232
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2233requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2234requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2235requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2236requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2237requires_openssl_tls1_3
2238run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2239 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2240 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2241 0 \
2242 -s "Protocol is TLSv1.3" \
2243 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2244 -s "received signature algorithm: 0x403" \
2245 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2246 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2247 -C "received HelloRetryRequest message"
2248
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2249requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2250requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2251requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2252requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2253requires_openssl_tls1_3
2254run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2255 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2256 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2257 0 \
2258 -s "Protocol is TLSv1.3" \
2259 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2260 -s "received signature algorithm: 0x503" \
2261 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2262 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2263 -C "received HelloRetryRequest message"
2264
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2265requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2266requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2267requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2268requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2269requires_openssl_tls1_3
2270run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2271 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2272 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2273 0 \
2274 -s "Protocol is TLSv1.3" \
2275 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2276 -s "received signature algorithm: 0x603" \
2277 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2278 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2279 -C "received HelloRetryRequest message"
2280
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2281requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2282requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2283requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2284requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2285requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2286requires_openssl_tls1_3
2287run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2288 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2289 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2290 0 \
2291 -s "Protocol is TLSv1.3" \
2292 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2293 -s "received signature algorithm: 0x804" \
2294 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2295 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2296 -C "received HelloRetryRequest message"
2297
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2298requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2299requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2300requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2301requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2302requires_openssl_tls1_3
2303run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2304 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2305 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2306 0 \
2307 -s "Protocol is TLSv1.3" \
2308 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2309 -s "received signature algorithm: 0x403" \
2310 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2311 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2312 -C "received HelloRetryRequest message"
2313
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2314requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2315requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2316requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2317requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2318requires_openssl_tls1_3
2319run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2320 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2321 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2322 0 \
2323 -s "Protocol is TLSv1.3" \
2324 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2325 -s "received signature algorithm: 0x503" \
2326 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2327 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2328 -C "received HelloRetryRequest message"
2329
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2330requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2331requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2332requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2333requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2334requires_openssl_tls1_3
2335run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2336 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2337 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2338 0 \
2339 -s "Protocol is TLSv1.3" \
2340 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2341 -s "received signature algorithm: 0x603" \
2342 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2343 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2344 -C "received HelloRetryRequest message"
2345
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2346requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2347requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2348requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2349requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2350requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2351requires_openssl_tls1_3
2352run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2353 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2354 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2355 0 \
2356 -s "Protocol is TLSv1.3" \
2357 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2358 -s "received signature algorithm: 0x804" \
2359 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2360 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2361 -C "received HelloRetryRequest message"
2362
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2363requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2364requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2365requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2366requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2367requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]2368requires_openssl_3_x
2369run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
2370 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2371 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
2372 0 \
2373 -s "Protocol is TLSv1.3" \
2374 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2375 -s "received signature algorithm: 0x403" \
2376 -s "got named group: ffdhe2048(0100)" \
2377 -s "Certificate verification was skipped" \
2378 -C "received HelloRetryRequest message"
2379
2380requires_config_enabled MBEDTLS_SSL_SRV_C
2381requires_config_enabled MBEDTLS_DEBUG_C
2382requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2383requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2384requires_openssl_tls1_3
2385requires_openssl_3_x
2386run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
2387 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2388 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
2389 0 \
2390 -s "Protocol is TLSv1.3" \
2391 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2392 -s "received signature algorithm: 0x503" \
2393 -s "got named group: ffdhe2048(0100)" \
2394 -s "Certificate verification was skipped" \
2395 -C "received HelloRetryRequest message"
2396
2397requires_config_enabled MBEDTLS_SSL_SRV_C
2398requires_config_enabled MBEDTLS_DEBUG_C
2399requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2400requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2401requires_openssl_tls1_3
2402requires_openssl_3_x
2403run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
2404 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2405 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
2406 0 \
2407 -s "Protocol is TLSv1.3" \
2408 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2409 -s "received signature algorithm: 0x603" \
2410 -s "got named group: ffdhe2048(0100)" \
2411 -s "Certificate verification was skipped" \
2412 -C "received HelloRetryRequest message"
2413
2414requires_config_enabled MBEDTLS_SSL_SRV_C
2415requires_config_enabled MBEDTLS_DEBUG_C
2416requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2417requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2418requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2419requires_openssl_tls1_3
2420requires_openssl_3_x
2421run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
2422 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2423 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
2424 0 \
2425 -s "Protocol is TLSv1.3" \
2426 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2427 -s "received signature algorithm: 0x804" \
2428 -s "got named group: ffdhe2048(0100)" \
2429 -s "Certificate verification was skipped" \
2430 -C "received HelloRetryRequest message"
2431
2432requires_config_enabled MBEDTLS_SSL_SRV_C
2433requires_config_enabled MBEDTLS_DEBUG_C
2434requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2435requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2436requires_openssl_tls1_3
2437requires_openssl_3_x
2438run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
2439 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2440 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe3072 -msg -tls1_3" \
2441 0 \
2442 -s "Protocol is TLSv1.3" \
2443 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2444 -s "received signature algorithm: 0x403" \
2445 -s "got named group: ffdhe3072(0101)" \
2446 -s "Certificate verification was skipped" \
2447 -C "received HelloRetryRequest message"
2448
2449requires_config_enabled MBEDTLS_SSL_SRV_C
2450requires_config_enabled MBEDTLS_DEBUG_C
2451requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2452requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2453requires_openssl_tls1_3
2454requires_openssl_3_x
2455run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
2456 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2457 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe3072 -msg -tls1_3" \
2458 0 \
2459 -s "Protocol is TLSv1.3" \
2460 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2461 -s "received signature algorithm: 0x503" \
2462 -s "got named group: ffdhe3072(0101)" \
2463 -s "Certificate verification was skipped" \
2464 -C "received HelloRetryRequest message"
2465
2466requires_config_enabled MBEDTLS_SSL_SRV_C
2467requires_config_enabled MBEDTLS_DEBUG_C
2468requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2469requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2470requires_openssl_tls1_3
2471requires_openssl_3_x
2472run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
2473 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2474 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe3072 -msg -tls1_3" \
2475 0 \
2476 -s "Protocol is TLSv1.3" \
2477 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2478 -s "received signature algorithm: 0x603" \
2479 -s "got named group: ffdhe3072(0101)" \
2480 -s "Certificate verification was skipped" \
2481 -C "received HelloRetryRequest message"
2482
2483requires_config_enabled MBEDTLS_SSL_SRV_C
2484requires_config_enabled MBEDTLS_DEBUG_C
2485requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2486requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2487requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2488requires_openssl_tls1_3
2489requires_openssl_3_x
2490run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
2491 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2492 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe3072 -msg -tls1_3" \
2493 0 \
2494 -s "Protocol is TLSv1.3" \
2495 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2496 -s "received signature algorithm: 0x804" \
2497 -s "got named group: ffdhe3072(0101)" \
2498 -s "Certificate verification was skipped" \
2499 -C "received HelloRetryRequest message"
2500
2501requires_config_enabled MBEDTLS_SSL_SRV_C
2502requires_config_enabled MBEDTLS_DEBUG_C
2503requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2504requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2505requires_openssl_tls1_3
2506requires_openssl_3_x
2507run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
2508 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2509 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe4096 -msg -tls1_3" \
2510 0 \
2511 -s "Protocol is TLSv1.3" \
2512 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2513 -s "received signature algorithm: 0x403" \
2514 -s "got named group: ffdhe4096(0102)" \
2515 -s "Certificate verification was skipped" \
2516 -C "received HelloRetryRequest message"
2517
2518requires_config_enabled MBEDTLS_SSL_SRV_C
2519requires_config_enabled MBEDTLS_DEBUG_C
2520requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2521requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2522requires_openssl_tls1_3
2523requires_openssl_3_x
2524run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
2525 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2526 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe4096 -msg -tls1_3" \
2527 0 \
2528 -s "Protocol is TLSv1.3" \
2529 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2530 -s "received signature algorithm: 0x503" \
2531 -s "got named group: ffdhe4096(0102)" \
2532 -s "Certificate verification was skipped" \
2533 -C "received HelloRetryRequest message"
2534
2535requires_config_enabled MBEDTLS_SSL_SRV_C
2536requires_config_enabled MBEDTLS_DEBUG_C
2537requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2538requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2539requires_openssl_tls1_3
2540requires_openssl_3_x
2541run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
2542 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2543 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe4096 -msg -tls1_3" \
2544 0 \
2545 -s "Protocol is TLSv1.3" \
2546 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2547 -s "received signature algorithm: 0x603" \
2548 -s "got named group: ffdhe4096(0102)" \
2549 -s "Certificate verification was skipped" \
2550 -C "received HelloRetryRequest message"
2551
2552requires_config_enabled MBEDTLS_SSL_SRV_C
2553requires_config_enabled MBEDTLS_DEBUG_C
2554requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2555requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2556requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2557requires_openssl_tls1_3
2558requires_openssl_3_x
2559run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
2560 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2561 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe4096 -msg -tls1_3" \
2562 0 \
2563 -s "Protocol is TLSv1.3" \
2564 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2565 -s "received signature algorithm: 0x804" \
2566 -s "got named group: ffdhe4096(0102)" \
2567 -s "Certificate verification was skipped" \
2568 -C "received HelloRetryRequest message"
2569
2570requires_config_enabled MBEDTLS_SSL_SRV_C
2571requires_config_enabled MBEDTLS_DEBUG_C
2572requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2573requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2574requires_openssl_tls1_3
2575requires_openssl_3_x
2576run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
2577 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2578 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe6144 -msg -tls1_3" \
2579 0 \
2580 -s "Protocol is TLSv1.3" \
2581 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2582 -s "received signature algorithm: 0x403" \
2583 -s "got named group: ffdhe6144(0103)" \
2584 -s "Certificate verification was skipped" \
2585 -C "received HelloRetryRequest message"
2586
2587requires_config_enabled MBEDTLS_SSL_SRV_C
2588requires_config_enabled MBEDTLS_DEBUG_C
2589requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2590requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2591requires_openssl_tls1_3
2592requires_openssl_3_x
2593run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
2594 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2595 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe6144 -msg -tls1_3" \
2596 0 \
2597 -s "Protocol is TLSv1.3" \
2598 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2599 -s "received signature algorithm: 0x503" \
2600 -s "got named group: ffdhe6144(0103)" \
2601 -s "Certificate verification was skipped" \
2602 -C "received HelloRetryRequest message"
2603
2604requires_config_enabled MBEDTLS_SSL_SRV_C
2605requires_config_enabled MBEDTLS_DEBUG_C
2606requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2607requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2608requires_openssl_tls1_3
2609requires_openssl_3_x
2610run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
2611 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2612 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe6144 -msg -tls1_3" \
2613 0 \
2614 -s "Protocol is TLSv1.3" \
2615 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2616 -s "received signature algorithm: 0x603" \
2617 -s "got named group: ffdhe6144(0103)" \
2618 -s "Certificate verification was skipped" \
2619 -C "received HelloRetryRequest message"
2620
2621requires_config_enabled MBEDTLS_SSL_SRV_C
2622requires_config_enabled MBEDTLS_DEBUG_C
2623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2624requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2625requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2626requires_openssl_tls1_3
2627requires_openssl_3_x
2628run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
2629 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2630 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe6144 -msg -tls1_3" \
2631 0 \
2632 -s "Protocol is TLSv1.3" \
2633 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2634 -s "received signature algorithm: 0x804" \
2635 -s "got named group: ffdhe6144(0103)" \
2636 -s "Certificate verification was skipped" \
2637 -C "received HelloRetryRequest message"
2638
2639requires_config_enabled MBEDTLS_SSL_SRV_C
2640requires_config_enabled MBEDTLS_DEBUG_C
2641requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2642requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2643requires_openssl_tls1_3
2644requires_openssl_3_x
2645run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
2646 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2647 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
2648 0 \
2649 -s "Protocol is TLSv1.3" \
2650 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2651 -s "received signature algorithm: 0x403" \
2652 -s "got named group: ffdhe8192(0104)" \
2653 -s "Certificate verification was skipped" \
2654 -C "received HelloRetryRequest message"
2655
2656requires_config_enabled MBEDTLS_SSL_SRV_C
2657requires_config_enabled MBEDTLS_DEBUG_C
2658requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2659requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2660requires_openssl_tls1_3
2661requires_openssl_3_x
2662run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
2663 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2664 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
2665 0 \
2666 -s "Protocol is TLSv1.3" \
2667 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2668 -s "received signature algorithm: 0x503" \
2669 -s "got named group: ffdhe8192(0104)" \
2670 -s "Certificate verification was skipped" \
2671 -C "received HelloRetryRequest message"
2672
2673requires_config_enabled MBEDTLS_SSL_SRV_C
2674requires_config_enabled MBEDTLS_DEBUG_C
2675requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2676requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2677requires_openssl_tls1_3
2678requires_openssl_3_x
2679run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
2680 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2681 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
2682 0 \
2683 -s "Protocol is TLSv1.3" \
2684 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2685 -s "received signature algorithm: 0x603" \
2686 -s "got named group: ffdhe8192(0104)" \
2687 -s "Certificate verification was skipped" \
2688 -C "received HelloRetryRequest message"
2689
2690requires_config_enabled MBEDTLS_SSL_SRV_C
2691requires_config_enabled MBEDTLS_DEBUG_C
2692requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2693requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2694requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2695requires_openssl_tls1_3
2696requires_openssl_3_x
2697run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
2698 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2699 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
2700 0 \
2701 -s "Protocol is TLSv1.3" \
2702 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2703 -s "received signature algorithm: 0x804" \
2704 -s "got named group: ffdhe8192(0104)" \
2705 -s "Certificate verification was skipped" \
2706 -C "received HelloRetryRequest message"
2707
2708requires_config_enabled MBEDTLS_SSL_SRV_C
2709requires_config_enabled MBEDTLS_DEBUG_C
2710requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2711requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2712requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2713run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2714 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2715 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2716 0 \
2717 -s "Protocol is TLSv1.3" \
2718 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2719 -s "received signature algorithm: 0x403" \
2720 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2721 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2722 -C "received HelloRetryRequest message"
2723
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2724requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2725requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2726requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2727requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2728requires_openssl_tls1_3
2729run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2730 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2731 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2732 0 \
2733 -s "Protocol is TLSv1.3" \
2734 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2735 -s "received signature algorithm: 0x503" \
2736 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2737 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2738 -C "received HelloRetryRequest message"
2739
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2740requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2741requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2742requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2743requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2744requires_openssl_tls1_3
2745run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2746 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2747 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2748 0 \
2749 -s "Protocol is TLSv1.3" \
2750 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2751 -s "received signature algorithm: 0x603" \
2752 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2753 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2754 -C "received HelloRetryRequest message"
2755
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2756requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2757requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2758requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2759requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2760requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2761requires_openssl_tls1_3
2762run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2763 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2764 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2765 0 \
2766 -s "Protocol is TLSv1.3" \
2767 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2768 -s "received signature algorithm: 0x804" \
2769 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2770 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2771 -C "received HelloRetryRequest message"
2772
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2773requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2774requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2775requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2776requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2777requires_openssl_tls1_3
2778run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2779 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2780 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2781 0 \
2782 -s "Protocol is TLSv1.3" \
2783 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2784 -s "received signature algorithm: 0x403" \
2785 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2786 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2787 -C "received HelloRetryRequest message"
2788
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2789requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2790requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2791requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2792requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2793requires_openssl_tls1_3
2794run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2795 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2796 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2797 0 \
2798 -s "Protocol is TLSv1.3" \
2799 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2800 -s "received signature algorithm: 0x503" \
2801 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2802 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2803 -C "received HelloRetryRequest message"
2804
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2805requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2806requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2807requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2808requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2809requires_openssl_tls1_3
2810run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2811 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2812 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2813 0 \
2814 -s "Protocol is TLSv1.3" \
2815 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2816 -s "received signature algorithm: 0x603" \
2817 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2818 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2819 -C "received HelloRetryRequest message"
2820
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2821requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2822requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2823requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2824requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2825requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2826requires_openssl_tls1_3
2827run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2828 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2829 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2830 0 \
2831 -s "Protocol is TLSv1.3" \
2832 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2833 -s "received signature algorithm: 0x804" \
2834 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2835 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2836 -C "received HelloRetryRequest message"
2837
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2838requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2839requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2840requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2841requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2842requires_openssl_tls1_3
2843run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2844 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2845 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2846 0 \
2847 -s "Protocol is TLSv1.3" \
2848 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2849 -s "received signature algorithm: 0x403" \
2850 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2851 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2852 -C "received HelloRetryRequest message"
2853
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2854requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2855requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2856requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2857requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2858requires_openssl_tls1_3
2859run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2860 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2861 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2862 0 \
2863 -s "Protocol is TLSv1.3" \
2864 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2865 -s "received signature algorithm: 0x503" \
2866 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2867 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2868 -C "received HelloRetryRequest message"
2869
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2870requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2871requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2872requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2873requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2874requires_openssl_tls1_3
2875run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2876 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2877 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2878 0 \
2879 -s "Protocol is TLSv1.3" \
2880 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2881 -s "received signature algorithm: 0x603" \
2882 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2883 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2884 -C "received HelloRetryRequest message"
2885
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2886requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2887requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2888requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2889requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2890requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2891requires_openssl_tls1_3
2892run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2893 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2894 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2895 0 \
2896 -s "Protocol is TLSv1.3" \
2897 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2898 -s "received signature algorithm: 0x804" \
2899 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2900 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2901 -C "received HelloRetryRequest message"
2902
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2903requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2904requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2905requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2906requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2907requires_openssl_tls1_3
2908run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2909 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2910 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2911 0 \
2912 -s "Protocol is TLSv1.3" \
2913 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2914 -s "received signature algorithm: 0x403" \
2915 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2916 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2917 -C "received HelloRetryRequest message"
2918
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2919requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2920requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2921requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2922requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2923requires_openssl_tls1_3
2924run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2925 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2926 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2927 0 \
2928 -s "Protocol is TLSv1.3" \
2929 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2930 -s "received signature algorithm: 0x503" \
2931 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2932 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2933 -C "received HelloRetryRequest message"
2934
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2935requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2936requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2937requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2938requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2939requires_openssl_tls1_3
2940run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2941 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2942 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2943 0 \
2944 -s "Protocol is TLSv1.3" \
2945 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2946 -s "received signature algorithm: 0x603" \
2947 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2948 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2949 -C "received HelloRetryRequest message"
2950
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2951requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2952requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2953requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2954requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2955requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2956requires_openssl_tls1_3
2957run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2958 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2959 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2960 0 \
2961 -s "Protocol is TLSv1.3" \
2962 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2963 -s "received signature algorithm: 0x804" \
2964 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2965 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2966 -C "received HelloRetryRequest message"
2967
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2968requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2969requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2970requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2971requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2972requires_openssl_tls1_3
2973run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2974 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2975 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2976 0 \
2977 -s "Protocol is TLSv1.3" \
2978 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2979 -s "received signature algorithm: 0x403" \
2980 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2981 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2982 -C "received HelloRetryRequest message"
2983
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2984requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2985requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2986requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2988requires_openssl_tls1_3
2989run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]2990 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2991 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2992 0 \
2993 -s "Protocol is TLSv1.3" \
2994 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2995 -s "received signature algorithm: 0x503" \
2996 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2997 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2998 -C "received HelloRetryRequest message"
2999
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3000requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3001requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3003requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3004requires_openssl_tls1_3
3005run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3006 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3007 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3008 0 \
3009 -s "Protocol is TLSv1.3" \
3010 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3011 -s "received signature algorithm: 0x603" \
3012 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3013 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3014 -C "received HelloRetryRequest message"
3015
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3016requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3017requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3018requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3019requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3020requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3021requires_openssl_tls1_3
3022run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3023 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3024 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3025 0 \
3026 -s "Protocol is TLSv1.3" \
3027 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3028 -s "received signature algorithm: 0x804" \
3029 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3030 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3031 -C "received HelloRetryRequest message"
3032
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3033requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3034requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3035requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3036requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]3037requires_openssl_tls1_3
3038requires_openssl_3_x
3039run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
3040 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3041 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
3042 0 \
3043 -s "Protocol is TLSv1.3" \
3044 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3045 -s "received signature algorithm: 0x403" \
3046 -s "got named group: ffdhe2048(0100)" \
3047 -s "Certificate verification was skipped" \
3048 -C "received HelloRetryRequest message"
3049
3050requires_config_enabled MBEDTLS_SSL_SRV_C
3051requires_config_enabled MBEDTLS_DEBUG_C
3052requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3053requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3054requires_openssl_tls1_3
3055requires_openssl_3_x
3056run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
3057 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3058 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
3059 0 \
3060 -s "Protocol is TLSv1.3" \
3061 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3062 -s "received signature algorithm: 0x503" \
3063 -s "got named group: ffdhe2048(0100)" \
3064 -s "Certificate verification was skipped" \
3065 -C "received HelloRetryRequest message"
3066
3067requires_config_enabled MBEDTLS_SSL_SRV_C
3068requires_config_enabled MBEDTLS_DEBUG_C
3069requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3070requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3071requires_openssl_tls1_3
3072requires_openssl_3_x
3073run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
3074 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3075 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
3076 0 \
3077 -s "Protocol is TLSv1.3" \
3078 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3079 -s "received signature algorithm: 0x603" \
3080 -s "got named group: ffdhe2048(0100)" \
3081 -s "Certificate verification was skipped" \
3082 -C "received HelloRetryRequest message"
3083
3084requires_config_enabled MBEDTLS_SSL_SRV_C
3085requires_config_enabled MBEDTLS_DEBUG_C
3086requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3087requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3088requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3089requires_openssl_tls1_3
3090requires_openssl_3_x
3091run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
3092 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3093 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
3094 0 \
3095 -s "Protocol is TLSv1.3" \
3096 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3097 -s "received signature algorithm: 0x804" \
3098 -s "got named group: ffdhe2048(0100)" \
3099 -s "Certificate verification was skipped" \
3100 -C "received HelloRetryRequest message"
3101
3102requires_config_enabled MBEDTLS_SSL_SRV_C
3103requires_config_enabled MBEDTLS_DEBUG_C
3104requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3105requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3106requires_openssl_tls1_3
3107requires_openssl_3_x
3108run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
3109 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3110 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe3072 -msg -tls1_3" \
3111 0 \
3112 -s "Protocol is TLSv1.3" \
3113 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3114 -s "received signature algorithm: 0x403" \
3115 -s "got named group: ffdhe3072(0101)" \
3116 -s "Certificate verification was skipped" \
3117 -C "received HelloRetryRequest message"
3118
3119requires_config_enabled MBEDTLS_SSL_SRV_C
3120requires_config_enabled MBEDTLS_DEBUG_C
3121requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3122requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3123requires_openssl_tls1_3
3124requires_openssl_3_x
3125run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
3126 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3127 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe3072 -msg -tls1_3" \
3128 0 \
3129 -s "Protocol is TLSv1.3" \
3130 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3131 -s "received signature algorithm: 0x503" \
3132 -s "got named group: ffdhe3072(0101)" \
3133 -s "Certificate verification was skipped" \
3134 -C "received HelloRetryRequest message"
3135
3136requires_config_enabled MBEDTLS_SSL_SRV_C
3137requires_config_enabled MBEDTLS_DEBUG_C
3138requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3139requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3140requires_openssl_tls1_3
3141requires_openssl_3_x
3142run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
3143 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3144 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe3072 -msg -tls1_3" \
3145 0 \
3146 -s "Protocol is TLSv1.3" \
3147 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3148 -s "received signature algorithm: 0x603" \
3149 -s "got named group: ffdhe3072(0101)" \
3150 -s "Certificate verification was skipped" \
3151 -C "received HelloRetryRequest message"
3152
3153requires_config_enabled MBEDTLS_SSL_SRV_C
3154requires_config_enabled MBEDTLS_DEBUG_C
3155requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3156requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3157requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3158requires_openssl_tls1_3
3159requires_openssl_3_x
3160run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
3161 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3162 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe3072 -msg -tls1_3" \
3163 0 \
3164 -s "Protocol is TLSv1.3" \
3165 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3166 -s "received signature algorithm: 0x804" \
3167 -s "got named group: ffdhe3072(0101)" \
3168 -s "Certificate verification was skipped" \
3169 -C "received HelloRetryRequest message"
3170
3171requires_config_enabled MBEDTLS_SSL_SRV_C
3172requires_config_enabled MBEDTLS_DEBUG_C
3173requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3174requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3175requires_openssl_tls1_3
3176requires_openssl_3_x
3177run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
3178 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3179 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe4096 -msg -tls1_3" \
3180 0 \
3181 -s "Protocol is TLSv1.3" \
3182 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3183 -s "received signature algorithm: 0x403" \
3184 -s "got named group: ffdhe4096(0102)" \
3185 -s "Certificate verification was skipped" \
3186 -C "received HelloRetryRequest message"
3187
3188requires_config_enabled MBEDTLS_SSL_SRV_C
3189requires_config_enabled MBEDTLS_DEBUG_C
3190requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3191requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3192requires_openssl_tls1_3
3193requires_openssl_3_x
3194run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
3195 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3196 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe4096 -msg -tls1_3" \
3197 0 \
3198 -s "Protocol is TLSv1.3" \
3199 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3200 -s "received signature algorithm: 0x503" \
3201 -s "got named group: ffdhe4096(0102)" \
3202 -s "Certificate verification was skipped" \
3203 -C "received HelloRetryRequest message"
3204
3205requires_config_enabled MBEDTLS_SSL_SRV_C
3206requires_config_enabled MBEDTLS_DEBUG_C
3207requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3208requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3209requires_openssl_tls1_3
3210requires_openssl_3_x
3211run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
3212 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3213 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe4096 -msg -tls1_3" \
3214 0 \
3215 -s "Protocol is TLSv1.3" \
3216 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3217 -s "received signature algorithm: 0x603" \
3218 -s "got named group: ffdhe4096(0102)" \
3219 -s "Certificate verification was skipped" \
3220 -C "received HelloRetryRequest message"
3221
3222requires_config_enabled MBEDTLS_SSL_SRV_C
3223requires_config_enabled MBEDTLS_DEBUG_C
3224requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3225requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3226requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3227requires_openssl_tls1_3
3228requires_openssl_3_x
3229run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
3230 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3231 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe4096 -msg -tls1_3" \
3232 0 \
3233 -s "Protocol is TLSv1.3" \
3234 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3235 -s "received signature algorithm: 0x804" \
3236 -s "got named group: ffdhe4096(0102)" \
3237 -s "Certificate verification was skipped" \
3238 -C "received HelloRetryRequest message"
3239
3240requires_config_enabled MBEDTLS_SSL_SRV_C
3241requires_config_enabled MBEDTLS_DEBUG_C
3242requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3243requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3244requires_openssl_tls1_3
3245requires_openssl_3_x
3246run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
3247 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3248 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe6144 -msg -tls1_3" \
3249 0 \
3250 -s "Protocol is TLSv1.3" \
3251 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3252 -s "received signature algorithm: 0x403" \
3253 -s "got named group: ffdhe6144(0103)" \
3254 -s "Certificate verification was skipped" \
3255 -C "received HelloRetryRequest message"
3256
3257requires_config_enabled MBEDTLS_SSL_SRV_C
3258requires_config_enabled MBEDTLS_DEBUG_C
3259requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3260requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3261requires_openssl_tls1_3
3262requires_openssl_3_x
3263run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
3264 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3265 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe6144 -msg -tls1_3" \
3266 0 \
3267 -s "Protocol is TLSv1.3" \
3268 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3269 -s "received signature algorithm: 0x503" \
3270 -s "got named group: ffdhe6144(0103)" \
3271 -s "Certificate verification was skipped" \
3272 -C "received HelloRetryRequest message"
3273
3274requires_config_enabled MBEDTLS_SSL_SRV_C
3275requires_config_enabled MBEDTLS_DEBUG_C
3276requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3277requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3278requires_openssl_tls1_3
3279requires_openssl_3_x
3280run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
3281 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3282 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe6144 -msg -tls1_3" \
3283 0 \
3284 -s "Protocol is TLSv1.3" \
3285 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3286 -s "received signature algorithm: 0x603" \
3287 -s "got named group: ffdhe6144(0103)" \
3288 -s "Certificate verification was skipped" \
3289 -C "received HelloRetryRequest message"
3290
3291requires_config_enabled MBEDTLS_SSL_SRV_C
3292requires_config_enabled MBEDTLS_DEBUG_C
3293requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3294requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3295requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3296requires_openssl_tls1_3
3297requires_openssl_3_x
3298run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
3299 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3300 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe6144 -msg -tls1_3" \
3301 0 \
3302 -s "Protocol is TLSv1.3" \
3303 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3304 -s "received signature algorithm: 0x804" \
3305 -s "got named group: ffdhe6144(0103)" \
3306 -s "Certificate verification was skipped" \
3307 -C "received HelloRetryRequest message"
3308
3309requires_config_enabled MBEDTLS_SSL_SRV_C
3310requires_config_enabled MBEDTLS_DEBUG_C
3311requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3312requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3313requires_openssl_tls1_3
3314requires_openssl_3_x
3315run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
3316 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3317 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
3318 0 \
3319 -s "Protocol is TLSv1.3" \
3320 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3321 -s "received signature algorithm: 0x403" \
3322 -s "got named group: ffdhe8192(0104)" \
3323 -s "Certificate verification was skipped" \
3324 -C "received HelloRetryRequest message"
3325
3326requires_config_enabled MBEDTLS_SSL_SRV_C
3327requires_config_enabled MBEDTLS_DEBUG_C
3328requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3329requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3330requires_openssl_tls1_3
3331requires_openssl_3_x
3332run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
3333 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3334 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
3335 0 \
3336 -s "Protocol is TLSv1.3" \
3337 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3338 -s "received signature algorithm: 0x503" \
3339 -s "got named group: ffdhe8192(0104)" \
3340 -s "Certificate verification was skipped" \
3341 -C "received HelloRetryRequest message"
3342
3343requires_config_enabled MBEDTLS_SSL_SRV_C
3344requires_config_enabled MBEDTLS_DEBUG_C
3345requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3346requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3347requires_openssl_tls1_3
3348requires_openssl_3_x
3349run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
3350 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3351 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
3352 0 \
3353 -s "Protocol is TLSv1.3" \
3354 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3355 -s "received signature algorithm: 0x603" \
3356 -s "got named group: ffdhe8192(0104)" \
3357 -s "Certificate verification was skipped" \
3358 -C "received HelloRetryRequest message"
3359
3360requires_config_enabled MBEDTLS_SSL_SRV_C
3361requires_config_enabled MBEDTLS_DEBUG_C
3362requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3363requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3364requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3365requires_openssl_tls1_3
3366requires_openssl_3_x
3367run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
3368 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3369 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
3370 0 \
3371 -s "Protocol is TLSv1.3" \
3372 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3373 -s "received signature algorithm: 0x804" \
3374 -s "got named group: ffdhe8192(0104)" \
3375 -s "Certificate verification was skipped" \
3376 -C "received HelloRetryRequest message"
3377
3378requires_config_enabled MBEDTLS_SSL_SRV_C
3379requires_config_enabled MBEDTLS_DEBUG_C
3380requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3381requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3382requires_gnutls_tls1_3
3383requires_gnutls_next_no_ticket
3384requires_gnutls_next_disable_tls13_compat
3385run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3386 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3387 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3388 0 \
3389 -s "Protocol is TLSv1.3" \
3390 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3391 -s "received signature algorithm: 0x403" \
3392 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3393 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3394 -C "received HelloRetryRequest message"
3395
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3396requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3397requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3398requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3399requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3400requires_gnutls_tls1_3
3401requires_gnutls_next_no_ticket
3402requires_gnutls_next_disable_tls13_compat
3403run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3404 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3405 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3406 0 \
3407 -s "Protocol is TLSv1.3" \
3408 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3409 -s "received signature algorithm: 0x503" \
3410 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3411 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3412 -C "received HelloRetryRequest message"
3413
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3414requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3415requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3416requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3417requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3418requires_gnutls_tls1_3
3419requires_gnutls_next_no_ticket
3420requires_gnutls_next_disable_tls13_compat
3421run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3422 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3423 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3424 0 \
3425 -s "Protocol is TLSv1.3" \
3426 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3427 -s "received signature algorithm: 0x603" \
3428 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3429 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3430 -C "received HelloRetryRequest message"
3431
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3432requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3433requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3434requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3435requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3436requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3437requires_gnutls_tls1_3
3438requires_gnutls_next_no_ticket
3439requires_gnutls_next_disable_tls13_compat
3440run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3441 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3442 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3443 0 \
3444 -s "Protocol is TLSv1.3" \
3445 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3446 -s "received signature algorithm: 0x804" \
3447 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3448 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3449 -C "received HelloRetryRequest message"
3450
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3451requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3452requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3453requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3454requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3455requires_gnutls_tls1_3
3456requires_gnutls_next_no_ticket
3457requires_gnutls_next_disable_tls13_compat
3458run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3459 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3460 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3461 0 \
3462 -s "Protocol is TLSv1.3" \
3463 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3464 -s "received signature algorithm: 0x403" \
3465 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3466 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3467 -C "received HelloRetryRequest message"
3468
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3469requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3470requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3471requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3472requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3473requires_gnutls_tls1_3
3474requires_gnutls_next_no_ticket
3475requires_gnutls_next_disable_tls13_compat
3476run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3477 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3478 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3479 0 \
3480 -s "Protocol is TLSv1.3" \
3481 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3482 -s "received signature algorithm: 0x503" \
3483 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3484 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3485 -C "received HelloRetryRequest message"
3486
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3487requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3488requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3489requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3490requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3491requires_gnutls_tls1_3
3492requires_gnutls_next_no_ticket
3493requires_gnutls_next_disable_tls13_compat
3494run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3495 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3496 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3497 0 \
3498 -s "Protocol is TLSv1.3" \
3499 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3500 -s "received signature algorithm: 0x603" \
3501 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3502 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3503 -C "received HelloRetryRequest message"
3504
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3505requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3506requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3507requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3508requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3509requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3510requires_gnutls_tls1_3
3511requires_gnutls_next_no_ticket
3512requires_gnutls_next_disable_tls13_compat
3513run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3514 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3515 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3516 0 \
3517 -s "Protocol is TLSv1.3" \
3518 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3519 -s "received signature algorithm: 0x804" \
3520 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3521 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3522 -C "received HelloRetryRequest message"
3523
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3524requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3525requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3526requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3527requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3528requires_gnutls_tls1_3
3529requires_gnutls_next_no_ticket
3530requires_gnutls_next_disable_tls13_compat
3531run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3532 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3533 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3534 0 \
3535 -s "Protocol is TLSv1.3" \
3536 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3537 -s "received signature algorithm: 0x403" \
3538 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3539 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3540 -C "received HelloRetryRequest message"
3541
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3542requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3543requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3545requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3546requires_gnutls_tls1_3
3547requires_gnutls_next_no_ticket
3548requires_gnutls_next_disable_tls13_compat
3549run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3550 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3551 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3552 0 \
3553 -s "Protocol is TLSv1.3" \
3554 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3555 -s "received signature algorithm: 0x503" \
3556 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3557 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3558 -C "received HelloRetryRequest message"
3559
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3560requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3561requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3564requires_gnutls_tls1_3
3565requires_gnutls_next_no_ticket
3566requires_gnutls_next_disable_tls13_compat
3567run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3568 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3569 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3570 0 \
3571 -s "Protocol is TLSv1.3" \
3572 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3573 -s "received signature algorithm: 0x603" \
3574 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3575 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3576 -C "received HelloRetryRequest message"
3577
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3578requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3579requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3580requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3581requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3582requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3583requires_gnutls_tls1_3
3584requires_gnutls_next_no_ticket
3585requires_gnutls_next_disable_tls13_compat
3586run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3587 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3588 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3589 0 \
3590 -s "Protocol is TLSv1.3" \
3591 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3592 -s "received signature algorithm: 0x804" \
3593 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3594 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3595 -C "received HelloRetryRequest message"
3596
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3597requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3598requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3599requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3600requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3601requires_gnutls_tls1_3
3602requires_gnutls_next_no_ticket
3603requires_gnutls_next_disable_tls13_compat
3604run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3605 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3606 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3607 0 \
3608 -s "Protocol is TLSv1.3" \
3609 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3610 -s "received signature algorithm: 0x403" \
3611 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3612 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3613 -C "received HelloRetryRequest message"
3614
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3615requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3616requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3617requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3618requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3619requires_gnutls_tls1_3
3620requires_gnutls_next_no_ticket
3621requires_gnutls_next_disable_tls13_compat
3622run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3623 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3624 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3625 0 \
3626 -s "Protocol is TLSv1.3" \
3627 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3628 -s "received signature algorithm: 0x503" \
3629 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3630 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3631 -C "received HelloRetryRequest message"
3632
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3633requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3634requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3635requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3636requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3637requires_gnutls_tls1_3
3638requires_gnutls_next_no_ticket
3639requires_gnutls_next_disable_tls13_compat
3640run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3641 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3642 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3643 0 \
3644 -s "Protocol is TLSv1.3" \
3645 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3646 -s "received signature algorithm: 0x603" \
3647 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3648 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3649 -C "received HelloRetryRequest message"
3650
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3651requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3652requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3653requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3654requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3655requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3656requires_gnutls_tls1_3
3657requires_gnutls_next_no_ticket
3658requires_gnutls_next_disable_tls13_compat
3659run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3660 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3661 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3662 0 \
3663 -s "Protocol is TLSv1.3" \
3664 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3665 -s "received signature algorithm: 0x804" \
3666 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3667 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3668 -C "received HelloRetryRequest message"
3669
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3670requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3671requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3672requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3673requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3674requires_gnutls_tls1_3
3675requires_gnutls_next_no_ticket
3676requires_gnutls_next_disable_tls13_compat
3677run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3678 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3679 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3680 0 \
3681 -s "Protocol is TLSv1.3" \
3682 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3683 -s "received signature algorithm: 0x403" \
3684 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3685 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3686 -C "received HelloRetryRequest message"
3687
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3688requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3689requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3690requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3691requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3692requires_gnutls_tls1_3
3693requires_gnutls_next_no_ticket
3694requires_gnutls_next_disable_tls13_compat
3695run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3696 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3697 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3698 0 \
3699 -s "Protocol is TLSv1.3" \
3700 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3701 -s "received signature algorithm: 0x503" \
3702 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3703 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3704 -C "received HelloRetryRequest message"
3705
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3706requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3707requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3708requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3709requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3710requires_gnutls_tls1_3
3711requires_gnutls_next_no_ticket
3712requires_gnutls_next_disable_tls13_compat
3713run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3714 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3715 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3716 0 \
3717 -s "Protocol is TLSv1.3" \
3718 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3719 -s "received signature algorithm: 0x603" \
3720 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3721 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3722 -C "received HelloRetryRequest message"
3723
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3724requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3725requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3726requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3727requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3728requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3729requires_gnutls_tls1_3
3730requires_gnutls_next_no_ticket
3731requires_gnutls_next_disable_tls13_compat
3732run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]3733 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3734 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3735 0 \
3736 -s "Protocol is TLSv1.3" \
3737 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3738 -s "received signature algorithm: 0x804" \
3739 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3740 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3741 -C "received HelloRetryRequest message"
3742
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3743requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3744requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3745requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3746requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3747requires_gnutls_tls1_3
3748requires_gnutls_next_no_ticket
3749requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]3750run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
3751 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3752 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3753 0 \
3754 -s "Protocol is TLSv1.3" \
3755 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3756 -s "received signature algorithm: 0x403" \
3757 -s "got named group: ffdhe2048(0100)" \
3758 -s "Certificate verification was skipped" \
3759 -C "received HelloRetryRequest message"
3760
3761requires_config_enabled MBEDTLS_SSL_SRV_C
3762requires_config_enabled MBEDTLS_DEBUG_C
3763requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3764requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3765requires_gnutls_tls1_3
3766requires_gnutls_next_no_ticket
3767requires_gnutls_next_disable_tls13_compat
3768run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
3769 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3770 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3771 0 \
3772 -s "Protocol is TLSv1.3" \
3773 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3774 -s "received signature algorithm: 0x503" \
3775 -s "got named group: ffdhe2048(0100)" \
3776 -s "Certificate verification was skipped" \
3777 -C "received HelloRetryRequest message"
3778
3779requires_config_enabled MBEDTLS_SSL_SRV_C
3780requires_config_enabled MBEDTLS_DEBUG_C
3781requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3782requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3783requires_gnutls_tls1_3
3784requires_gnutls_next_no_ticket
3785requires_gnutls_next_disable_tls13_compat
3786run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
3787 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3788 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3789 0 \
3790 -s "Protocol is TLSv1.3" \
3791 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3792 -s "received signature algorithm: 0x603" \
3793 -s "got named group: ffdhe2048(0100)" \
3794 -s "Certificate verification was skipped" \
3795 -C "received HelloRetryRequest message"
3796
3797requires_config_enabled MBEDTLS_SSL_SRV_C
3798requires_config_enabled MBEDTLS_DEBUG_C
3799requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3800requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3801requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3802requires_gnutls_tls1_3
3803requires_gnutls_next_no_ticket
3804requires_gnutls_next_disable_tls13_compat
3805run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
3806 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3807 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
3808 0 \
3809 -s "Protocol is TLSv1.3" \
3810 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3811 -s "received signature algorithm: 0x804" \
3812 -s "got named group: ffdhe2048(0100)" \
3813 -s "Certificate verification was skipped" \
3814 -C "received HelloRetryRequest message"
3815
3816requires_config_enabled MBEDTLS_SSL_SRV_C
3817requires_config_enabled MBEDTLS_DEBUG_C
3818requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3819requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3820requires_gnutls_tls1_3
3821requires_gnutls_next_no_ticket
3822requires_gnutls_next_disable_tls13_compat
3823run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
3824 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3825 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
3826 0 \
3827 -s "Protocol is TLSv1.3" \
3828 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3829 -s "received signature algorithm: 0x403" \
3830 -s "got named group: ffdhe3072(0101)" \
3831 -s "Certificate verification was skipped" \
3832 -C "received HelloRetryRequest message"
3833
3834requires_config_enabled MBEDTLS_SSL_SRV_C
3835requires_config_enabled MBEDTLS_DEBUG_C
3836requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3837requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3838requires_gnutls_tls1_3
3839requires_gnutls_next_no_ticket
3840requires_gnutls_next_disable_tls13_compat
3841run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
3842 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3843 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
3844 0 \
3845 -s "Protocol is TLSv1.3" \
3846 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3847 -s "received signature algorithm: 0x503" \
3848 -s "got named group: ffdhe3072(0101)" \
3849 -s "Certificate verification was skipped" \
3850 -C "received HelloRetryRequest message"
3851
3852requires_config_enabled MBEDTLS_SSL_SRV_C
3853requires_config_enabled MBEDTLS_DEBUG_C
3854requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3856requires_gnutls_tls1_3
3857requires_gnutls_next_no_ticket
3858requires_gnutls_next_disable_tls13_compat
3859run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
3860 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3861 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
3862 0 \
3863 -s "Protocol is TLSv1.3" \
3864 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3865 -s "received signature algorithm: 0x603" \
3866 -s "got named group: ffdhe3072(0101)" \
3867 -s "Certificate verification was skipped" \
3868 -C "received HelloRetryRequest message"
3869
3870requires_config_enabled MBEDTLS_SSL_SRV_C
3871requires_config_enabled MBEDTLS_DEBUG_C
3872requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3873requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3874requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3875requires_gnutls_tls1_3
3876requires_gnutls_next_no_ticket
3877requires_gnutls_next_disable_tls13_compat
3878run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
3879 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3880 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
3881 0 \
3882 -s "Protocol is TLSv1.3" \
3883 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3884 -s "received signature algorithm: 0x804" \
3885 -s "got named group: ffdhe3072(0101)" \
3886 -s "Certificate verification was skipped" \
3887 -C "received HelloRetryRequest message"
3888
3889requires_config_enabled MBEDTLS_SSL_SRV_C
3890requires_config_enabled MBEDTLS_DEBUG_C
3891requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3892requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3893requires_gnutls_tls1_3
3894requires_gnutls_next_no_ticket
3895requires_gnutls_next_disable_tls13_compat
3896run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
3897 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3898 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
3899 0 \
3900 -s "Protocol is TLSv1.3" \
3901 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3902 -s "received signature algorithm: 0x403" \
3903 -s "got named group: ffdhe4096(0102)" \
3904 -s "Certificate verification was skipped" \
3905 -C "received HelloRetryRequest message"
3906
3907requires_config_enabled MBEDTLS_SSL_SRV_C
3908requires_config_enabled MBEDTLS_DEBUG_C
3909requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3910requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3911requires_gnutls_tls1_3
3912requires_gnutls_next_no_ticket
3913requires_gnutls_next_disable_tls13_compat
3914run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
3915 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3916 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
3917 0 \
3918 -s "Protocol is TLSv1.3" \
3919 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3920 -s "received signature algorithm: 0x503" \
3921 -s "got named group: ffdhe4096(0102)" \
3922 -s "Certificate verification was skipped" \
3923 -C "received HelloRetryRequest message"
3924
3925requires_config_enabled MBEDTLS_SSL_SRV_C
3926requires_config_enabled MBEDTLS_DEBUG_C
3927requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3928requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3929requires_gnutls_tls1_3
3930requires_gnutls_next_no_ticket
3931requires_gnutls_next_disable_tls13_compat
3932run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
3933 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3934 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
3935 0 \
3936 -s "Protocol is TLSv1.3" \
3937 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3938 -s "received signature algorithm: 0x603" \
3939 -s "got named group: ffdhe4096(0102)" \
3940 -s "Certificate verification was skipped" \
3941 -C "received HelloRetryRequest message"
3942
3943requires_config_enabled MBEDTLS_SSL_SRV_C
3944requires_config_enabled MBEDTLS_DEBUG_C
3945requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3946requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3947requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3948requires_gnutls_tls1_3
3949requires_gnutls_next_no_ticket
3950requires_gnutls_next_disable_tls13_compat
3951run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
3952 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3953 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
3954 0 \
3955 -s "Protocol is TLSv1.3" \
3956 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3957 -s "received signature algorithm: 0x804" \
3958 -s "got named group: ffdhe4096(0102)" \
3959 -s "Certificate verification was skipped" \
3960 -C "received HelloRetryRequest message"
3961
3962requires_config_enabled MBEDTLS_SSL_SRV_C
3963requires_config_enabled MBEDTLS_DEBUG_C
3964requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3965requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3966requires_gnutls_tls1_3
3967requires_gnutls_next_no_ticket
3968requires_gnutls_next_disable_tls13_compat
3969run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
3970 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3971 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
3972 0 \
3973 -s "Protocol is TLSv1.3" \
3974 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3975 -s "received signature algorithm: 0x403" \
3976 -s "got named group: ffdhe6144(0103)" \
3977 -s "Certificate verification was skipped" \
3978 -C "received HelloRetryRequest message"
3979
3980requires_config_enabled MBEDTLS_SSL_SRV_C
3981requires_config_enabled MBEDTLS_DEBUG_C
3982requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3983requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3984requires_gnutls_tls1_3
3985requires_gnutls_next_no_ticket
3986requires_gnutls_next_disable_tls13_compat
3987run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
3988 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3989 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
3990 0 \
3991 -s "Protocol is TLSv1.3" \
3992 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
3993 -s "received signature algorithm: 0x503" \
3994 -s "got named group: ffdhe6144(0103)" \
3995 -s "Certificate verification was skipped" \
3996 -C "received HelloRetryRequest message"
3997
3998requires_config_enabled MBEDTLS_SSL_SRV_C
3999requires_config_enabled MBEDTLS_DEBUG_C
4000requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4001requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4002requires_gnutls_tls1_3
4003requires_gnutls_next_no_ticket
4004requires_gnutls_next_disable_tls13_compat
4005run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
4006 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4007 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
4008 0 \
4009 -s "Protocol is TLSv1.3" \
4010 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
4011 -s "received signature algorithm: 0x603" \
4012 -s "got named group: ffdhe6144(0103)" \
4013 -s "Certificate verification was skipped" \
4014 -C "received HelloRetryRequest message"
4015
4016requires_config_enabled MBEDTLS_SSL_SRV_C
4017requires_config_enabled MBEDTLS_DEBUG_C
4018requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4019requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4020requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4021requires_gnutls_tls1_3
4022requires_gnutls_next_no_ticket
4023requires_gnutls_next_disable_tls13_compat
4024run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
4025 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4026 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
4027 0 \
4028 -s "Protocol is TLSv1.3" \
4029 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
4030 -s "received signature algorithm: 0x804" \
4031 -s "got named group: ffdhe6144(0103)" \
4032 -s "Certificate verification was skipped" \
4033 -C "received HelloRetryRequest message"
4034
4035requires_config_enabled MBEDTLS_SSL_SRV_C
4036requires_config_enabled MBEDTLS_DEBUG_C
4037requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4038requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4039requires_gnutls_tls1_3
4040requires_gnutls_next_no_ticket
4041requires_gnutls_next_disable_tls13_compat
4042run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
4043 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4044 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4045 0 \
4046 -s "Protocol is TLSv1.3" \
4047 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
4048 -s "received signature algorithm: 0x403" \
4049 -s "got named group: ffdhe8192(0104)" \
4050 -s "Certificate verification was skipped" \
4051 -C "received HelloRetryRequest message"
4052
4053requires_config_enabled MBEDTLS_SSL_SRV_C
4054requires_config_enabled MBEDTLS_DEBUG_C
4055requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4056requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4057requires_gnutls_tls1_3
4058requires_gnutls_next_no_ticket
4059requires_gnutls_next_disable_tls13_compat
4060run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
4061 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4062 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4063 0 \
4064 -s "Protocol is TLSv1.3" \
4065 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
4066 -s "received signature algorithm: 0x503" \
4067 -s "got named group: ffdhe8192(0104)" \
4068 -s "Certificate verification was skipped" \
4069 -C "received HelloRetryRequest message"
4070
4071requires_config_enabled MBEDTLS_SSL_SRV_C
4072requires_config_enabled MBEDTLS_DEBUG_C
4073requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4074requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4075requires_gnutls_tls1_3
4076requires_gnutls_next_no_ticket
4077requires_gnutls_next_disable_tls13_compat
4078run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
4079 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4080 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4081 0 \
4082 -s "Protocol is TLSv1.3" \
4083 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
4084 -s "received signature algorithm: 0x603" \
4085 -s "got named group: ffdhe8192(0104)" \
4086 -s "Certificate verification was skipped" \
4087 -C "received HelloRetryRequest message"
4088
4089requires_config_enabled MBEDTLS_SSL_SRV_C
4090requires_config_enabled MBEDTLS_DEBUG_C
4091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4092requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4093requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4094requires_gnutls_tls1_3
4095requires_gnutls_next_no_ticket
4096requires_gnutls_next_disable_tls13_compat
4097run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
4098 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4099 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4100 0 \
4101 -s "Protocol is TLSv1.3" \
4102 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
4103 -s "received signature algorithm: 0x804" \
4104 -s "got named group: ffdhe8192(0104)" \
4105 -s "Certificate verification was skipped" \
4106 -C "received HelloRetryRequest message"
4107
4108requires_config_enabled MBEDTLS_SSL_SRV_C
4109requires_config_enabled MBEDTLS_DEBUG_C
4110requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4111requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4112requires_gnutls_tls1_3
4113requires_gnutls_next_no_ticket
4114requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4115run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4116 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4117 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4118 0 \
4119 -s "Protocol is TLSv1.3" \
4120 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4121 -s "received signature algorithm: 0x403" \
4122 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4123 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4124 -C "received HelloRetryRequest message"
4125
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4126requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4127requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4128requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4129requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4130requires_gnutls_tls1_3
4131requires_gnutls_next_no_ticket
4132requires_gnutls_next_disable_tls13_compat
4133run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4134 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4135 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4136 0 \
4137 -s "Protocol is TLSv1.3" \
4138 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4139 -s "received signature algorithm: 0x503" \
4140 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4141 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4142 -C "received HelloRetryRequest message"
4143
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4144requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4145requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4146requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4147requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4148requires_gnutls_tls1_3
4149requires_gnutls_next_no_ticket
4150requires_gnutls_next_disable_tls13_compat
4151run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4152 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4153 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4154 0 \
4155 -s "Protocol is TLSv1.3" \
4156 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4157 -s "received signature algorithm: 0x603" \
4158 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4159 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4160 -C "received HelloRetryRequest message"
4161
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4162requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4163requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4165requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4166requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4167requires_gnutls_tls1_3
4168requires_gnutls_next_no_ticket
4169requires_gnutls_next_disable_tls13_compat
4170run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4171 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4172 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4173 0 \
4174 -s "Protocol is TLSv1.3" \
4175 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4176 -s "received signature algorithm: 0x804" \
4177 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4178 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4179 -C "received HelloRetryRequest message"
4180
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4181requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4182requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4183requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4184requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4185requires_gnutls_tls1_3
4186requires_gnutls_next_no_ticket
4187requires_gnutls_next_disable_tls13_compat
4188run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4189 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4190 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4191 0 \
4192 -s "Protocol is TLSv1.3" \
4193 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4194 -s "received signature algorithm: 0x403" \
4195 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4196 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4197 -C "received HelloRetryRequest message"
4198
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4199requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4200requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4201requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4202requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4203requires_gnutls_tls1_3
4204requires_gnutls_next_no_ticket
4205requires_gnutls_next_disable_tls13_compat
4206run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4207 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4208 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4209 0 \
4210 -s "Protocol is TLSv1.3" \
4211 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4212 -s "received signature algorithm: 0x503" \
4213 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4214 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4215 -C "received HelloRetryRequest message"
4216
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4217requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4218requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4219requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4221requires_gnutls_tls1_3
4222requires_gnutls_next_no_ticket
4223requires_gnutls_next_disable_tls13_compat
4224run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4225 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4226 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4227 0 \
4228 -s "Protocol is TLSv1.3" \
4229 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4230 -s "received signature algorithm: 0x603" \
4231 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4232 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4233 -C "received HelloRetryRequest message"
4234
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4235requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4236requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4237requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4239requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4240requires_gnutls_tls1_3
4241requires_gnutls_next_no_ticket
4242requires_gnutls_next_disable_tls13_compat
4243run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4244 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4245 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4246 0 \
4247 -s "Protocol is TLSv1.3" \
4248 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4249 -s "received signature algorithm: 0x804" \
4250 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4251 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4252 -C "received HelloRetryRequest message"
4253
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4254requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4255requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4258requires_gnutls_tls1_3
4259requires_gnutls_next_no_ticket
4260requires_gnutls_next_disable_tls13_compat
4261run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4262 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4263 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4264 0 \
4265 -s "Protocol is TLSv1.3" \
4266 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4267 -s "received signature algorithm: 0x403" \
4268 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4269 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4270 -C "received HelloRetryRequest message"
4271
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4272requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4273requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4274requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4275requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4276requires_gnutls_tls1_3
4277requires_gnutls_next_no_ticket
4278requires_gnutls_next_disable_tls13_compat
4279run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4280 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4281 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4282 0 \
4283 -s "Protocol is TLSv1.3" \
4284 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4285 -s "received signature algorithm: 0x503" \
4286 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4287 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4288 -C "received HelloRetryRequest message"
4289
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4290requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4291requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4292requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4293requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4294requires_gnutls_tls1_3
4295requires_gnutls_next_no_ticket
4296requires_gnutls_next_disable_tls13_compat
4297run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4298 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4299 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4300 0 \
4301 -s "Protocol is TLSv1.3" \
4302 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4303 -s "received signature algorithm: 0x603" \
4304 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4305 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4306 -C "received HelloRetryRequest message"
4307
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4308requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4309requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4310requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4311requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4312requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4313requires_gnutls_tls1_3
4314requires_gnutls_next_no_ticket
4315requires_gnutls_next_disable_tls13_compat
4316run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4317 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4318 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4319 0 \
4320 -s "Protocol is TLSv1.3" \
4321 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4322 -s "received signature algorithm: 0x804" \
4323 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4324 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4325 -C "received HelloRetryRequest message"
4326
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4327requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4328requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4329requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4330requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4331requires_gnutls_tls1_3
4332requires_gnutls_next_no_ticket
4333requires_gnutls_next_disable_tls13_compat
4334run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4335 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4336 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4337 0 \
4338 -s "Protocol is TLSv1.3" \
4339 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4340 -s "received signature algorithm: 0x403" \
4341 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4342 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4343 -C "received HelloRetryRequest message"
4344
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4345requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4346requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4347requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4348requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4349requires_gnutls_tls1_3
4350requires_gnutls_next_no_ticket
4351requires_gnutls_next_disable_tls13_compat
4352run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4353 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4354 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4355 0 \
4356 -s "Protocol is TLSv1.3" \
4357 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4358 -s "received signature algorithm: 0x503" \
4359 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4360 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4361 -C "received HelloRetryRequest message"
4362
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4363requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4364requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4365requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4366requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4367requires_gnutls_tls1_3
4368requires_gnutls_next_no_ticket
4369requires_gnutls_next_disable_tls13_compat
4370run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4371 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4372 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4373 0 \
4374 -s "Protocol is TLSv1.3" \
4375 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4376 -s "received signature algorithm: 0x603" \
4377 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4378 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4379 -C "received HelloRetryRequest message"
4380
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4381requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4382requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4383requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4384requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4385requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4386requires_gnutls_tls1_3
4387requires_gnutls_next_no_ticket
4388requires_gnutls_next_disable_tls13_compat
4389run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4390 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4391 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4392 0 \
4393 -s "Protocol is TLSv1.3" \
4394 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4395 -s "received signature algorithm: 0x804" \
4396 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4397 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4398 -C "received HelloRetryRequest message"
4399
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4400requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4401requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4402requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4403requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4404requires_gnutls_tls1_3
4405requires_gnutls_next_no_ticket
4406requires_gnutls_next_disable_tls13_compat
4407run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4408 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4409 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4410 0 \
4411 -s "Protocol is TLSv1.3" \
4412 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4413 -s "received signature algorithm: 0x403" \
4414 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4415 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4416 -C "received HelloRetryRequest message"
4417
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4418requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4419requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4420requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4421requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4422requires_gnutls_tls1_3
4423requires_gnutls_next_no_ticket
4424requires_gnutls_next_disable_tls13_compat
4425run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4426 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4427 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4428 0 \
4429 -s "Protocol is TLSv1.3" \
4430 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4431 -s "received signature algorithm: 0x503" \
4432 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4433 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4434 -C "received HelloRetryRequest message"
4435
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4436requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4437requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4438requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4439requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4440requires_gnutls_tls1_3
4441requires_gnutls_next_no_ticket
4442requires_gnutls_next_disable_tls13_compat
4443run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4444 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4445 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4446 0 \
4447 -s "Protocol is TLSv1.3" \
4448 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4449 -s "received signature algorithm: 0x603" \
4450 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4451 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4452 -C "received HelloRetryRequest message"
4453
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4454requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4455requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4456requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4457requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4458requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4459requires_gnutls_tls1_3
4460requires_gnutls_next_no_ticket
4461requires_gnutls_next_disable_tls13_compat
4462run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4463 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4464 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4465 0 \
4466 -s "Protocol is TLSv1.3" \
4467 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4468 -s "received signature algorithm: 0x804" \
4469 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4470 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4471 -C "received HelloRetryRequest message"
4472
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4473requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4474requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4475requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4476requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4477requires_gnutls_tls1_3
4478requires_gnutls_next_no_ticket
4479requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]4480run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
4481 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4482 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4483 0 \
4484 -s "Protocol is TLSv1.3" \
4485 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4486 -s "received signature algorithm: 0x403" \
4487 -s "got named group: ffdhe2048(0100)" \
4488 -s "Certificate verification was skipped" \
4489 -C "received HelloRetryRequest message"
4490
4491requires_config_enabled MBEDTLS_SSL_SRV_C
4492requires_config_enabled MBEDTLS_DEBUG_C
4493requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4494requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4495requires_gnutls_tls1_3
4496requires_gnutls_next_no_ticket
4497requires_gnutls_next_disable_tls13_compat
4498run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
4499 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4500 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4501 0 \
4502 -s "Protocol is TLSv1.3" \
4503 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4504 -s "received signature algorithm: 0x503" \
4505 -s "got named group: ffdhe2048(0100)" \
4506 -s "Certificate verification was skipped" \
4507 -C "received HelloRetryRequest message"
4508
4509requires_config_enabled MBEDTLS_SSL_SRV_C
4510requires_config_enabled MBEDTLS_DEBUG_C
4511requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4512requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4513requires_gnutls_tls1_3
4514requires_gnutls_next_no_ticket
4515requires_gnutls_next_disable_tls13_compat
4516run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
4517 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4518 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4519 0 \
4520 -s "Protocol is TLSv1.3" \
4521 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4522 -s "received signature algorithm: 0x603" \
4523 -s "got named group: ffdhe2048(0100)" \
4524 -s "Certificate verification was skipped" \
4525 -C "received HelloRetryRequest message"
4526
4527requires_config_enabled MBEDTLS_SSL_SRV_C
4528requires_config_enabled MBEDTLS_DEBUG_C
4529requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4530requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4531requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4532requires_gnutls_tls1_3
4533requires_gnutls_next_no_ticket
4534requires_gnutls_next_disable_tls13_compat
4535run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
4536 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4537 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
4538 0 \
4539 -s "Protocol is TLSv1.3" \
4540 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4541 -s "received signature algorithm: 0x804" \
4542 -s "got named group: ffdhe2048(0100)" \
4543 -s "Certificate verification was skipped" \
4544 -C "received HelloRetryRequest message"
4545
4546requires_config_enabled MBEDTLS_SSL_SRV_C
4547requires_config_enabled MBEDTLS_DEBUG_C
4548requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4549requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4550requires_gnutls_tls1_3
4551requires_gnutls_next_no_ticket
4552requires_gnutls_next_disable_tls13_compat
4553run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp256r1_sha256" \
4554 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4555 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
4556 0 \
4557 -s "Protocol is TLSv1.3" \
4558 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4559 -s "received signature algorithm: 0x403" \
4560 -s "got named group: ffdhe3072(0101)" \
4561 -s "Certificate verification was skipped" \
4562 -C "received HelloRetryRequest message"
4563
4564requires_config_enabled MBEDTLS_SSL_SRV_C
4565requires_config_enabled MBEDTLS_DEBUG_C
4566requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4567requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4568requires_gnutls_tls1_3
4569requires_gnutls_next_no_ticket
4570requires_gnutls_next_disable_tls13_compat
4571run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp384r1_sha384" \
4572 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4573 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
4574 0 \
4575 -s "Protocol is TLSv1.3" \
4576 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4577 -s "received signature algorithm: 0x503" \
4578 -s "got named group: ffdhe3072(0101)" \
4579 -s "Certificate verification was skipped" \
4580 -C "received HelloRetryRequest message"
4581
4582requires_config_enabled MBEDTLS_SSL_SRV_C
4583requires_config_enabled MBEDTLS_DEBUG_C
4584requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4585requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4586requires_gnutls_tls1_3
4587requires_gnutls_next_no_ticket
4588requires_gnutls_next_disable_tls13_compat
4589run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp521r1_sha512" \
4590 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4591 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
4592 0 \
4593 -s "Protocol is TLSv1.3" \
4594 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4595 -s "received signature algorithm: 0x603" \
4596 -s "got named group: ffdhe3072(0101)" \
4597 -s "Certificate verification was skipped" \
4598 -C "received HelloRetryRequest message"
4599
4600requires_config_enabled MBEDTLS_SSL_SRV_C
4601requires_config_enabled MBEDTLS_DEBUG_C
4602requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4603requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4604requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4605requires_gnutls_tls1_3
4606requires_gnutls_next_no_ticket
4607requires_gnutls_next_disable_tls13_compat
4608run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe3072,rsa_pss_rsae_sha256" \
4609 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4610 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
4611 0 \
4612 -s "Protocol is TLSv1.3" \
4613 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4614 -s "received signature algorithm: 0x804" \
4615 -s "got named group: ffdhe3072(0101)" \
4616 -s "Certificate verification was skipped" \
4617 -C "received HelloRetryRequest message"
4618
4619requires_config_enabled MBEDTLS_SSL_SRV_C
4620requires_config_enabled MBEDTLS_DEBUG_C
4621requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4622requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4623requires_gnutls_tls1_3
4624requires_gnutls_next_no_ticket
4625requires_gnutls_next_disable_tls13_compat
4626run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp256r1_sha256" \
4627 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4628 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
4629 0 \
4630 -s "Protocol is TLSv1.3" \
4631 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4632 -s "received signature algorithm: 0x403" \
4633 -s "got named group: ffdhe4096(0102)" \
4634 -s "Certificate verification was skipped" \
4635 -C "received HelloRetryRequest message"
4636
4637requires_config_enabled MBEDTLS_SSL_SRV_C
4638requires_config_enabled MBEDTLS_DEBUG_C
4639requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4640requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4641requires_gnutls_tls1_3
4642requires_gnutls_next_no_ticket
4643requires_gnutls_next_disable_tls13_compat
4644run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp384r1_sha384" \
4645 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4646 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
4647 0 \
4648 -s "Protocol is TLSv1.3" \
4649 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4650 -s "received signature algorithm: 0x503" \
4651 -s "got named group: ffdhe4096(0102)" \
4652 -s "Certificate verification was skipped" \
4653 -C "received HelloRetryRequest message"
4654
4655requires_config_enabled MBEDTLS_SSL_SRV_C
4656requires_config_enabled MBEDTLS_DEBUG_C
4657requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4658requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4659requires_gnutls_tls1_3
4660requires_gnutls_next_no_ticket
4661requires_gnutls_next_disable_tls13_compat
4662run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp521r1_sha512" \
4663 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4664 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
4665 0 \
4666 -s "Protocol is TLSv1.3" \
4667 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4668 -s "received signature algorithm: 0x603" \
4669 -s "got named group: ffdhe4096(0102)" \
4670 -s "Certificate verification was skipped" \
4671 -C "received HelloRetryRequest message"
4672
4673requires_config_enabled MBEDTLS_SSL_SRV_C
4674requires_config_enabled MBEDTLS_DEBUG_C
4675requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4676requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4677requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4678requires_gnutls_tls1_3
4679requires_gnutls_next_no_ticket
4680requires_gnutls_next_disable_tls13_compat
4681run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe4096,rsa_pss_rsae_sha256" \
4682 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4683 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
4684 0 \
4685 -s "Protocol is TLSv1.3" \
4686 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4687 -s "received signature algorithm: 0x804" \
4688 -s "got named group: ffdhe4096(0102)" \
4689 -s "Certificate verification was skipped" \
4690 -C "received HelloRetryRequest message"
4691
4692requires_config_enabled MBEDTLS_SSL_SRV_C
4693requires_config_enabled MBEDTLS_DEBUG_C
4694requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4695requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4696requires_gnutls_tls1_3
4697requires_gnutls_next_no_ticket
4698requires_gnutls_next_disable_tls13_compat
4699run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp256r1_sha256" \
4700 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4701 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
4702 0 \
4703 -s "Protocol is TLSv1.3" \
4704 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4705 -s "received signature algorithm: 0x403" \
4706 -s "got named group: ffdhe6144(0103)" \
4707 -s "Certificate verification was skipped" \
4708 -C "received HelloRetryRequest message"
4709
4710requires_config_enabled MBEDTLS_SSL_SRV_C
4711requires_config_enabled MBEDTLS_DEBUG_C
4712requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4713requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4714requires_gnutls_tls1_3
4715requires_gnutls_next_no_ticket
4716requires_gnutls_next_disable_tls13_compat
4717run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp384r1_sha384" \
4718 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4719 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
4720 0 \
4721 -s "Protocol is TLSv1.3" \
4722 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4723 -s "received signature algorithm: 0x503" \
4724 -s "got named group: ffdhe6144(0103)" \
4725 -s "Certificate verification was skipped" \
4726 -C "received HelloRetryRequest message"
4727
4728requires_config_enabled MBEDTLS_SSL_SRV_C
4729requires_config_enabled MBEDTLS_DEBUG_C
4730requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4731requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4732requires_gnutls_tls1_3
4733requires_gnutls_next_no_ticket
4734requires_gnutls_next_disable_tls13_compat
4735run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp521r1_sha512" \
4736 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4737 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
4738 0 \
4739 -s "Protocol is TLSv1.3" \
4740 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4741 -s "received signature algorithm: 0x603" \
4742 -s "got named group: ffdhe6144(0103)" \
4743 -s "Certificate verification was skipped" \
4744 -C "received HelloRetryRequest message"
4745
4746requires_config_enabled MBEDTLS_SSL_SRV_C
4747requires_config_enabled MBEDTLS_DEBUG_C
4748requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4749requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4750requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4751requires_gnutls_tls1_3
4752requires_gnutls_next_no_ticket
4753requires_gnutls_next_disable_tls13_compat
4754run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe6144,rsa_pss_rsae_sha256" \
4755 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4756 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
4757 0 \
4758 -s "Protocol is TLSv1.3" \
4759 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4760 -s "received signature algorithm: 0x804" \
4761 -s "got named group: ffdhe6144(0103)" \
4762 -s "Certificate verification was skipped" \
4763 -C "received HelloRetryRequest message"
4764
4765requires_config_enabled MBEDTLS_SSL_SRV_C
4766requires_config_enabled MBEDTLS_DEBUG_C
4767requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4768requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4769requires_gnutls_tls1_3
4770requires_gnutls_next_no_ticket
4771requires_gnutls_next_disable_tls13_compat
4772run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
4773 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4774 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4775 0 \
4776 -s "Protocol is TLSv1.3" \
4777 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4778 -s "received signature algorithm: 0x403" \
4779 -s "got named group: ffdhe8192(0104)" \
4780 -s "Certificate verification was skipped" \
4781 -C "received HelloRetryRequest message"
4782
4783requires_config_enabled MBEDTLS_SSL_SRV_C
4784requires_config_enabled MBEDTLS_DEBUG_C
4785requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4786requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4787requires_gnutls_tls1_3
4788requires_gnutls_next_no_ticket
4789requires_gnutls_next_disable_tls13_compat
4790run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
4791 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4792 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4793 0 \
4794 -s "Protocol is TLSv1.3" \
4795 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4796 -s "received signature algorithm: 0x503" \
4797 -s "got named group: ffdhe8192(0104)" \
4798 -s "Certificate verification was skipped" \
4799 -C "received HelloRetryRequest message"
4800
4801requires_config_enabled MBEDTLS_SSL_SRV_C
4802requires_config_enabled MBEDTLS_DEBUG_C
4803requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4804requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4805requires_gnutls_tls1_3
4806requires_gnutls_next_no_ticket
4807requires_gnutls_next_disable_tls13_compat
4808run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
4809 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4810 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4811 0 \
4812 -s "Protocol is TLSv1.3" \
4813 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4814 -s "received signature algorithm: 0x603" \
4815 -s "got named group: ffdhe8192(0104)" \
4816 -s "Certificate verification was skipped" \
4817 -C "received HelloRetryRequest message"
4818
4819requires_config_enabled MBEDTLS_SSL_SRV_C
4820requires_config_enabled MBEDTLS_DEBUG_C
4821requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4822requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4823requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4824requires_gnutls_tls1_3
4825requires_gnutls_next_no_ticket
4826requires_gnutls_next_disable_tls13_compat
4827run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
4828 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4829 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
4830 0 \
4831 -s "Protocol is TLSv1.3" \
4832 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
4833 -s "received signature algorithm: 0x804" \
4834 -s "got named group: ffdhe8192(0104)" \
4835 -s "Certificate verification was skipped" \
4836 -C "received HelloRetryRequest message"
4837
4838requires_config_enabled MBEDTLS_SSL_SRV_C
4839requires_config_enabled MBEDTLS_DEBUG_C
4840requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4841requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4842requires_gnutls_tls1_3
4843requires_gnutls_next_no_ticket
4844requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4845run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4846 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4847 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4848 0 \
4849 -s "Protocol is TLSv1.3" \
4850 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
4851 -s "received signature algorithm: 0x403" \
4852 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4853 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4854 -C "received HelloRetryRequest message"
4855
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4856requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4857requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4858requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4860requires_gnutls_tls1_3
4861requires_gnutls_next_no_ticket
4862requires_gnutls_next_disable_tls13_compat
4863run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4864 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4865 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4866 0 \
4867 -s "Protocol is TLSv1.3" \
4868 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
4869 -s "received signature algorithm: 0x503" \
4870 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4871 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4872 -C "received HelloRetryRequest message"
4873
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4874requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4875requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4876requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4877requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4878requires_gnutls_tls1_3
4879requires_gnutls_next_no_ticket
4880requires_gnutls_next_disable_tls13_compat
4881run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4882 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4883 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4884 0 \
4885 -s "Protocol is TLSv1.3" \
4886 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
4887 -s "received signature algorithm: 0x603" \
4888 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4889 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4890 -C "received HelloRetryRequest message"
4891
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4892requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4893requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4894requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4895requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4896requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4897requires_gnutls_tls1_3
4898requires_gnutls_next_no_ticket
4899requires_gnutls_next_disable_tls13_compat
4900run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4901 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4902 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4903 0 \
4904 -s "Protocol is TLSv1.3" \
4905 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
4906 -s "received signature algorithm: 0x804" \
4907 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4908 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4909 -C "received HelloRetryRequest message"
4910
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4911requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4912requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4914requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4915requires_gnutls_tls1_3
4916requires_gnutls_next_no_ticket
4917requires_gnutls_next_disable_tls13_compat
4918run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4919 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4920 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4921 0 \
4922 -s "Protocol is TLSv1.3" \
4923 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
4924 -s "received signature algorithm: 0x403" \
4925 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4926 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4927 -C "received HelloRetryRequest message"
4928
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4929requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4930requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4931requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4932requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4933requires_gnutls_tls1_3
4934requires_gnutls_next_no_ticket
4935requires_gnutls_next_disable_tls13_compat
4936run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4937 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4938 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4939 0 \
4940 -s "Protocol is TLSv1.3" \
4941 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
4942 -s "received signature algorithm: 0x503" \
4943 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4944 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4945 -C "received HelloRetryRequest message"
4946
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4947requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4948requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4949requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4950requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4951requires_gnutls_tls1_3
4952requires_gnutls_next_no_ticket
4953requires_gnutls_next_disable_tls13_compat
4954run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4955 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4956 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4957 0 \
4958 -s "Protocol is TLSv1.3" \
4959 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
4960 -s "received signature algorithm: 0x603" \
4961 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4962 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4963 -C "received HelloRetryRequest message"
4964
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4965requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4966requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4967requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4968requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4969requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
4970requires_gnutls_tls1_3
4971requires_gnutls_next_no_ticket
4972requires_gnutls_next_disable_tls13_compat
4973run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4974 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4975 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4976 0 \
4977 -s "Protocol is TLSv1.3" \
4978 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
4979 -s "received signature algorithm: 0x804" \
4980 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4981 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4982 -C "received HelloRetryRequest message"
4983
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4984requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4985requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4986requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4988requires_gnutls_tls1_3
4989requires_gnutls_next_no_ticket
4990requires_gnutls_next_disable_tls13_compat
4991run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]4992 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4993 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4994 0 \
4995 -s "Protocol is TLSv1.3" \
4996 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
4997 -s "received signature algorithm: 0x403" \
4998 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4999 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5000 -C "received HelloRetryRequest message"
5001
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5002requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5003requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5004requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5005requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5006requires_gnutls_tls1_3
5007requires_gnutls_next_no_ticket
5008requires_gnutls_next_disable_tls13_compat
5009run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5010 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5011 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5012 0 \
5013 -s "Protocol is TLSv1.3" \
5014 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5015 -s "received signature algorithm: 0x503" \
5016 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5017 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5018 -C "received HelloRetryRequest message"
5019
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5020requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5021requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5023requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5024requires_gnutls_tls1_3
5025requires_gnutls_next_no_ticket
5026requires_gnutls_next_disable_tls13_compat
5027run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5028 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5029 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5030 0 \
5031 -s "Protocol is TLSv1.3" \
5032 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5033 -s "received signature algorithm: 0x603" \
5034 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5035 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5036 -C "received HelloRetryRequest message"
5037
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5038requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5039requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5040requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5041requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5042requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5043requires_gnutls_tls1_3
5044requires_gnutls_next_no_ticket
5045requires_gnutls_next_disable_tls13_compat
5046run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5047 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5048 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5049 0 \
5050 -s "Protocol is TLSv1.3" \
5051 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5052 -s "received signature algorithm: 0x804" \
5053 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5054 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5055 -C "received HelloRetryRequest message"
5056
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5057requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5058requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5059requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5060requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5061requires_gnutls_tls1_3
5062requires_gnutls_next_no_ticket
5063requires_gnutls_next_disable_tls13_compat
5064run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5065 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5066 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5067 0 \
5068 -s "Protocol is TLSv1.3" \
5069 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5070 -s "received signature algorithm: 0x403" \
5071 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5072 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5073 -C "received HelloRetryRequest message"
5074
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5075requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5076requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5077requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5078requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5079requires_gnutls_tls1_3
5080requires_gnutls_next_no_ticket
5081requires_gnutls_next_disable_tls13_compat
5082run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5083 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5084 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5085 0 \
5086 -s "Protocol is TLSv1.3" \
5087 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5088 -s "received signature algorithm: 0x503" \
5089 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5090 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5091 -C "received HelloRetryRequest message"
5092
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5093requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5094requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5095requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5096requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5097requires_gnutls_tls1_3
5098requires_gnutls_next_no_ticket
5099requires_gnutls_next_disable_tls13_compat
5100run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5101 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5102 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5103 0 \
5104 -s "Protocol is TLSv1.3" \
5105 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5106 -s "received signature algorithm: 0x603" \
5107 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5108 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5109 -C "received HelloRetryRequest message"
5110
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5111requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5112requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5113requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5114requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5115requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5116requires_gnutls_tls1_3
5117requires_gnutls_next_no_ticket
5118requires_gnutls_next_disable_tls13_compat
5119run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5120 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5121 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5122 0 \
5123 -s "Protocol is TLSv1.3" \
5124 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5125 -s "received signature algorithm: 0x804" \
5126 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5127 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5128 -C "received HelloRetryRequest message"
5129
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5130requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5131requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5132requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5133requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5134requires_gnutls_tls1_3
5135requires_gnutls_next_no_ticket
5136requires_gnutls_next_disable_tls13_compat
5137run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5138 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5139 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5140 0 \
5141 -s "Protocol is TLSv1.3" \
5142 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5143 -s "received signature algorithm: 0x403" \
5144 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5145 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5146 -C "received HelloRetryRequest message"
5147
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5148requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5149requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5150requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5151requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5152requires_gnutls_tls1_3
5153requires_gnutls_next_no_ticket
5154requires_gnutls_next_disable_tls13_compat
5155run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5156 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5157 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5158 0 \
5159 -s "Protocol is TLSv1.3" \
5160 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5161 -s "received signature algorithm: 0x503" \
5162 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5163 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5164 -C "received HelloRetryRequest message"
5165
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5166requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5167requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5168requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5169requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5170requires_gnutls_tls1_3
5171requires_gnutls_next_no_ticket
5172requires_gnutls_next_disable_tls13_compat
5173run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5174 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5175 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5176 0 \
5177 -s "Protocol is TLSv1.3" \
5178 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5179 -s "received signature algorithm: 0x603" \
5180 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5181 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5182 -C "received HelloRetryRequest message"
5183
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5184requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5185requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5186requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5188requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5189requires_gnutls_tls1_3
5190requires_gnutls_next_no_ticket
5191requires_gnutls_next_disable_tls13_compat
5192run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5193 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5194 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5195 0 \
5196 -s "Protocol is TLSv1.3" \
5197 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5198 -s "received signature algorithm: 0x804" \
5199 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5200 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5201 -C "received HelloRetryRequest message"
5202
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5203requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5204requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5205requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5206requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5207requires_gnutls_tls1_3
5208requires_gnutls_next_no_ticket
5209requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]5210run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
5211 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5212 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
5213 0 \
5214 -s "Protocol is TLSv1.3" \
5215 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5216 -s "received signature algorithm: 0x403" \
5217 -s "got named group: ffdhe2048(0100)" \
5218 -s "Certificate verification was skipped" \
5219 -C "received HelloRetryRequest message"
5220
5221requires_config_enabled MBEDTLS_SSL_SRV_C
5222requires_config_enabled MBEDTLS_DEBUG_C
5223requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5224requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5225requires_gnutls_tls1_3
5226requires_gnutls_next_no_ticket
5227requires_gnutls_next_disable_tls13_compat
5228run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
5229 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5230 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
5231 0 \
5232 -s "Protocol is TLSv1.3" \
5233 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5234 -s "received signature algorithm: 0x503" \
5235 -s "got named group: ffdhe2048(0100)" \
5236 -s "Certificate verification was skipped" \
5237 -C "received HelloRetryRequest message"
5238
5239requires_config_enabled MBEDTLS_SSL_SRV_C
5240requires_config_enabled MBEDTLS_DEBUG_C
5241requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5242requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5243requires_gnutls_tls1_3
5244requires_gnutls_next_no_ticket
5245requires_gnutls_next_disable_tls13_compat
5246run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
5247 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5248 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
5249 0 \
5250 -s "Protocol is TLSv1.3" \
5251 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5252 -s "received signature algorithm: 0x603" \
5253 -s "got named group: ffdhe2048(0100)" \
5254 -s "Certificate verification was skipped" \
5255 -C "received HelloRetryRequest message"
5256
5257requires_config_enabled MBEDTLS_SSL_SRV_C
5258requires_config_enabled MBEDTLS_DEBUG_C
5259requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5260requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5261requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5262requires_gnutls_tls1_3
5263requires_gnutls_next_no_ticket
5264requires_gnutls_next_disable_tls13_compat
5265run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
5266 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5267 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
5268 0 \
5269 -s "Protocol is TLSv1.3" \
5270 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5271 -s "received signature algorithm: 0x804" \
5272 -s "got named group: ffdhe2048(0100)" \
5273 -s "Certificate verification was skipped" \
5274 -C "received HelloRetryRequest message"
5275
5276requires_config_enabled MBEDTLS_SSL_SRV_C
5277requires_config_enabled MBEDTLS_DEBUG_C
5278requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5279requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5280requires_gnutls_tls1_3
5281requires_gnutls_next_no_ticket
5282requires_gnutls_next_disable_tls13_compat
5283run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
5284 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5285 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
5286 0 \
5287 -s "Protocol is TLSv1.3" \
5288 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5289 -s "received signature algorithm: 0x403" \
5290 -s "got named group: ffdhe3072(0101)" \
5291 -s "Certificate verification was skipped" \
5292 -C "received HelloRetryRequest message"
5293
5294requires_config_enabled MBEDTLS_SSL_SRV_C
5295requires_config_enabled MBEDTLS_DEBUG_C
5296requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5297requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5298requires_gnutls_tls1_3
5299requires_gnutls_next_no_ticket
5300requires_gnutls_next_disable_tls13_compat
5301run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
5302 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5303 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
5304 0 \
5305 -s "Protocol is TLSv1.3" \
5306 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5307 -s "received signature algorithm: 0x503" \
5308 -s "got named group: ffdhe3072(0101)" \
5309 -s "Certificate verification was skipped" \
5310 -C "received HelloRetryRequest message"
5311
5312requires_config_enabled MBEDTLS_SSL_SRV_C
5313requires_config_enabled MBEDTLS_DEBUG_C
5314requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5315requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5316requires_gnutls_tls1_3
5317requires_gnutls_next_no_ticket
5318requires_gnutls_next_disable_tls13_compat
5319run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
5320 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5321 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
5322 0 \
5323 -s "Protocol is TLSv1.3" \
5324 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5325 -s "received signature algorithm: 0x603" \
5326 -s "got named group: ffdhe3072(0101)" \
5327 -s "Certificate verification was skipped" \
5328 -C "received HelloRetryRequest message"
5329
5330requires_config_enabled MBEDTLS_SSL_SRV_C
5331requires_config_enabled MBEDTLS_DEBUG_C
5332requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5333requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5334requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5335requires_gnutls_tls1_3
5336requires_gnutls_next_no_ticket
5337requires_gnutls_next_disable_tls13_compat
5338run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
5339 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5340 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
5341 0 \
5342 -s "Protocol is TLSv1.3" \
5343 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5344 -s "received signature algorithm: 0x804" \
5345 -s "got named group: ffdhe3072(0101)" \
5346 -s "Certificate verification was skipped" \
5347 -C "received HelloRetryRequest message"
5348
5349requires_config_enabled MBEDTLS_SSL_SRV_C
5350requires_config_enabled MBEDTLS_DEBUG_C
5351requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5352requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5353requires_gnutls_tls1_3
5354requires_gnutls_next_no_ticket
5355requires_gnutls_next_disable_tls13_compat
5356run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
5357 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5358 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
5359 0 \
5360 -s "Protocol is TLSv1.3" \
5361 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5362 -s "received signature algorithm: 0x403" \
5363 -s "got named group: ffdhe4096(0102)" \
5364 -s "Certificate verification was skipped" \
5365 -C "received HelloRetryRequest message"
5366
5367requires_config_enabled MBEDTLS_SSL_SRV_C
5368requires_config_enabled MBEDTLS_DEBUG_C
5369requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5370requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5371requires_gnutls_tls1_3
5372requires_gnutls_next_no_ticket
5373requires_gnutls_next_disable_tls13_compat
5374run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
5375 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5376 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
5377 0 \
5378 -s "Protocol is TLSv1.3" \
5379 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5380 -s "received signature algorithm: 0x503" \
5381 -s "got named group: ffdhe4096(0102)" \
5382 -s "Certificate verification was skipped" \
5383 -C "received HelloRetryRequest message"
5384
5385requires_config_enabled MBEDTLS_SSL_SRV_C
5386requires_config_enabled MBEDTLS_DEBUG_C
5387requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5388requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5389requires_gnutls_tls1_3
5390requires_gnutls_next_no_ticket
5391requires_gnutls_next_disable_tls13_compat
5392run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
5393 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5394 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
5395 0 \
5396 -s "Protocol is TLSv1.3" \
5397 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5398 -s "received signature algorithm: 0x603" \
5399 -s "got named group: ffdhe4096(0102)" \
5400 -s "Certificate verification was skipped" \
5401 -C "received HelloRetryRequest message"
5402
5403requires_config_enabled MBEDTLS_SSL_SRV_C
5404requires_config_enabled MBEDTLS_DEBUG_C
5405requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5406requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5407requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5408requires_gnutls_tls1_3
5409requires_gnutls_next_no_ticket
5410requires_gnutls_next_disable_tls13_compat
5411run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
5412 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5413 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
5414 0 \
5415 -s "Protocol is TLSv1.3" \
5416 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5417 -s "received signature algorithm: 0x804" \
5418 -s "got named group: ffdhe4096(0102)" \
5419 -s "Certificate verification was skipped" \
5420 -C "received HelloRetryRequest message"
5421
5422requires_config_enabled MBEDTLS_SSL_SRV_C
5423requires_config_enabled MBEDTLS_DEBUG_C
5424requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5425requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5426requires_gnutls_tls1_3
5427requires_gnutls_next_no_ticket
5428requires_gnutls_next_disable_tls13_compat
5429run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
5430 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5431 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
5432 0 \
5433 -s "Protocol is TLSv1.3" \
5434 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5435 -s "received signature algorithm: 0x403" \
5436 -s "got named group: ffdhe6144(0103)" \
5437 -s "Certificate verification was skipped" \
5438 -C "received HelloRetryRequest message"
5439
5440requires_config_enabled MBEDTLS_SSL_SRV_C
5441requires_config_enabled MBEDTLS_DEBUG_C
5442requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5443requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5444requires_gnutls_tls1_3
5445requires_gnutls_next_no_ticket
5446requires_gnutls_next_disable_tls13_compat
5447run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
5448 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5449 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
5450 0 \
5451 -s "Protocol is TLSv1.3" \
5452 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5453 -s "received signature algorithm: 0x503" \
5454 -s "got named group: ffdhe6144(0103)" \
5455 -s "Certificate verification was skipped" \
5456 -C "received HelloRetryRequest message"
5457
5458requires_config_enabled MBEDTLS_SSL_SRV_C
5459requires_config_enabled MBEDTLS_DEBUG_C
5460requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5461requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5462requires_gnutls_tls1_3
5463requires_gnutls_next_no_ticket
5464requires_gnutls_next_disable_tls13_compat
5465run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
5466 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5467 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
5468 0 \
5469 -s "Protocol is TLSv1.3" \
5470 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5471 -s "received signature algorithm: 0x603" \
5472 -s "got named group: ffdhe6144(0103)" \
5473 -s "Certificate verification was skipped" \
5474 -C "received HelloRetryRequest message"
5475
5476requires_config_enabled MBEDTLS_SSL_SRV_C
5477requires_config_enabled MBEDTLS_DEBUG_C
5478requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5479requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5480requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5481requires_gnutls_tls1_3
5482requires_gnutls_next_no_ticket
5483requires_gnutls_next_disable_tls13_compat
5484run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
5485 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5486 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
5487 0 \
5488 -s "Protocol is TLSv1.3" \
5489 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5490 -s "received signature algorithm: 0x804" \
5491 -s "got named group: ffdhe6144(0103)" \
5492 -s "Certificate verification was skipped" \
5493 -C "received HelloRetryRequest message"
5494
5495requires_config_enabled MBEDTLS_SSL_SRV_C
5496requires_config_enabled MBEDTLS_DEBUG_C
5497requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5498requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5499requires_gnutls_tls1_3
5500requires_gnutls_next_no_ticket
5501requires_gnutls_next_disable_tls13_compat
5502run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
5503 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5504 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
5505 0 \
5506 -s "Protocol is TLSv1.3" \
5507 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5508 -s "received signature algorithm: 0x403" \
5509 -s "got named group: ffdhe8192(0104)" \
5510 -s "Certificate verification was skipped" \
5511 -C "received HelloRetryRequest message"
5512
5513requires_config_enabled MBEDTLS_SSL_SRV_C
5514requires_config_enabled MBEDTLS_DEBUG_C
5515requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5516requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5517requires_gnutls_tls1_3
5518requires_gnutls_next_no_ticket
5519requires_gnutls_next_disable_tls13_compat
5520run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
5521 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5522 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
5523 0 \
5524 -s "Protocol is TLSv1.3" \
5525 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5526 -s "received signature algorithm: 0x503" \
5527 -s "got named group: ffdhe8192(0104)" \
5528 -s "Certificate verification was skipped" \
5529 -C "received HelloRetryRequest message"
5530
5531requires_config_enabled MBEDTLS_SSL_SRV_C
5532requires_config_enabled MBEDTLS_DEBUG_C
5533requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5534requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5535requires_gnutls_tls1_3
5536requires_gnutls_next_no_ticket
5537requires_gnutls_next_disable_tls13_compat
5538run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
5539 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5540 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
5541 0 \
5542 -s "Protocol is TLSv1.3" \
5543 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5544 -s "received signature algorithm: 0x603" \
5545 -s "got named group: ffdhe8192(0104)" \
5546 -s "Certificate verification was skipped" \
5547 -C "received HelloRetryRequest message"
5548
5549requires_config_enabled MBEDTLS_SSL_SRV_C
5550requires_config_enabled MBEDTLS_DEBUG_C
5551requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5552requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5553requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5554requires_gnutls_tls1_3
5555requires_gnutls_next_no_ticket
5556requires_gnutls_next_disable_tls13_compat
5557run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
5558 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5559 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
5560 0 \
5561 -s "Protocol is TLSv1.3" \
5562 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
5563 -s "received signature algorithm: 0x804" \
5564 -s "got named group: ffdhe8192(0104)" \
5565 -s "Certificate verification was skipped" \
5566 -C "received HelloRetryRequest message"
5567
5568requires_config_enabled MBEDTLS_SSL_SRV_C
5569requires_config_enabled MBEDTLS_DEBUG_C
5570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5572requires_gnutls_tls1_3
5573requires_gnutls_next_no_ticket
5574requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5575run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5576 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5577 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5578 0 \
5579 -s "Protocol is TLSv1.3" \
5580 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5581 -s "received signature algorithm: 0x403" \
5582 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5583 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5584 -C "received HelloRetryRequest message"
5585
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5586requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5587requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5588requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5589requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5590requires_gnutls_tls1_3
5591requires_gnutls_next_no_ticket
5592requires_gnutls_next_disable_tls13_compat
5593run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5594 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5595 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5596 0 \
5597 -s "Protocol is TLSv1.3" \
5598 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5599 -s "received signature algorithm: 0x503" \
5600 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5601 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5602 -C "received HelloRetryRequest message"
5603
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5604requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5605requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5606requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5607requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5608requires_gnutls_tls1_3
5609requires_gnutls_next_no_ticket
5610requires_gnutls_next_disable_tls13_compat
5611run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5612 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5613 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5614 0 \
5615 -s "Protocol is TLSv1.3" \
5616 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5617 -s "received signature algorithm: 0x603" \
5618 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5619 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5620 -C "received HelloRetryRequest message"
5621
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5622requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5623requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5624requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5625requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5626requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5627requires_gnutls_tls1_3
5628requires_gnutls_next_no_ticket
5629requires_gnutls_next_disable_tls13_compat
5630run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5631 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5632 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5633 0 \
5634 -s "Protocol is TLSv1.3" \
5635 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5636 -s "received signature algorithm: 0x804" \
5637 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5638 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5639 -C "received HelloRetryRequest message"
5640
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5641requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5642requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5643requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5644requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5645requires_gnutls_tls1_3
5646requires_gnutls_next_no_ticket
5647requires_gnutls_next_disable_tls13_compat
5648run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5649 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5650 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5651 0 \
5652 -s "Protocol is TLSv1.3" \
5653 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5654 -s "received signature algorithm: 0x403" \
5655 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5656 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5657 -C "received HelloRetryRequest message"
5658
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5659requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5660requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5661requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5662requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5663requires_gnutls_tls1_3
5664requires_gnutls_next_no_ticket
5665requires_gnutls_next_disable_tls13_compat
5666run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5667 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5668 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5669 0 \
5670 -s "Protocol is TLSv1.3" \
5671 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5672 -s "received signature algorithm: 0x503" \
5673 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5674 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5675 -C "received HelloRetryRequest message"
5676
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5677requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5678requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5679requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5680requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5681requires_gnutls_tls1_3
5682requires_gnutls_next_no_ticket
5683requires_gnutls_next_disable_tls13_compat
5684run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5685 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5686 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5687 0 \
5688 -s "Protocol is TLSv1.3" \
5689 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5690 -s "received signature algorithm: 0x603" \
5691 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5692 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5693 -C "received HelloRetryRequest message"
5694
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5695requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5696requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5697requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5698requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5699requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5700requires_gnutls_tls1_3
5701requires_gnutls_next_no_ticket
5702requires_gnutls_next_disable_tls13_compat
5703run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5704 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5705 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5706 0 \
5707 -s "Protocol is TLSv1.3" \
5708 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5709 -s "received signature algorithm: 0x804" \
5710 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5711 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5712 -C "received HelloRetryRequest message"
5713
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5714requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5715requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5716requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5718requires_gnutls_tls1_3
5719requires_gnutls_next_no_ticket
5720requires_gnutls_next_disable_tls13_compat
5721run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5722 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5723 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5724 0 \
5725 -s "Protocol is TLSv1.3" \
5726 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5727 -s "received signature algorithm: 0x403" \
5728 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5729 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5730 -C "received HelloRetryRequest message"
5731
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5732requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5733requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5734requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5735requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5736requires_gnutls_tls1_3
5737requires_gnutls_next_no_ticket
5738requires_gnutls_next_disable_tls13_compat
5739run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5740 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5741 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5742 0 \
5743 -s "Protocol is TLSv1.3" \
5744 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5745 -s "received signature algorithm: 0x503" \
5746 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5747 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5748 -C "received HelloRetryRequest message"
5749
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5750requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5751requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5752requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5753requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5754requires_gnutls_tls1_3
5755requires_gnutls_next_no_ticket
5756requires_gnutls_next_disable_tls13_compat
5757run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5758 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5759 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5760 0 \
5761 -s "Protocol is TLSv1.3" \
5762 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5763 -s "received signature algorithm: 0x603" \
5764 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5765 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5766 -C "received HelloRetryRequest message"
5767
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5768requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5769requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5770requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5771requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5772requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5773requires_gnutls_tls1_3
5774requires_gnutls_next_no_ticket
5775requires_gnutls_next_disable_tls13_compat
5776run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5777 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5778 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5779 0 \
5780 -s "Protocol is TLSv1.3" \
5781 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5782 -s "received signature algorithm: 0x804" \
5783 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5784 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5785 -C "received HelloRetryRequest message"
5786
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5787requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5788requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5789requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5790requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5791requires_gnutls_tls1_3
5792requires_gnutls_next_no_ticket
5793requires_gnutls_next_disable_tls13_compat
5794run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5795 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5796 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5797 0 \
5798 -s "Protocol is TLSv1.3" \
5799 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5800 -s "received signature algorithm: 0x403" \
5801 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5802 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5803 -C "received HelloRetryRequest message"
5804
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5805requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5806requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5807requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5808requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5809requires_gnutls_tls1_3
5810requires_gnutls_next_no_ticket
5811requires_gnutls_next_disable_tls13_compat
5812run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5813 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5814 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5815 0 \
5816 -s "Protocol is TLSv1.3" \
5817 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5818 -s "received signature algorithm: 0x503" \
5819 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5820 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5821 -C "received HelloRetryRequest message"
5822
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5823requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5824requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5825requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5826requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5827requires_gnutls_tls1_3
5828requires_gnutls_next_no_ticket
5829requires_gnutls_next_disable_tls13_compat
5830run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5831 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5832 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5833 0 \
5834 -s "Protocol is TLSv1.3" \
5835 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5836 -s "received signature algorithm: 0x603" \
5837 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5838 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5839 -C "received HelloRetryRequest message"
5840
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5841requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5842requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5843requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5844requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5845requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5846requires_gnutls_tls1_3
5847requires_gnutls_next_no_ticket
5848requires_gnutls_next_disable_tls13_compat
5849run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5850 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5851 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5852 0 \
5853 -s "Protocol is TLSv1.3" \
5854 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5855 -s "received signature algorithm: 0x804" \
5856 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5857 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5858 -C "received HelloRetryRequest message"
5859
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5860requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5861requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5862requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5863requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5864requires_gnutls_tls1_3
5865requires_gnutls_next_no_ticket
5866requires_gnutls_next_disable_tls13_compat
5867run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5868 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5869 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5870 0 \
5871 -s "Protocol is TLSv1.3" \
5872 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5873 -s "received signature algorithm: 0x403" \
5874 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5875 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5876 -C "received HelloRetryRequest message"
5877
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5878requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5879requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5880requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5881requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5882requires_gnutls_tls1_3
5883requires_gnutls_next_no_ticket
5884requires_gnutls_next_disable_tls13_compat
5885run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5886 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5887 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5888 0 \
5889 -s "Protocol is TLSv1.3" \
5890 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5891 -s "received signature algorithm: 0x503" \
5892 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5893 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5894 -C "received HelloRetryRequest message"
5895
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5896requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5897requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5898requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5899requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5900requires_gnutls_tls1_3
5901requires_gnutls_next_no_ticket
5902requires_gnutls_next_disable_tls13_compat
5903run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5904 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5905 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5906 0 \
5907 -s "Protocol is TLSv1.3" \
5908 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5909 -s "received signature algorithm: 0x603" \
5910 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5911 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5912 -C "received HelloRetryRequest message"
5913
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5914requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5915requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5916requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5917requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5918requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5919requires_gnutls_tls1_3
5920requires_gnutls_next_no_ticket
5921requires_gnutls_next_disable_tls13_compat
5922run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]5923 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5924 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5925 0 \
5926 -s "Protocol is TLSv1.3" \
5927 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5928 -s "received signature algorithm: 0x804" \
5929 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]5930 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5931 -C "received HelloRetryRequest message"
5932
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5933requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5934requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5935requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5936requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5937requires_gnutls_tls1_3
5938requires_gnutls_next_no_ticket
5939requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]5940run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
5941 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5942 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
5943 0 \
5944 -s "Protocol is TLSv1.3" \
5945 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5946 -s "received signature algorithm: 0x403" \
5947 -s "got named group: ffdhe2048(0100)" \
5948 -s "Certificate verification was skipped" \
5949 -C "received HelloRetryRequest message"
5950
5951requires_config_enabled MBEDTLS_SSL_SRV_C
5952requires_config_enabled MBEDTLS_DEBUG_C
5953requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5954requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5955requires_gnutls_tls1_3
5956requires_gnutls_next_no_ticket
5957requires_gnutls_next_disable_tls13_compat
5958run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
5959 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5960 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
5961 0 \
5962 -s "Protocol is TLSv1.3" \
5963 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5964 -s "received signature algorithm: 0x503" \
5965 -s "got named group: ffdhe2048(0100)" \
5966 -s "Certificate verification was skipped" \
5967 -C "received HelloRetryRequest message"
5968
5969requires_config_enabled MBEDTLS_SSL_SRV_C
5970requires_config_enabled MBEDTLS_DEBUG_C
5971requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5972requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5973requires_gnutls_tls1_3
5974requires_gnutls_next_no_ticket
5975requires_gnutls_next_disable_tls13_compat
5976run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
5977 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5978 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
5979 0 \
5980 -s "Protocol is TLSv1.3" \
5981 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
5982 -s "received signature algorithm: 0x603" \
5983 -s "got named group: ffdhe2048(0100)" \
5984 -s "Certificate verification was skipped" \
5985 -C "received HelloRetryRequest message"
5986
5987requires_config_enabled MBEDTLS_SSL_SRV_C
5988requires_config_enabled MBEDTLS_DEBUG_C
5989requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5990requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5991requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5992requires_gnutls_tls1_3
5993requires_gnutls_next_no_ticket
5994requires_gnutls_next_disable_tls13_compat
5995run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
5996 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
5997 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
5998 0 \
5999 -s "Protocol is TLSv1.3" \
6000 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6001 -s "received signature algorithm: 0x804" \
6002 -s "got named group: ffdhe2048(0100)" \
6003 -s "Certificate verification was skipped" \
6004 -C "received HelloRetryRequest message"
6005
6006requires_config_enabled MBEDTLS_SSL_SRV_C
6007requires_config_enabled MBEDTLS_DEBUG_C
6008requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6009requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6010requires_gnutls_tls1_3
6011requires_gnutls_next_no_ticket
6012requires_gnutls_next_disable_tls13_compat
6013run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
6014 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6015 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
6016 0 \
6017 -s "Protocol is TLSv1.3" \
6018 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6019 -s "received signature algorithm: 0x403" \
6020 -s "got named group: ffdhe3072(0101)" \
6021 -s "Certificate verification was skipped" \
6022 -C "received HelloRetryRequest message"
6023
6024requires_config_enabled MBEDTLS_SSL_SRV_C
6025requires_config_enabled MBEDTLS_DEBUG_C
6026requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6027requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6028requires_gnutls_tls1_3
6029requires_gnutls_next_no_ticket
6030requires_gnutls_next_disable_tls13_compat
6031run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
6032 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6033 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
6034 0 \
6035 -s "Protocol is TLSv1.3" \
6036 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6037 -s "received signature algorithm: 0x503" \
6038 -s "got named group: ffdhe3072(0101)" \
6039 -s "Certificate verification was skipped" \
6040 -C "received HelloRetryRequest message"
6041
6042requires_config_enabled MBEDTLS_SSL_SRV_C
6043requires_config_enabled MBEDTLS_DEBUG_C
6044requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6045requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6046requires_gnutls_tls1_3
6047requires_gnutls_next_no_ticket
6048requires_gnutls_next_disable_tls13_compat
6049run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
6050 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6051 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
6052 0 \
6053 -s "Protocol is TLSv1.3" \
6054 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6055 -s "received signature algorithm: 0x603" \
6056 -s "got named group: ffdhe3072(0101)" \
6057 -s "Certificate verification was skipped" \
6058 -C "received HelloRetryRequest message"
6059
6060requires_config_enabled MBEDTLS_SSL_SRV_C
6061requires_config_enabled MBEDTLS_DEBUG_C
6062requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6063requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6064requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6065requires_gnutls_tls1_3
6066requires_gnutls_next_no_ticket
6067requires_gnutls_next_disable_tls13_compat
6068run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
6069 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6070 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
6071 0 \
6072 -s "Protocol is TLSv1.3" \
6073 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6074 -s "received signature algorithm: 0x804" \
6075 -s "got named group: ffdhe3072(0101)" \
6076 -s "Certificate verification was skipped" \
6077 -C "received HelloRetryRequest message"
6078
6079requires_config_enabled MBEDTLS_SSL_SRV_C
6080requires_config_enabled MBEDTLS_DEBUG_C
6081requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6082requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6083requires_gnutls_tls1_3
6084requires_gnutls_next_no_ticket
6085requires_gnutls_next_disable_tls13_compat
6086run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
6087 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6088 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
6089 0 \
6090 -s "Protocol is TLSv1.3" \
6091 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6092 -s "received signature algorithm: 0x403" \
6093 -s "got named group: ffdhe4096(0102)" \
6094 -s "Certificate verification was skipped" \
6095 -C "received HelloRetryRequest message"
6096
6097requires_config_enabled MBEDTLS_SSL_SRV_C
6098requires_config_enabled MBEDTLS_DEBUG_C
6099requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6101requires_gnutls_tls1_3
6102requires_gnutls_next_no_ticket
6103requires_gnutls_next_disable_tls13_compat
6104run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
6105 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6106 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
6107 0 \
6108 -s "Protocol is TLSv1.3" \
6109 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6110 -s "received signature algorithm: 0x503" \
6111 -s "got named group: ffdhe4096(0102)" \
6112 -s "Certificate verification was skipped" \
6113 -C "received HelloRetryRequest message"
6114
6115requires_config_enabled MBEDTLS_SSL_SRV_C
6116requires_config_enabled MBEDTLS_DEBUG_C
6117requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6118requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6119requires_gnutls_tls1_3
6120requires_gnutls_next_no_ticket
6121requires_gnutls_next_disable_tls13_compat
6122run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
6123 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6124 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
6125 0 \
6126 -s "Protocol is TLSv1.3" \
6127 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6128 -s "received signature algorithm: 0x603" \
6129 -s "got named group: ffdhe4096(0102)" \
6130 -s "Certificate verification was skipped" \
6131 -C "received HelloRetryRequest message"
6132
6133requires_config_enabled MBEDTLS_SSL_SRV_C
6134requires_config_enabled MBEDTLS_DEBUG_C
6135requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6136requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6137requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6138requires_gnutls_tls1_3
6139requires_gnutls_next_no_ticket
6140requires_gnutls_next_disable_tls13_compat
6141run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
6142 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6143 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
6144 0 \
6145 -s "Protocol is TLSv1.3" \
6146 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6147 -s "received signature algorithm: 0x804" \
6148 -s "got named group: ffdhe4096(0102)" \
6149 -s "Certificate verification was skipped" \
6150 -C "received HelloRetryRequest message"
6151
6152requires_config_enabled MBEDTLS_SSL_SRV_C
6153requires_config_enabled MBEDTLS_DEBUG_C
6154requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6155requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6156requires_gnutls_tls1_3
6157requires_gnutls_next_no_ticket
6158requires_gnutls_next_disable_tls13_compat
6159run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
6160 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6161 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
6162 0 \
6163 -s "Protocol is TLSv1.3" \
6164 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6165 -s "received signature algorithm: 0x403" \
6166 -s "got named group: ffdhe6144(0103)" \
6167 -s "Certificate verification was skipped" \
6168 -C "received HelloRetryRequest message"
6169
6170requires_config_enabled MBEDTLS_SSL_SRV_C
6171requires_config_enabled MBEDTLS_DEBUG_C
6172requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6173requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6174requires_gnutls_tls1_3
6175requires_gnutls_next_no_ticket
6176requires_gnutls_next_disable_tls13_compat
6177run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
6178 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6179 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
6180 0 \
6181 -s "Protocol is TLSv1.3" \
6182 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6183 -s "received signature algorithm: 0x503" \
6184 -s "got named group: ffdhe6144(0103)" \
6185 -s "Certificate verification was skipped" \
6186 -C "received HelloRetryRequest message"
6187
6188requires_config_enabled MBEDTLS_SSL_SRV_C
6189requires_config_enabled MBEDTLS_DEBUG_C
6190requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6191requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6192requires_gnutls_tls1_3
6193requires_gnutls_next_no_ticket
6194requires_gnutls_next_disable_tls13_compat
6195run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
6196 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6197 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
6198 0 \
6199 -s "Protocol is TLSv1.3" \
6200 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6201 -s "received signature algorithm: 0x603" \
6202 -s "got named group: ffdhe6144(0103)" \
6203 -s "Certificate verification was skipped" \
6204 -C "received HelloRetryRequest message"
6205
6206requires_config_enabled MBEDTLS_SSL_SRV_C
6207requires_config_enabled MBEDTLS_DEBUG_C
6208requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6209requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6210requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6211requires_gnutls_tls1_3
6212requires_gnutls_next_no_ticket
6213requires_gnutls_next_disable_tls13_compat
6214run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
6215 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6216 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
6217 0 \
6218 -s "Protocol is TLSv1.3" \
6219 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6220 -s "received signature algorithm: 0x804" \
6221 -s "got named group: ffdhe6144(0103)" \
6222 -s "Certificate verification was skipped" \
6223 -C "received HelloRetryRequest message"
6224
6225requires_config_enabled MBEDTLS_SSL_SRV_C
6226requires_config_enabled MBEDTLS_DEBUG_C
6227requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6228requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6229requires_gnutls_tls1_3
6230requires_gnutls_next_no_ticket
6231requires_gnutls_next_disable_tls13_compat
6232run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
6233 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6234 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
6235 0 \
6236 -s "Protocol is TLSv1.3" \
6237 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6238 -s "received signature algorithm: 0x403" \
6239 -s "got named group: ffdhe8192(0104)" \
6240 -s "Certificate verification was skipped" \
6241 -C "received HelloRetryRequest message"
6242
6243requires_config_enabled MBEDTLS_SSL_SRV_C
6244requires_config_enabled MBEDTLS_DEBUG_C
6245requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6246requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6247requires_gnutls_tls1_3
6248requires_gnutls_next_no_ticket
6249requires_gnutls_next_disable_tls13_compat
6250run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
6251 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6252 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
6253 0 \
6254 -s "Protocol is TLSv1.3" \
6255 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6256 -s "received signature algorithm: 0x503" \
6257 -s "got named group: ffdhe8192(0104)" \
6258 -s "Certificate verification was skipped" \
6259 -C "received HelloRetryRequest message"
6260
6261requires_config_enabled MBEDTLS_SSL_SRV_C
6262requires_config_enabled MBEDTLS_DEBUG_C
6263requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6264requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6265requires_gnutls_tls1_3
6266requires_gnutls_next_no_ticket
6267requires_gnutls_next_disable_tls13_compat
6268run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
6269 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6270 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
6271 0 \
6272 -s "Protocol is TLSv1.3" \
6273 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6274 -s "received signature algorithm: 0x603" \
6275 -s "got named group: ffdhe8192(0104)" \
6276 -s "Certificate verification was skipped" \
6277 -C "received HelloRetryRequest message"
6278
6279requires_config_enabled MBEDTLS_SSL_SRV_C
6280requires_config_enabled MBEDTLS_DEBUG_C
6281requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6282requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6283requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6284requires_gnutls_tls1_3
6285requires_gnutls_next_no_ticket
6286requires_gnutls_next_disable_tls13_compat
6287run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
6288 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6289 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
6290 0 \
6291 -s "Protocol is TLSv1.3" \
6292 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
6293 -s "received signature algorithm: 0x804" \
6294 -s "got named group: ffdhe8192(0104)" \
6295 -s "Certificate verification was skipped" \
6296 -C "received HelloRetryRequest message"
6297
6298requires_config_enabled MBEDTLS_SSL_SRV_C
6299requires_config_enabled MBEDTLS_DEBUG_C
6300requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6301requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6302requires_gnutls_tls1_3
6303requires_gnutls_next_no_ticket
6304requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6305run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6306 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6307 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6308 0 \
6309 -s "Protocol is TLSv1.3" \
6310 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6311 -s "received signature algorithm: 0x403" \
6312 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6313 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6314 -C "received HelloRetryRequest message"
6315
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6316requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6317requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6318requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6319requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6320requires_gnutls_tls1_3
6321requires_gnutls_next_no_ticket
6322requires_gnutls_next_disable_tls13_compat
6323run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6324 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6325 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6326 0 \
6327 -s "Protocol is TLSv1.3" \
6328 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6329 -s "received signature algorithm: 0x503" \
6330 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6331 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6332 -C "received HelloRetryRequest message"
6333
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6334requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6335requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6336requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6337requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6338requires_gnutls_tls1_3
6339requires_gnutls_next_no_ticket
6340requires_gnutls_next_disable_tls13_compat
6341run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6342 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6343 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6344 0 \
6345 -s "Protocol is TLSv1.3" \
6346 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6347 -s "received signature algorithm: 0x603" \
6348 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6349 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6350 -C "received HelloRetryRequest message"
6351
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6352requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6353requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6354requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6355requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6356requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6357requires_gnutls_tls1_3
6358requires_gnutls_next_no_ticket
6359requires_gnutls_next_disable_tls13_compat
6360run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6361 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6362 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6363 0 \
6364 -s "Protocol is TLSv1.3" \
6365 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6366 -s "received signature algorithm: 0x804" \
6367 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6368 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6369 -C "received HelloRetryRequest message"
6370
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6371requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6372requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6373requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6374requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6375requires_gnutls_tls1_3
6376requires_gnutls_next_no_ticket
6377requires_gnutls_next_disable_tls13_compat
6378run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6379 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6380 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6381 0 \
6382 -s "Protocol is TLSv1.3" \
6383 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6384 -s "received signature algorithm: 0x403" \
6385 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6386 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6387 -C "received HelloRetryRequest message"
6388
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6389requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6390requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6391requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6392requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6393requires_gnutls_tls1_3
6394requires_gnutls_next_no_ticket
6395requires_gnutls_next_disable_tls13_compat
6396run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6397 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6398 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6399 0 \
6400 -s "Protocol is TLSv1.3" \
6401 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6402 -s "received signature algorithm: 0x503" \
6403 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6404 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6405 -C "received HelloRetryRequest message"
6406
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6407requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6408requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6409requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6410requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6411requires_gnutls_tls1_3
6412requires_gnutls_next_no_ticket
6413requires_gnutls_next_disable_tls13_compat
6414run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6415 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6416 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6417 0 \
6418 -s "Protocol is TLSv1.3" \
6419 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6420 -s "received signature algorithm: 0x603" \
6421 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6422 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6423 -C "received HelloRetryRequest message"
6424
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6425requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6426requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6427requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6428requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6429requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6430requires_gnutls_tls1_3
6431requires_gnutls_next_no_ticket
6432requires_gnutls_next_disable_tls13_compat
6433run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6434 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6435 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6436 0 \
6437 -s "Protocol is TLSv1.3" \
6438 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6439 -s "received signature algorithm: 0x804" \
6440 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6441 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6442 -C "received HelloRetryRequest message"
6443
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6444requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6445requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6447requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6448requires_gnutls_tls1_3
6449requires_gnutls_next_no_ticket
6450requires_gnutls_next_disable_tls13_compat
6451run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6452 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6453 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6454 0 \
6455 -s "Protocol is TLSv1.3" \
6456 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6457 -s "received signature algorithm: 0x403" \
6458 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6459 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6460 -C "received HelloRetryRequest message"
6461
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6462requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6463requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6465requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6466requires_gnutls_tls1_3
6467requires_gnutls_next_no_ticket
6468requires_gnutls_next_disable_tls13_compat
6469run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6470 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6471 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6472 0 \
6473 -s "Protocol is TLSv1.3" \
6474 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6475 -s "received signature algorithm: 0x503" \
6476 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6477 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6478 -C "received HelloRetryRequest message"
6479
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6480requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6481requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6482requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6483requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6484requires_gnutls_tls1_3
6485requires_gnutls_next_no_ticket
6486requires_gnutls_next_disable_tls13_compat
6487run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6488 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6489 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6490 0 \
6491 -s "Protocol is TLSv1.3" \
6492 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6493 -s "received signature algorithm: 0x603" \
6494 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6495 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6496 -C "received HelloRetryRequest message"
6497
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6498requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6499requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6500requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6501requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6502requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6503requires_gnutls_tls1_3
6504requires_gnutls_next_no_ticket
6505requires_gnutls_next_disable_tls13_compat
6506run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6507 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6508 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6509 0 \
6510 -s "Protocol is TLSv1.3" \
6511 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6512 -s "received signature algorithm: 0x804" \
6513 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6514 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6515 -C "received HelloRetryRequest message"
6516
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6517requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6518requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6519requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6520requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6521requires_gnutls_tls1_3
6522requires_gnutls_next_no_ticket
6523requires_gnutls_next_disable_tls13_compat
6524run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6525 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6526 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6527 0 \
6528 -s "Protocol is TLSv1.3" \
6529 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6530 -s "received signature algorithm: 0x403" \
6531 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6532 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6533 -C "received HelloRetryRequest message"
6534
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6535requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6536requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6537requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6538requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6539requires_gnutls_tls1_3
6540requires_gnutls_next_no_ticket
6541requires_gnutls_next_disable_tls13_compat
6542run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6543 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6544 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6545 0 \
6546 -s "Protocol is TLSv1.3" \
6547 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6548 -s "received signature algorithm: 0x503" \
6549 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6550 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6551 -C "received HelloRetryRequest message"
6552
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6553requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6554requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6555requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6556requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6557requires_gnutls_tls1_3
6558requires_gnutls_next_no_ticket
6559requires_gnutls_next_disable_tls13_compat
6560run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6561 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6562 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6563 0 \
6564 -s "Protocol is TLSv1.3" \
6565 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6566 -s "received signature algorithm: 0x603" \
6567 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6568 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6569 -C "received HelloRetryRequest message"
6570
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6571requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6572requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6573requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6574requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6575requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6576requires_gnutls_tls1_3
6577requires_gnutls_next_no_ticket
6578requires_gnutls_next_disable_tls13_compat
6579run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6580 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6581 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6582 0 \
6583 -s "Protocol is TLSv1.3" \
6584 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6585 -s "received signature algorithm: 0x804" \
6586 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6587 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6588 -C "received HelloRetryRequest message"
6589
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6590requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6591requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6592requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6593requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6594requires_gnutls_tls1_3
6595requires_gnutls_next_no_ticket
6596requires_gnutls_next_disable_tls13_compat
6597run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6598 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6599 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6600 0 \
6601 -s "Protocol is TLSv1.3" \
6602 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6603 -s "received signature algorithm: 0x403" \
6604 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6605 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6606 -C "received HelloRetryRequest message"
6607
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6608requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6609requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6610requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6611requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6612requires_gnutls_tls1_3
6613requires_gnutls_next_no_ticket
6614requires_gnutls_next_disable_tls13_compat
6615run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6616 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6617 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6618 0 \
6619 -s "Protocol is TLSv1.3" \
6620 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6621 -s "received signature algorithm: 0x503" \
6622 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6623 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6624 -C "received HelloRetryRequest message"
6625
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6626requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6627requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6628requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6629requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6630requires_gnutls_tls1_3
6631requires_gnutls_next_no_ticket
6632requires_gnutls_next_disable_tls13_compat
6633run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6634 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6635 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6636 0 \
6637 -s "Protocol is TLSv1.3" \
6638 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6639 -s "received signature algorithm: 0x603" \
6640 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6641 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6642 -C "received HelloRetryRequest message"
6643
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6644requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6645requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6646requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6647requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6648requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6649requires_gnutls_tls1_3
6650requires_gnutls_next_no_ticket
6651requires_gnutls_next_disable_tls13_compat
6652run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]6653 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6654 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6655 0 \
6656 -s "Protocol is TLSv1.3" \
6657 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6658 -s "received signature algorithm: 0x804" \
6659 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]6660 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]6661 -C "received HelloRetryRequest message"
6662
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]6663requires_config_enabled MBEDTLS_SSL_SRV_C
6664requires_config_enabled MBEDTLS_DEBUG_C
6665requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6666requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6667requires_gnutls_tls1_3
6668requires_gnutls_next_no_ticket
6669requires_gnutls_next_disable_tls13_compat
6670run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
6671 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6672 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
6673 0 \
6674 -s "Protocol is TLSv1.3" \
6675 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6676 -s "received signature algorithm: 0x403" \
6677 -s "got named group: ffdhe2048(0100)" \
6678 -s "Certificate verification was skipped" \
6679 -C "received HelloRetryRequest message"
6680
6681requires_config_enabled MBEDTLS_SSL_SRV_C
6682requires_config_enabled MBEDTLS_DEBUG_C
6683requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6684requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6685requires_gnutls_tls1_3
6686requires_gnutls_next_no_ticket
6687requires_gnutls_next_disable_tls13_compat
6688run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
6689 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6690 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
6691 0 \
6692 -s "Protocol is TLSv1.3" \
6693 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6694 -s "received signature algorithm: 0x503" \
6695 -s "got named group: ffdhe2048(0100)" \
6696 -s "Certificate verification was skipped" \
6697 -C "received HelloRetryRequest message"
6698
6699requires_config_enabled MBEDTLS_SSL_SRV_C
6700requires_config_enabled MBEDTLS_DEBUG_C
6701requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6702requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6703requires_gnutls_tls1_3
6704requires_gnutls_next_no_ticket
6705requires_gnutls_next_disable_tls13_compat
6706run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
6707 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6708 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
6709 0 \
6710 -s "Protocol is TLSv1.3" \
6711 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6712 -s "received signature algorithm: 0x603" \
6713 -s "got named group: ffdhe2048(0100)" \
6714 -s "Certificate verification was skipped" \
6715 -C "received HelloRetryRequest message"
6716
6717requires_config_enabled MBEDTLS_SSL_SRV_C
6718requires_config_enabled MBEDTLS_DEBUG_C
6719requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6720requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6721requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6722requires_gnutls_tls1_3
6723requires_gnutls_next_no_ticket
6724requires_gnutls_next_disable_tls13_compat
6725run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
6726 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6727 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
6728 0 \
6729 -s "Protocol is TLSv1.3" \
6730 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6731 -s "received signature algorithm: 0x804" \
6732 -s "got named group: ffdhe2048(0100)" \
6733 -s "Certificate verification was skipped" \
6734 -C "received HelloRetryRequest message"
6735
6736requires_config_enabled MBEDTLS_SSL_SRV_C
6737requires_config_enabled MBEDTLS_DEBUG_C
6738requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6739requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6740requires_gnutls_tls1_3
6741requires_gnutls_next_no_ticket
6742requires_gnutls_next_disable_tls13_compat
6743run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
6744 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6745 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
6746 0 \
6747 -s "Protocol is TLSv1.3" \
6748 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6749 -s "received signature algorithm: 0x403" \
6750 -s "got named group: ffdhe3072(0101)" \
6751 -s "Certificate verification was skipped" \
6752 -C "received HelloRetryRequest message"
6753
6754requires_config_enabled MBEDTLS_SSL_SRV_C
6755requires_config_enabled MBEDTLS_DEBUG_C
6756requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6758requires_gnutls_tls1_3
6759requires_gnutls_next_no_ticket
6760requires_gnutls_next_disable_tls13_compat
6761run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
6762 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6763 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
6764 0 \
6765 -s "Protocol is TLSv1.3" \
6766 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6767 -s "received signature algorithm: 0x503" \
6768 -s "got named group: ffdhe3072(0101)" \
6769 -s "Certificate verification was skipped" \
6770 -C "received HelloRetryRequest message"
6771
6772requires_config_enabled MBEDTLS_SSL_SRV_C
6773requires_config_enabled MBEDTLS_DEBUG_C
6774requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6775requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6776requires_gnutls_tls1_3
6777requires_gnutls_next_no_ticket
6778requires_gnutls_next_disable_tls13_compat
6779run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
6780 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6781 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
6782 0 \
6783 -s "Protocol is TLSv1.3" \
6784 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6785 -s "received signature algorithm: 0x603" \
6786 -s "got named group: ffdhe3072(0101)" \
6787 -s "Certificate verification was skipped" \
6788 -C "received HelloRetryRequest message"
6789
6790requires_config_enabled MBEDTLS_SSL_SRV_C
6791requires_config_enabled MBEDTLS_DEBUG_C
6792requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6793requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6794requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6795requires_gnutls_tls1_3
6796requires_gnutls_next_no_ticket
6797requires_gnutls_next_disable_tls13_compat
6798run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
6799 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6800 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
6801 0 \
6802 -s "Protocol is TLSv1.3" \
6803 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6804 -s "received signature algorithm: 0x804" \
6805 -s "got named group: ffdhe3072(0101)" \
6806 -s "Certificate verification was skipped" \
6807 -C "received HelloRetryRequest message"
6808
6809requires_config_enabled MBEDTLS_SSL_SRV_C
6810requires_config_enabled MBEDTLS_DEBUG_C
6811requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6812requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6813requires_gnutls_tls1_3
6814requires_gnutls_next_no_ticket
6815requires_gnutls_next_disable_tls13_compat
6816run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
6817 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6818 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
6819 0 \
6820 -s "Protocol is TLSv1.3" \
6821 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6822 -s "received signature algorithm: 0x403" \
6823 -s "got named group: ffdhe4096(0102)" \
6824 -s "Certificate verification was skipped" \
6825 -C "received HelloRetryRequest message"
6826
6827requires_config_enabled MBEDTLS_SSL_SRV_C
6828requires_config_enabled MBEDTLS_DEBUG_C
6829requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6830requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6831requires_gnutls_tls1_3
6832requires_gnutls_next_no_ticket
6833requires_gnutls_next_disable_tls13_compat
6834run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
6835 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6836 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
6837 0 \
6838 -s "Protocol is TLSv1.3" \
6839 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6840 -s "received signature algorithm: 0x503" \
6841 -s "got named group: ffdhe4096(0102)" \
6842 -s "Certificate verification was skipped" \
6843 -C "received HelloRetryRequest message"
6844
6845requires_config_enabled MBEDTLS_SSL_SRV_C
6846requires_config_enabled MBEDTLS_DEBUG_C
6847requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6848requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6849requires_gnutls_tls1_3
6850requires_gnutls_next_no_ticket
6851requires_gnutls_next_disable_tls13_compat
6852run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
6853 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6854 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
6855 0 \
6856 -s "Protocol is TLSv1.3" \
6857 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6858 -s "received signature algorithm: 0x603" \
6859 -s "got named group: ffdhe4096(0102)" \
6860 -s "Certificate verification was skipped" \
6861 -C "received HelloRetryRequest message"
6862
6863requires_config_enabled MBEDTLS_SSL_SRV_C
6864requires_config_enabled MBEDTLS_DEBUG_C
6865requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6866requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6867requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6868requires_gnutls_tls1_3
6869requires_gnutls_next_no_ticket
6870requires_gnutls_next_disable_tls13_compat
6871run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
6872 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6873 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
6874 0 \
6875 -s "Protocol is TLSv1.3" \
6876 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6877 -s "received signature algorithm: 0x804" \
6878 -s "got named group: ffdhe4096(0102)" \
6879 -s "Certificate verification was skipped" \
6880 -C "received HelloRetryRequest message"
6881
6882requires_config_enabled MBEDTLS_SSL_SRV_C
6883requires_config_enabled MBEDTLS_DEBUG_C
6884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6886requires_gnutls_tls1_3
6887requires_gnutls_next_no_ticket
6888requires_gnutls_next_disable_tls13_compat
6889run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
6890 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6891 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
6892 0 \
6893 -s "Protocol is TLSv1.3" \
6894 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6895 -s "received signature algorithm: 0x403" \
6896 -s "got named group: ffdhe6144(0103)" \
6897 -s "Certificate verification was skipped" \
6898 -C "received HelloRetryRequest message"
6899
6900requires_config_enabled MBEDTLS_SSL_SRV_C
6901requires_config_enabled MBEDTLS_DEBUG_C
6902requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6903requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6904requires_gnutls_tls1_3
6905requires_gnutls_next_no_ticket
6906requires_gnutls_next_disable_tls13_compat
6907run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
6908 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6909 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
6910 0 \
6911 -s "Protocol is TLSv1.3" \
6912 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6913 -s "received signature algorithm: 0x503" \
6914 -s "got named group: ffdhe6144(0103)" \
6915 -s "Certificate verification was skipped" \
6916 -C "received HelloRetryRequest message"
6917
6918requires_config_enabled MBEDTLS_SSL_SRV_C
6919requires_config_enabled MBEDTLS_DEBUG_C
6920requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6921requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6922requires_gnutls_tls1_3
6923requires_gnutls_next_no_ticket
6924requires_gnutls_next_disable_tls13_compat
6925run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
6926 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6927 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
6928 0 \
6929 -s "Protocol is TLSv1.3" \
6930 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6931 -s "received signature algorithm: 0x603" \
6932 -s "got named group: ffdhe6144(0103)" \
6933 -s "Certificate verification was skipped" \
6934 -C "received HelloRetryRequest message"
6935
6936requires_config_enabled MBEDTLS_SSL_SRV_C
6937requires_config_enabled MBEDTLS_DEBUG_C
6938requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6939requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6940requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6941requires_gnutls_tls1_3
6942requires_gnutls_next_no_ticket
6943requires_gnutls_next_disable_tls13_compat
6944run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
6945 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6946 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
6947 0 \
6948 -s "Protocol is TLSv1.3" \
6949 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6950 -s "received signature algorithm: 0x804" \
6951 -s "got named group: ffdhe6144(0103)" \
6952 -s "Certificate verification was skipped" \
6953 -C "received HelloRetryRequest message"
6954
6955requires_config_enabled MBEDTLS_SSL_SRV_C
6956requires_config_enabled MBEDTLS_DEBUG_C
6957requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6958requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6959requires_gnutls_tls1_3
6960requires_gnutls_next_no_ticket
6961requires_gnutls_next_disable_tls13_compat
6962run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
6963 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6964 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
6965 0 \
6966 -s "Protocol is TLSv1.3" \
6967 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6968 -s "received signature algorithm: 0x403" \
6969 -s "got named group: ffdhe8192(0104)" \
6970 -s "Certificate verification was skipped" \
6971 -C "received HelloRetryRequest message"
6972
6973requires_config_enabled MBEDTLS_SSL_SRV_C
6974requires_config_enabled MBEDTLS_DEBUG_C
6975requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6976requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6977requires_gnutls_tls1_3
6978requires_gnutls_next_no_ticket
6979requires_gnutls_next_disable_tls13_compat
6980run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
6981 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
6982 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
6983 0 \
6984 -s "Protocol is TLSv1.3" \
6985 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
6986 -s "received signature algorithm: 0x503" \
6987 -s "got named group: ffdhe8192(0104)" \
6988 -s "Certificate verification was skipped" \
6989 -C "received HelloRetryRequest message"
6990
6991requires_config_enabled MBEDTLS_SSL_SRV_C
6992requires_config_enabled MBEDTLS_DEBUG_C
6993requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6994requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6995requires_gnutls_tls1_3
6996requires_gnutls_next_no_ticket
6997requires_gnutls_next_disable_tls13_compat
6998run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
6999 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7000 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
7001 0 \
7002 -s "Protocol is TLSv1.3" \
7003 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
7004 -s "received signature algorithm: 0x603" \
7005 -s "got named group: ffdhe8192(0104)" \
7006 -s "Certificate verification was skipped" \
7007 -C "received HelloRetryRequest message"
7008
7009requires_config_enabled MBEDTLS_SSL_SRV_C
7010requires_config_enabled MBEDTLS_DEBUG_C
7011requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7012requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7013requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7014requires_gnutls_tls1_3
7015requires_gnutls_next_no_ticket
7016requires_gnutls_next_disable_tls13_compat
7017run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
7018 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7019 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
7020 0 \
7021 -s "Protocol is TLSv1.3" \
7022 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
7023 -s "received signature algorithm: 0x804" \
7024 -s "got named group: ffdhe8192(0104)" \
7025 -s "Certificate verification was skipped" \
7026 -C "received HelloRetryRequest message"
7027
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7028requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7029requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7030requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7031requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7033run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7034 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7035 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7036 0 \
7037 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7038 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7039 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7040 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7041 -c "NamedGroup: secp256r1 ( 17 )" \
7042 -c "Verifying peer X.509 certificate... ok" \
7043 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7044
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7045requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7046requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7047requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7048requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7049requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7050run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7051 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7052 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7053 0 \
7054 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7055 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7056 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7057 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7058 -c "NamedGroup: secp256r1 ( 17 )" \
7059 -c "Verifying peer X.509 certificate... ok" \
7060 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7061
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7062requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7063requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7064requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7065requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7066requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7067run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7068 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7069 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7070 0 \
7071 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7072 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7073 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7074 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7075 -c "NamedGroup: secp256r1 ( 17 )" \
7076 -c "Verifying peer X.509 certificate... ok" \
7077 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7078
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7079requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7080requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7081requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7082requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7084requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7085run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7086 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7087 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7088 0 \
7089 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7090 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7091 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7092 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7093 -c "NamedGroup: secp256r1 ( 17 )" \
7094 -c "Verifying peer X.509 certificate... ok" \
7095 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7096
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7097requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7098requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7099requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7100requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7102run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7103 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7104 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7105 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7106 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7107 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7108 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7109 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7110 -c "NamedGroup: secp384r1 ( 18 )" \
7111 -c "Verifying peer X.509 certificate... ok" \
7112 -C "received HelloRetryRequest message"
7113
7114requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7115requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7116requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7117requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7118requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7119run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7120 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7121 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7122 0 \
7123 -c "HTTP/1.0 200 ok" \
7124 -c "Protocol is TLSv1.3" \
7125 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7126 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7127 -c "NamedGroup: secp384r1 ( 18 )" \
7128 -c "Verifying peer X.509 certificate... ok" \
7129 -C "received HelloRetryRequest message"
7130
7131requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7132requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7133requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7136run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7137 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7138 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7139 0 \
7140 -c "HTTP/1.0 200 ok" \
7141 -c "Protocol is TLSv1.3" \
7142 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7143 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7144 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7145 -c "Verifying peer X.509 certificate... ok" \
7146 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7147
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7148requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7149requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7150requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7151requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7153requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7154run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7155 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7156 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7157 0 \
7158 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7159 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7160 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7161 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7162 -c "NamedGroup: secp384r1 ( 18 )" \
7163 -c "Verifying peer X.509 certificate... ok" \
7164 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7165
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7166requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7167requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7168requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7169requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7170requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7171run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7172 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7173 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7174 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7175 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7176 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7177 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7178 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7179 -c "NamedGroup: secp521r1 ( 19 )" \
7180 -c "Verifying peer X.509 certificate... ok" \
7181 -C "received HelloRetryRequest message"
7182
7183requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7184requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7185requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7186requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7188run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7189 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7190 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7191 0 \
7192 -c "HTTP/1.0 200 ok" \
7193 -c "Protocol is TLSv1.3" \
7194 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7195 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7196 -c "NamedGroup: secp521r1 ( 19 )" \
7197 -c "Verifying peer X.509 certificate... ok" \
7198 -C "received HelloRetryRequest message"
7199
7200requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7201requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7202requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7203requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7204requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7205run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7206 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7207 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7208 0 \
7209 -c "HTTP/1.0 200 ok" \
7210 -c "Protocol is TLSv1.3" \
7211 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7212 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7213 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7214 -c "Verifying peer X.509 certificate... ok" \
7215 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7216
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7217requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7218requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7219requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7220requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7222requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7223run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7224 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7225 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7226 0 \
7227 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7228 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7229 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7230 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7231 -c "NamedGroup: secp521r1 ( 19 )" \
7232 -c "Verifying peer X.509 certificate... ok" \
7233 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7234
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7235requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7236requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7237requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7238requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7240run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7241 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7242 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7243 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7244 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7245 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7246 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7247 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7248 -c "NamedGroup: x25519 ( 1d )" \
7249 -c "Verifying peer X.509 certificate... ok" \
7250 -C "received HelloRetryRequest message"
7251
7252requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7253requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7254requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7255requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7257run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7258 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7259 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7260 0 \
7261 -c "HTTP/1.0 200 ok" \
7262 -c "Protocol is TLSv1.3" \
7263 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7264 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7265 -c "NamedGroup: x25519 ( 1d )" \
7266 -c "Verifying peer X.509 certificate... ok" \
7267 -C "received HelloRetryRequest message"
7268
7269requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7270requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7271requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7272requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7273requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7274run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7275 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7276 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7277 0 \
7278 -c "HTTP/1.0 200 ok" \
7279 -c "Protocol is TLSv1.3" \
7280 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7281 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7282 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7283 -c "Verifying peer X.509 certificate... ok" \
7284 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7285
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7286requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7287requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7288requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7289requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7290requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7291requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7292run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7293 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7294 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7295 0 \
7296 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7297 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7298 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7299 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7300 -c "NamedGroup: x25519 ( 1d )" \
7301 -c "Verifying peer X.509 certificate... ok" \
7302 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7303
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7304requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7305requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7306requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7307requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7308requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7309run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7310 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7311 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7312 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7313 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7314 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7315 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7316 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7317 -c "NamedGroup: x448 ( 1e )" \
7318 -c "Verifying peer X.509 certificate... ok" \
7319 -C "received HelloRetryRequest message"
7320
7321requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7322requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7323requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7324requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7326run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7327 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7328 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7329 0 \
7330 -c "HTTP/1.0 200 ok" \
7331 -c "Protocol is TLSv1.3" \
7332 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7333 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7334 -c "NamedGroup: x448 ( 1e )" \
7335 -c "Verifying peer X.509 certificate... ok" \
7336 -C "received HelloRetryRequest message"
7337
7338requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7339requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7340requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7341requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7342requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7343run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7344 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7345 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7346 0 \
7347 -c "HTTP/1.0 200 ok" \
7348 -c "Protocol is TLSv1.3" \
7349 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7350 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7351 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7352 -c "Verifying peer X.509 certificate... ok" \
7353 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7354
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7355requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7356requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7357requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7358requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7360requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7361run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7362 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7363 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7364 0 \
7365 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7366 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7367 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7368 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7369 -c "NamedGroup: x448 ( 1e )" \
7370 -c "Verifying peer X.509 certificate... ok" \
7371 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7372
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7373requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]7374requires_openssl_3_x
7375requires_config_enabled MBEDTLS_SSL_CLI_C
7376requires_config_enabled MBEDTLS_DEBUG_C
7377requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7378requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7379run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
7380 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7381 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
7382 0 \
7383 -c "HTTP/1.0 200 ok" \
7384 -c "Protocol is TLSv1.3" \
7385 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7386 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7387 -c "NamedGroup: ffdhe2048 ( 100 )" \
7388 -c "Verifying peer X.509 certificate... ok" \
7389 -C "received HelloRetryRequest message"
7390
7391requires_openssl_tls1_3
7392requires_openssl_3_x
7393requires_config_enabled MBEDTLS_SSL_CLI_C
7394requires_config_enabled MBEDTLS_DEBUG_C
7395requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7396requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7397run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
7398 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7399 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
7400 0 \
7401 -c "HTTP/1.0 200 ok" \
7402 -c "Protocol is TLSv1.3" \
7403 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7404 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7405 -c "NamedGroup: ffdhe2048 ( 100 )" \
7406 -c "Verifying peer X.509 certificate... ok" \
7407 -C "received HelloRetryRequest message"
7408
7409requires_openssl_tls1_3
7410requires_openssl_3_x
7411requires_config_enabled MBEDTLS_SSL_CLI_C
7412requires_config_enabled MBEDTLS_DEBUG_C
7413requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7414requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7415run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
7416 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7417 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
7418 0 \
7419 -c "HTTP/1.0 200 ok" \
7420 -c "Protocol is TLSv1.3" \
7421 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7422 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7423 -c "NamedGroup: ffdhe2048 ( 100 )" \
7424 -c "Verifying peer X.509 certificate... ok" \
7425 -C "received HelloRetryRequest message"
7426
7427requires_openssl_tls1_3
7428requires_openssl_3_x
7429requires_config_enabled MBEDTLS_SSL_CLI_C
7430requires_config_enabled MBEDTLS_DEBUG_C
7431requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7432requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7433requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7434run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
7435 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7436 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
7437 0 \
7438 -c "HTTP/1.0 200 ok" \
7439 -c "Protocol is TLSv1.3" \
7440 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7441 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7442 -c "NamedGroup: ffdhe2048 ( 100 )" \
7443 -c "Verifying peer X.509 certificate... ok" \
7444 -C "received HelloRetryRequest message"
7445
7446requires_openssl_tls1_3
7447requires_openssl_3_x
7448requires_config_enabled MBEDTLS_SSL_CLI_C
7449requires_config_enabled MBEDTLS_DEBUG_C
7450requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7451requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7452run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
7453 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7454 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
7455 0 \
7456 -c "HTTP/1.0 200 ok" \
7457 -c "Protocol is TLSv1.3" \
7458 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7459 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7460 -c "NamedGroup: ffdhe3072 ( 101 )" \
7461 -c "Verifying peer X.509 certificate... ok" \
7462 -C "received HelloRetryRequest message"
7463
7464requires_openssl_tls1_3
7465requires_openssl_3_x
7466requires_config_enabled MBEDTLS_SSL_CLI_C
7467requires_config_enabled MBEDTLS_DEBUG_C
7468requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7469requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7470run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
7471 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7472 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
7473 0 \
7474 -c "HTTP/1.0 200 ok" \
7475 -c "Protocol is TLSv1.3" \
7476 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7477 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7478 -c "NamedGroup: ffdhe3072 ( 101 )" \
7479 -c "Verifying peer X.509 certificate... ok" \
7480 -C "received HelloRetryRequest message"
7481
7482requires_openssl_tls1_3
7483requires_openssl_3_x
7484requires_config_enabled MBEDTLS_SSL_CLI_C
7485requires_config_enabled MBEDTLS_DEBUG_C
7486requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7487requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7488run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
7489 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7490 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
7491 0 \
7492 -c "HTTP/1.0 200 ok" \
7493 -c "Protocol is TLSv1.3" \
7494 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7495 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7496 -c "NamedGroup: ffdhe3072 ( 101 )" \
7497 -c "Verifying peer X.509 certificate... ok" \
7498 -C "received HelloRetryRequest message"
7499
7500requires_openssl_tls1_3
7501requires_openssl_3_x
7502requires_config_enabled MBEDTLS_SSL_CLI_C
7503requires_config_enabled MBEDTLS_DEBUG_C
7504requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7505requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7506requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7507run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
7508 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7509 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
7510 0 \
7511 -c "HTTP/1.0 200 ok" \
7512 -c "Protocol is TLSv1.3" \
7513 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7514 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7515 -c "NamedGroup: ffdhe3072 ( 101 )" \
7516 -c "Verifying peer X.509 certificate... ok" \
7517 -C "received HelloRetryRequest message"
7518
7519requires_openssl_tls1_3
7520requires_openssl_3_x
7521requires_config_enabled MBEDTLS_SSL_CLI_C
7522requires_config_enabled MBEDTLS_DEBUG_C
7523requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7524requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7525run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
7526 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7527 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
7528 0 \
7529 -c "HTTP/1.0 200 ok" \
7530 -c "Protocol is TLSv1.3" \
7531 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7532 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7533 -c "NamedGroup: ffdhe4096 ( 102 )" \
7534 -c "Verifying peer X.509 certificate... ok" \
7535 -C "received HelloRetryRequest message"
7536
7537requires_openssl_tls1_3
7538requires_openssl_3_x
7539requires_config_enabled MBEDTLS_SSL_CLI_C
7540requires_config_enabled MBEDTLS_DEBUG_C
7541requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7542requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7543run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
7544 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7545 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
7546 0 \
7547 -c "HTTP/1.0 200 ok" \
7548 -c "Protocol is TLSv1.3" \
7549 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7550 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7551 -c "NamedGroup: ffdhe4096 ( 102 )" \
7552 -c "Verifying peer X.509 certificate... ok" \
7553 -C "received HelloRetryRequest message"
7554
7555requires_openssl_tls1_3
7556requires_openssl_3_x
7557requires_config_enabled MBEDTLS_SSL_CLI_C
7558requires_config_enabled MBEDTLS_DEBUG_C
7559requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7560requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7561run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
7562 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7563 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
7564 0 \
7565 -c "HTTP/1.0 200 ok" \
7566 -c "Protocol is TLSv1.3" \
7567 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7568 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7569 -c "NamedGroup: ffdhe4096 ( 102 )" \
7570 -c "Verifying peer X.509 certificate... ok" \
7571 -C "received HelloRetryRequest message"
7572
7573requires_openssl_tls1_3
7574requires_openssl_3_x
7575requires_config_enabled MBEDTLS_SSL_CLI_C
7576requires_config_enabled MBEDTLS_DEBUG_C
7577requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7578requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7579requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7580run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
7581 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7582 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
7583 0 \
7584 -c "HTTP/1.0 200 ok" \
7585 -c "Protocol is TLSv1.3" \
7586 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7587 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7588 -c "NamedGroup: ffdhe4096 ( 102 )" \
7589 -c "Verifying peer X.509 certificate... ok" \
7590 -C "received HelloRetryRequest message"
7591
7592requires_openssl_tls1_3
7593requires_openssl_3_x
7594requires_config_enabled MBEDTLS_SSL_CLI_C
7595requires_config_enabled MBEDTLS_DEBUG_C
7596requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7597requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7598run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
7599 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7600 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
7601 0 \
7602 -c "HTTP/1.0 200 ok" \
7603 -c "Protocol is TLSv1.3" \
7604 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7605 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7606 -c "NamedGroup: ffdhe6144 ( 103 )" \
7607 -c "Verifying peer X.509 certificate... ok" \
7608 -C "received HelloRetryRequest message"
7609
7610requires_openssl_tls1_3
7611requires_openssl_3_x
7612requires_config_enabled MBEDTLS_SSL_CLI_C
7613requires_config_enabled MBEDTLS_DEBUG_C
7614requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7615requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7616run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
7617 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7618 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
7619 0 \
7620 -c "HTTP/1.0 200 ok" \
7621 -c "Protocol is TLSv1.3" \
7622 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7623 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7624 -c "NamedGroup: ffdhe6144 ( 103 )" \
7625 -c "Verifying peer X.509 certificate... ok" \
7626 -C "received HelloRetryRequest message"
7627
7628requires_openssl_tls1_3
7629requires_openssl_3_x
7630requires_config_enabled MBEDTLS_SSL_CLI_C
7631requires_config_enabled MBEDTLS_DEBUG_C
7632requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7633requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7634run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
7635 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7636 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
7637 0 \
7638 -c "HTTP/1.0 200 ok" \
7639 -c "Protocol is TLSv1.3" \
7640 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7641 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7642 -c "NamedGroup: ffdhe6144 ( 103 )" \
7643 -c "Verifying peer X.509 certificate... ok" \
7644 -C "received HelloRetryRequest message"
7645
7646requires_openssl_tls1_3
7647requires_openssl_3_x
7648requires_config_enabled MBEDTLS_SSL_CLI_C
7649requires_config_enabled MBEDTLS_DEBUG_C
7650requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7651requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7652requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7653run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
7654 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7655 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
7656 0 \
7657 -c "HTTP/1.0 200 ok" \
7658 -c "Protocol is TLSv1.3" \
7659 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7660 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7661 -c "NamedGroup: ffdhe6144 ( 103 )" \
7662 -c "Verifying peer X.509 certificate... ok" \
7663 -C "received HelloRetryRequest message"
7664
7665requires_openssl_tls1_3
7666requires_openssl_3_x
7667requires_config_enabled MBEDTLS_SSL_CLI_C
7668requires_config_enabled MBEDTLS_DEBUG_C
7669requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7670requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7671run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
7672 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7673 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
7674 0 \
7675 -c "HTTP/1.0 200 ok" \
7676 -c "Protocol is TLSv1.3" \
7677 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7678 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7679 -c "NamedGroup: ffdhe8192 ( 104 )" \
7680 -c "Verifying peer X.509 certificate... ok" \
7681 -C "received HelloRetryRequest message"
7682
7683requires_openssl_tls1_3
7684requires_openssl_3_x
7685requires_config_enabled MBEDTLS_SSL_CLI_C
7686requires_config_enabled MBEDTLS_DEBUG_C
7687requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7688requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7689run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
7690 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7691 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
7692 0 \
7693 -c "HTTP/1.0 200 ok" \
7694 -c "Protocol is TLSv1.3" \
7695 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7696 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7697 -c "NamedGroup: ffdhe8192 ( 104 )" \
7698 -c "Verifying peer X.509 certificate... ok" \
7699 -C "received HelloRetryRequest message"
7700
7701requires_openssl_tls1_3
7702requires_openssl_3_x
7703requires_config_enabled MBEDTLS_SSL_CLI_C
7704requires_config_enabled MBEDTLS_DEBUG_C
7705requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7706requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7707run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
7708 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7709 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
7710 0 \
7711 -c "HTTP/1.0 200 ok" \
7712 -c "Protocol is TLSv1.3" \
7713 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7714 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7715 -c "NamedGroup: ffdhe8192 ( 104 )" \
7716 -c "Verifying peer X.509 certificate... ok" \
7717 -C "received HelloRetryRequest message"
7718
7719requires_openssl_tls1_3
7720requires_openssl_3_x
7721requires_config_enabled MBEDTLS_SSL_CLI_C
7722requires_config_enabled MBEDTLS_DEBUG_C
7723requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7724requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7725requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7726run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
7727 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
7728 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
7729 0 \
7730 -c "HTTP/1.0 200 ok" \
7731 -c "Protocol is TLSv1.3" \
7732 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7733 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7734 -c "NamedGroup: ffdhe8192 ( 104 )" \
7735 -c "Verifying peer X.509 certificate... ok" \
7736 -C "received HelloRetryRequest message"
7737
7738requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7739requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7740requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7741requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7742requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7743run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7744 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7745 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7746 0 \
7747 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7748 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7749 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7750 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7751 -c "NamedGroup: secp256r1 ( 17 )" \
7752 -c "Verifying peer X.509 certificate... ok" \
7753 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7754
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7755requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7756requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7757requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7758requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7759requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7760run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7761 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7762 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7763 0 \
7764 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7765 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7766 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7767 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7768 -c "NamedGroup: secp256r1 ( 17 )" \
7769 -c "Verifying peer X.509 certificate... ok" \
7770 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7771
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7772requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7773requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7774requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7775requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7776requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7777run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7778 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7779 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7780 0 \
7781 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7782 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7783 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7784 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7785 -c "NamedGroup: secp256r1 ( 17 )" \
7786 -c "Verifying peer X.509 certificate... ok" \
7787 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7788
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7789requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7790requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7791requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7792requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7793requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7794requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7795run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7796 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7797 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7798 0 \
7799 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7800 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7801 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7802 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7803 -c "NamedGroup: secp256r1 ( 17 )" \
7804 -c "Verifying peer X.509 certificate... ok" \
7805 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7806
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7807requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7808requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7809requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7810requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7811requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7812run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7813 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7814 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7815 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7816 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7817 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7818 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7819 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7820 -c "NamedGroup: secp384r1 ( 18 )" \
7821 -c "Verifying peer X.509 certificate... ok" \
7822 -C "received HelloRetryRequest message"
7823
7824requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7825requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7826requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7827requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7828requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7829run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7830 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7831 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7832 0 \
7833 -c "HTTP/1.0 200 ok" \
7834 -c "Protocol is TLSv1.3" \
7835 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7836 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7837 -c "NamedGroup: secp384r1 ( 18 )" \
7838 -c "Verifying peer X.509 certificate... ok" \
7839 -C "received HelloRetryRequest message"
7840
7841requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7842requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7843requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7844requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7845requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7846run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7847 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7848 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7849 0 \
7850 -c "HTTP/1.0 200 ok" \
7851 -c "Protocol is TLSv1.3" \
7852 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7853 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7854 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7855 -c "Verifying peer X.509 certificate... ok" \
7856 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7857
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7858requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7859requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7860requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7861requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7862requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7863requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7864run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7865 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7866 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7867 0 \
7868 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7869 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7870 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7871 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7872 -c "NamedGroup: secp384r1 ( 18 )" \
7873 -c "Verifying peer X.509 certificate... ok" \
7874 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7875
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7876requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7877requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7878requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7879requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7880requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7881run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7882 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7883 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7884 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7885 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7886 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7887 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7888 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7889 -c "NamedGroup: secp521r1 ( 19 )" \
7890 -c "Verifying peer X.509 certificate... ok" \
7891 -C "received HelloRetryRequest message"
7892
7893requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7894requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7895requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7897requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7898run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7899 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7900 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7901 0 \
7902 -c "HTTP/1.0 200 ok" \
7903 -c "Protocol is TLSv1.3" \
7904 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7905 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7906 -c "NamedGroup: secp521r1 ( 19 )" \
7907 -c "Verifying peer X.509 certificate... ok" \
7908 -C "received HelloRetryRequest message"
7909
7910requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7911requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7912requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7914requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7915run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7916 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7917 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7918 0 \
7919 -c "HTTP/1.0 200 ok" \
7920 -c "Protocol is TLSv1.3" \
7921 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7922 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7923 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7924 -c "Verifying peer X.509 certificate... ok" \
7925 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7926
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7927requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7928requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7929requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7930requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7931requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7932requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7933run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7934 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7935 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7936 0 \
7937 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7938 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7939 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7940 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7941 -c "NamedGroup: secp521r1 ( 19 )" \
7942 -c "Verifying peer X.509 certificate... ok" \
7943 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7944
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7945requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7946requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7947requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7948requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7949requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7950run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7951 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7952 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7953 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7954 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7955 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7956 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7957 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7958 -c "NamedGroup: x25519 ( 1d )" \
7959 -c "Verifying peer X.509 certificate... ok" \
7960 -C "received HelloRetryRequest message"
7961
7962requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7963requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7964requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7965requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7966requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7967run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7968 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7969 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7970 0 \
7971 -c "HTTP/1.0 200 ok" \
7972 -c "Protocol is TLSv1.3" \
7973 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7974 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7975 -c "NamedGroup: x25519 ( 1d )" \
7976 -c "Verifying peer X.509 certificate... ok" \
7977 -C "received HelloRetryRequest message"
7978
7979requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7980requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7981requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7982requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7983requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7984run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7985 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]7986 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7987 0 \
7988 -c "HTTP/1.0 200 ok" \
7989 -c "Protocol is TLSv1.3" \
7990 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7991 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7992 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7993 -c "Verifying peer X.509 certificate... ok" \
7994 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7995
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7996requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7997requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7998requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7999requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8000requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8001requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8002run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8003 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8004 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8005 0 \
8006 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8007 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8008 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8009 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8010 -c "NamedGroup: x25519 ( 1d )" \
8011 -c "Verifying peer X.509 certificate... ok" \
8012 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8013
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8014requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8015requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8016requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8017requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8018requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8019run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8020 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8021 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8022 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8023 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8024 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8025 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8026 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8027 -c "NamedGroup: x448 ( 1e )" \
8028 -c "Verifying peer X.509 certificate... ok" \
8029 -C "received HelloRetryRequest message"
8030
8031requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8032requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8033requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8034requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8035requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8036run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8037 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8038 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8039 0 \
8040 -c "HTTP/1.0 200 ok" \
8041 -c "Protocol is TLSv1.3" \
8042 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8043 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8044 -c "NamedGroup: x448 ( 1e )" \
8045 -c "Verifying peer X.509 certificate... ok" \
8046 -C "received HelloRetryRequest message"
8047
8048requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8049requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8050requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8051requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8052requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8053run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8054 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8055 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8056 0 \
8057 -c "HTTP/1.0 200 ok" \
8058 -c "Protocol is TLSv1.3" \
8059 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8060 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8061 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8062 -c "Verifying peer X.509 certificate... ok" \
8063 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8064
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8065requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8066requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8067requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8068requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8069requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8070requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8071run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8072 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8073 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8074 0 \
8075 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8076 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8077 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8078 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8079 -c "NamedGroup: x448 ( 1e )" \
8080 -c "Verifying peer X.509 certificate... ok" \
8081 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8082
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8083requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]8084requires_openssl_3_x
8085requires_config_enabled MBEDTLS_SSL_CLI_C
8086requires_config_enabled MBEDTLS_DEBUG_C
8087requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8088requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8089run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
8090 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8091 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
8092 0 \
8093 -c "HTTP/1.0 200 ok" \
8094 -c "Protocol is TLSv1.3" \
8095 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8096 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8097 -c "NamedGroup: ffdhe2048 ( 100 )" \
8098 -c "Verifying peer X.509 certificate... ok" \
8099 -C "received HelloRetryRequest message"
8100
8101requires_openssl_tls1_3
8102requires_openssl_3_x
8103requires_config_enabled MBEDTLS_SSL_CLI_C
8104requires_config_enabled MBEDTLS_DEBUG_C
8105requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8106requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8107run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
8108 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8109 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
8110 0 \
8111 -c "HTTP/1.0 200 ok" \
8112 -c "Protocol is TLSv1.3" \
8113 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8114 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8115 -c "NamedGroup: ffdhe2048 ( 100 )" \
8116 -c "Verifying peer X.509 certificate... ok" \
8117 -C "received HelloRetryRequest message"
8118
8119requires_openssl_tls1_3
8120requires_openssl_3_x
8121requires_config_enabled MBEDTLS_SSL_CLI_C
8122requires_config_enabled MBEDTLS_DEBUG_C
8123requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8124requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8125run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
8126 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8127 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
8128 0 \
8129 -c "HTTP/1.0 200 ok" \
8130 -c "Protocol is TLSv1.3" \
8131 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8132 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8133 -c "NamedGroup: ffdhe2048 ( 100 )" \
8134 -c "Verifying peer X.509 certificate... ok" \
8135 -C "received HelloRetryRequest message"
8136
8137requires_openssl_tls1_3
8138requires_openssl_3_x
8139requires_config_enabled MBEDTLS_SSL_CLI_C
8140requires_config_enabled MBEDTLS_DEBUG_C
8141requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8142requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8143requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8144run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
8145 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8146 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
8147 0 \
8148 -c "HTTP/1.0 200 ok" \
8149 -c "Protocol is TLSv1.3" \
8150 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8151 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8152 -c "NamedGroup: ffdhe2048 ( 100 )" \
8153 -c "Verifying peer X.509 certificate... ok" \
8154 -C "received HelloRetryRequest message"
8155
8156requires_openssl_tls1_3
8157requires_openssl_3_x
8158requires_config_enabled MBEDTLS_SSL_CLI_C
8159requires_config_enabled MBEDTLS_DEBUG_C
8160requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8162run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp256r1_sha256" \
8163 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8164 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
8165 0 \
8166 -c "HTTP/1.0 200 ok" \
8167 -c "Protocol is TLSv1.3" \
8168 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8169 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8170 -c "NamedGroup: ffdhe3072 ( 101 )" \
8171 -c "Verifying peer X.509 certificate... ok" \
8172 -C "received HelloRetryRequest message"
8173
8174requires_openssl_tls1_3
8175requires_openssl_3_x
8176requires_config_enabled MBEDTLS_SSL_CLI_C
8177requires_config_enabled MBEDTLS_DEBUG_C
8178requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8180run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp384r1_sha384" \
8181 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8182 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
8183 0 \
8184 -c "HTTP/1.0 200 ok" \
8185 -c "Protocol is TLSv1.3" \
8186 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8187 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8188 -c "NamedGroup: ffdhe3072 ( 101 )" \
8189 -c "Verifying peer X.509 certificate... ok" \
8190 -C "received HelloRetryRequest message"
8191
8192requires_openssl_tls1_3
8193requires_openssl_3_x
8194requires_config_enabled MBEDTLS_SSL_CLI_C
8195requires_config_enabled MBEDTLS_DEBUG_C
8196requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8197requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8198run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp521r1_sha512" \
8199 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8200 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
8201 0 \
8202 -c "HTTP/1.0 200 ok" \
8203 -c "Protocol is TLSv1.3" \
8204 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8205 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8206 -c "NamedGroup: ffdhe3072 ( 101 )" \
8207 -c "Verifying peer X.509 certificate... ok" \
8208 -C "received HelloRetryRequest message"
8209
8210requires_openssl_tls1_3
8211requires_openssl_3_x
8212requires_config_enabled MBEDTLS_SSL_CLI_C
8213requires_config_enabled MBEDTLS_DEBUG_C
8214requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8215requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8216requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8217run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe3072,rsa_pss_rsae_sha256" \
8218 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8219 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
8220 0 \
8221 -c "HTTP/1.0 200 ok" \
8222 -c "Protocol is TLSv1.3" \
8223 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8224 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8225 -c "NamedGroup: ffdhe3072 ( 101 )" \
8226 -c "Verifying peer X.509 certificate... ok" \
8227 -C "received HelloRetryRequest message"
8228
8229requires_openssl_tls1_3
8230requires_openssl_3_x
8231requires_config_enabled MBEDTLS_SSL_CLI_C
8232requires_config_enabled MBEDTLS_DEBUG_C
8233requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8234requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8235run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp256r1_sha256" \
8236 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8237 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
8238 0 \
8239 -c "HTTP/1.0 200 ok" \
8240 -c "Protocol is TLSv1.3" \
8241 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8242 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8243 -c "NamedGroup: ffdhe4096 ( 102 )" \
8244 -c "Verifying peer X.509 certificate... ok" \
8245 -C "received HelloRetryRequest message"
8246
8247requires_openssl_tls1_3
8248requires_openssl_3_x
8249requires_config_enabled MBEDTLS_SSL_CLI_C
8250requires_config_enabled MBEDTLS_DEBUG_C
8251requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8252requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8253run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp384r1_sha384" \
8254 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8255 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
8256 0 \
8257 -c "HTTP/1.0 200 ok" \
8258 -c "Protocol is TLSv1.3" \
8259 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8260 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8261 -c "NamedGroup: ffdhe4096 ( 102 )" \
8262 -c "Verifying peer X.509 certificate... ok" \
8263 -C "received HelloRetryRequest message"
8264
8265requires_openssl_tls1_3
8266requires_openssl_3_x
8267requires_config_enabled MBEDTLS_SSL_CLI_C
8268requires_config_enabled MBEDTLS_DEBUG_C
8269requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8270requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8271run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp521r1_sha512" \
8272 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8273 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
8274 0 \
8275 -c "HTTP/1.0 200 ok" \
8276 -c "Protocol is TLSv1.3" \
8277 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8278 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8279 -c "NamedGroup: ffdhe4096 ( 102 )" \
8280 -c "Verifying peer X.509 certificate... ok" \
8281 -C "received HelloRetryRequest message"
8282
8283requires_openssl_tls1_3
8284requires_openssl_3_x
8285requires_config_enabled MBEDTLS_SSL_CLI_C
8286requires_config_enabled MBEDTLS_DEBUG_C
8287requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8288requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8289requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8290run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe4096,rsa_pss_rsae_sha256" \
8291 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8292 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
8293 0 \
8294 -c "HTTP/1.0 200 ok" \
8295 -c "Protocol is TLSv1.3" \
8296 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8297 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8298 -c "NamedGroup: ffdhe4096 ( 102 )" \
8299 -c "Verifying peer X.509 certificate... ok" \
8300 -C "received HelloRetryRequest message"
8301
8302requires_openssl_tls1_3
8303requires_openssl_3_x
8304requires_config_enabled MBEDTLS_SSL_CLI_C
8305requires_config_enabled MBEDTLS_DEBUG_C
8306requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8307requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8308run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp256r1_sha256" \
8309 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8310 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
8311 0 \
8312 -c "HTTP/1.0 200 ok" \
8313 -c "Protocol is TLSv1.3" \
8314 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8315 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8316 -c "NamedGroup: ffdhe6144 ( 103 )" \
8317 -c "Verifying peer X.509 certificate... ok" \
8318 -C "received HelloRetryRequest message"
8319
8320requires_openssl_tls1_3
8321requires_openssl_3_x
8322requires_config_enabled MBEDTLS_SSL_CLI_C
8323requires_config_enabled MBEDTLS_DEBUG_C
8324requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8326run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp384r1_sha384" \
8327 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8328 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
8329 0 \
8330 -c "HTTP/1.0 200 ok" \
8331 -c "Protocol is TLSv1.3" \
8332 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8333 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8334 -c "NamedGroup: ffdhe6144 ( 103 )" \
8335 -c "Verifying peer X.509 certificate... ok" \
8336 -C "received HelloRetryRequest message"
8337
8338requires_openssl_tls1_3
8339requires_openssl_3_x
8340requires_config_enabled MBEDTLS_SSL_CLI_C
8341requires_config_enabled MBEDTLS_DEBUG_C
8342requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8343requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8344run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp521r1_sha512" \
8345 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8346 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
8347 0 \
8348 -c "HTTP/1.0 200 ok" \
8349 -c "Protocol is TLSv1.3" \
8350 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8351 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8352 -c "NamedGroup: ffdhe6144 ( 103 )" \
8353 -c "Verifying peer X.509 certificate... ok" \
8354 -C "received HelloRetryRequest message"
8355
8356requires_openssl_tls1_3
8357requires_openssl_3_x
8358requires_config_enabled MBEDTLS_SSL_CLI_C
8359requires_config_enabled MBEDTLS_DEBUG_C
8360requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8361requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8362requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8363run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe6144,rsa_pss_rsae_sha256" \
8364 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8365 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
8366 0 \
8367 -c "HTTP/1.0 200 ok" \
8368 -c "Protocol is TLSv1.3" \
8369 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8370 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8371 -c "NamedGroup: ffdhe6144 ( 103 )" \
8372 -c "Verifying peer X.509 certificate... ok" \
8373 -C "received HelloRetryRequest message"
8374
8375requires_openssl_tls1_3
8376requires_openssl_3_x
8377requires_config_enabled MBEDTLS_SSL_CLI_C
8378requires_config_enabled MBEDTLS_DEBUG_C
8379requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8380requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8381run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
8382 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8383 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
8384 0 \
8385 -c "HTTP/1.0 200 ok" \
8386 -c "Protocol is TLSv1.3" \
8387 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8388 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8389 -c "NamedGroup: ffdhe8192 ( 104 )" \
8390 -c "Verifying peer X.509 certificate... ok" \
8391 -C "received HelloRetryRequest message"
8392
8393requires_openssl_tls1_3
8394requires_openssl_3_x
8395requires_config_enabled MBEDTLS_SSL_CLI_C
8396requires_config_enabled MBEDTLS_DEBUG_C
8397requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8398requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8399run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
8400 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8401 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
8402 0 \
8403 -c "HTTP/1.0 200 ok" \
8404 -c "Protocol is TLSv1.3" \
8405 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8406 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8407 -c "NamedGroup: ffdhe8192 ( 104 )" \
8408 -c "Verifying peer X.509 certificate... ok" \
8409 -C "received HelloRetryRequest message"
8410
8411requires_openssl_tls1_3
8412requires_openssl_3_x
8413requires_config_enabled MBEDTLS_SSL_CLI_C
8414requires_config_enabled MBEDTLS_DEBUG_C
8415requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8416requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8417run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
8418 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8419 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
8420 0 \
8421 -c "HTTP/1.0 200 ok" \
8422 -c "Protocol is TLSv1.3" \
8423 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8424 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8425 -c "NamedGroup: ffdhe8192 ( 104 )" \
8426 -c "Verifying peer X.509 certificate... ok" \
8427 -C "received HelloRetryRequest message"
8428
8429requires_openssl_tls1_3
8430requires_openssl_3_x
8431requires_config_enabled MBEDTLS_SSL_CLI_C
8432requires_config_enabled MBEDTLS_DEBUG_C
8433requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8434requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8435requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8436run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
8437 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8438 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
8439 0 \
8440 -c "HTTP/1.0 200 ok" \
8441 -c "Protocol is TLSv1.3" \
8442 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8443 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8444 -c "NamedGroup: ffdhe8192 ( 104 )" \
8445 -c "Verifying peer X.509 certificate... ok" \
8446 -C "received HelloRetryRequest message"
8447
8448requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8449requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8450requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8451requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8452requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8453run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8454 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8455 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8456 0 \
8457 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8458 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8459 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8460 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8461 -c "NamedGroup: secp256r1 ( 17 )" \
8462 -c "Verifying peer X.509 certificate... ok" \
8463 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8464
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8465requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8466requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8467requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8468requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8469requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8470run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8471 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8472 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8473 0 \
8474 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8475 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8476 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8477 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8478 -c "NamedGroup: secp256r1 ( 17 )" \
8479 -c "Verifying peer X.509 certificate... ok" \
8480 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8481
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8482requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8483requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8484requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8485requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8486requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8487run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8488 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8489 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8490 0 \
8491 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8492 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8493 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8494 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8495 -c "NamedGroup: secp256r1 ( 17 )" \
8496 -c "Verifying peer X.509 certificate... ok" \
8497 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8498
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8499requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8500requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8501requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8502requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8503requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8504requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8505run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8506 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8507 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8508 0 \
8509 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8510 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8511 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8512 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8513 -c "NamedGroup: secp256r1 ( 17 )" \
8514 -c "Verifying peer X.509 certificate... ok" \
8515 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8516
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8517requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8518requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8519requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8520requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8521requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8522run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8523 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8524 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8525 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8526 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8527 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8528 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8529 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8530 -c "NamedGroup: secp384r1 ( 18 )" \
8531 -c "Verifying peer X.509 certificate... ok" \
8532 -C "received HelloRetryRequest message"
8533
8534requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8535requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8536requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8537requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8538requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8539run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8540 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8541 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8542 0 \
8543 -c "HTTP/1.0 200 ok" \
8544 -c "Protocol is TLSv1.3" \
8545 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8546 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8547 -c "NamedGroup: secp384r1 ( 18 )" \
8548 -c "Verifying peer X.509 certificate... ok" \
8549 -C "received HelloRetryRequest message"
8550
8551requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8552requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8553requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8554requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8555requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8556run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8557 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8558 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8559 0 \
8560 -c "HTTP/1.0 200 ok" \
8561 -c "Protocol is TLSv1.3" \
8562 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8563 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8564 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8565 -c "Verifying peer X.509 certificate... ok" \
8566 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8567
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8568requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8569requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8570requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8571requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8572requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8573requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8574run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8575 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8576 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8577 0 \
8578 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8579 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8580 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8581 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8582 -c "NamedGroup: secp384r1 ( 18 )" \
8583 -c "Verifying peer X.509 certificate... ok" \
8584 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8585
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8586requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8587requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8588requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8589requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8590requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8591run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8592 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8593 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8594 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8595 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8596 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8597 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8598 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8599 -c "NamedGroup: secp521r1 ( 19 )" \
8600 -c "Verifying peer X.509 certificate... ok" \
8601 -C "received HelloRetryRequest message"
8602
8603requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8604requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8605requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8606requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8607requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8608run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8609 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8610 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8611 0 \
8612 -c "HTTP/1.0 200 ok" \
8613 -c "Protocol is TLSv1.3" \
8614 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8615 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8616 -c "NamedGroup: secp521r1 ( 19 )" \
8617 -c "Verifying peer X.509 certificate... ok" \
8618 -C "received HelloRetryRequest message"
8619
8620requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8621requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8622requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8624requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8625run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8626 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8627 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8628 0 \
8629 -c "HTTP/1.0 200 ok" \
8630 -c "Protocol is TLSv1.3" \
8631 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8632 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8633 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8634 -c "Verifying peer X.509 certificate... ok" \
8635 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8636
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8637requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8638requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8639requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8640requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8641requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8642requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8643run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8644 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8645 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8646 0 \
8647 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8648 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8649 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8650 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8651 -c "NamedGroup: secp521r1 ( 19 )" \
8652 -c "Verifying peer X.509 certificate... ok" \
8653 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8654
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8655requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8656requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8657requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8658requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8659requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8660run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8661 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8662 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8663 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8664 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8665 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8666 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8667 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8668 -c "NamedGroup: x25519 ( 1d )" \
8669 -c "Verifying peer X.509 certificate... ok" \
8670 -C "received HelloRetryRequest message"
8671
8672requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8673requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8674requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8675requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8676requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8677run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8678 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8679 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8680 0 \
8681 -c "HTTP/1.0 200 ok" \
8682 -c "Protocol is TLSv1.3" \
8683 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8684 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8685 -c "NamedGroup: x25519 ( 1d )" \
8686 -c "Verifying peer X.509 certificate... ok" \
8687 -C "received HelloRetryRequest message"
8688
8689requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8690requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8691requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8692requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8693requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8694run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8695 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8696 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8697 0 \
8698 -c "HTTP/1.0 200 ok" \
8699 -c "Protocol is TLSv1.3" \
8700 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8701 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8702 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8703 -c "Verifying peer X.509 certificate... ok" \
8704 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8705
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8706requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8707requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8708requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8709requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8710requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8711requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8712run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8713 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8714 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8715 0 \
8716 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8717 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8718 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8719 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8720 -c "NamedGroup: x25519 ( 1d )" \
8721 -c "Verifying peer X.509 certificate... ok" \
8722 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8723
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8724requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8725requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8726requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8727requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8728requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8729run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8730 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8731 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8732 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8733 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8734 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8735 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8736 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8737 -c "NamedGroup: x448 ( 1e )" \
8738 -c "Verifying peer X.509 certificate... ok" \
8739 -C "received HelloRetryRequest message"
8740
8741requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8742requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8743requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8744requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8745requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8746run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8747 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8748 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8749 0 \
8750 -c "HTTP/1.0 200 ok" \
8751 -c "Protocol is TLSv1.3" \
8752 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8753 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8754 -c "NamedGroup: x448 ( 1e )" \
8755 -c "Verifying peer X.509 certificate... ok" \
8756 -C "received HelloRetryRequest message"
8757
8758requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8759requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8760requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8761requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8762requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8763run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8764 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8765 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8766 0 \
8767 -c "HTTP/1.0 200 ok" \
8768 -c "Protocol is TLSv1.3" \
8769 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8770 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8771 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8772 -c "Verifying peer X.509 certificate... ok" \
8773 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8774
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8775requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8776requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8777requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8778requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8779requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8780requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8781run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8782 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]8783 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8784 0 \
8785 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8786 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8787 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8788 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8789 -c "NamedGroup: x448 ( 1e )" \
8790 -c "Verifying peer X.509 certificate... ok" \
8791 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8792
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8793requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]8794requires_openssl_3_x
8795requires_config_enabled MBEDTLS_SSL_CLI_C
8796requires_config_enabled MBEDTLS_DEBUG_C
8797requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8798requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8799run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
8800 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8801 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
8802 0 \
8803 -c "HTTP/1.0 200 ok" \
8804 -c "Protocol is TLSv1.3" \
8805 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8806 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8807 -c "NamedGroup: ffdhe2048 ( 100 )" \
8808 -c "Verifying peer X.509 certificate... ok" \
8809 -C "received HelloRetryRequest message"
8810
8811requires_openssl_tls1_3
8812requires_openssl_3_x
8813requires_config_enabled MBEDTLS_SSL_CLI_C
8814requires_config_enabled MBEDTLS_DEBUG_C
8815requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8816requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8817run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
8818 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8819 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
8820 0 \
8821 -c "HTTP/1.0 200 ok" \
8822 -c "Protocol is TLSv1.3" \
8823 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8824 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8825 -c "NamedGroup: ffdhe2048 ( 100 )" \
8826 -c "Verifying peer X.509 certificate... ok" \
8827 -C "received HelloRetryRequest message"
8828
8829requires_openssl_tls1_3
8830requires_openssl_3_x
8831requires_config_enabled MBEDTLS_SSL_CLI_C
8832requires_config_enabled MBEDTLS_DEBUG_C
8833requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8834requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8835run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
8836 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8837 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
8838 0 \
8839 -c "HTTP/1.0 200 ok" \
8840 -c "Protocol is TLSv1.3" \
8841 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8842 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8843 -c "NamedGroup: ffdhe2048 ( 100 )" \
8844 -c "Verifying peer X.509 certificate... ok" \
8845 -C "received HelloRetryRequest message"
8846
8847requires_openssl_tls1_3
8848requires_openssl_3_x
8849requires_config_enabled MBEDTLS_SSL_CLI_C
8850requires_config_enabled MBEDTLS_DEBUG_C
8851requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8852requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8853requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8854run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
8855 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8856 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
8857 0 \
8858 -c "HTTP/1.0 200 ok" \
8859 -c "Protocol is TLSv1.3" \
8860 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8861 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8862 -c "NamedGroup: ffdhe2048 ( 100 )" \
8863 -c "Verifying peer X.509 certificate... ok" \
8864 -C "received HelloRetryRequest message"
8865
8866requires_openssl_tls1_3
8867requires_openssl_3_x
8868requires_config_enabled MBEDTLS_SSL_CLI_C
8869requires_config_enabled MBEDTLS_DEBUG_C
8870requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8871requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8872run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
8873 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8874 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
8875 0 \
8876 -c "HTTP/1.0 200 ok" \
8877 -c "Protocol is TLSv1.3" \
8878 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8879 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8880 -c "NamedGroup: ffdhe3072 ( 101 )" \
8881 -c "Verifying peer X.509 certificate... ok" \
8882 -C "received HelloRetryRequest message"
8883
8884requires_openssl_tls1_3
8885requires_openssl_3_x
8886requires_config_enabled MBEDTLS_SSL_CLI_C
8887requires_config_enabled MBEDTLS_DEBUG_C
8888requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8889requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8890run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
8891 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8892 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
8893 0 \
8894 -c "HTTP/1.0 200 ok" \
8895 -c "Protocol is TLSv1.3" \
8896 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8897 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8898 -c "NamedGroup: ffdhe3072 ( 101 )" \
8899 -c "Verifying peer X.509 certificate... ok" \
8900 -C "received HelloRetryRequest message"
8901
8902requires_openssl_tls1_3
8903requires_openssl_3_x
8904requires_config_enabled MBEDTLS_SSL_CLI_C
8905requires_config_enabled MBEDTLS_DEBUG_C
8906requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8907requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8908run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
8909 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8910 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
8911 0 \
8912 -c "HTTP/1.0 200 ok" \
8913 -c "Protocol is TLSv1.3" \
8914 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8915 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8916 -c "NamedGroup: ffdhe3072 ( 101 )" \
8917 -c "Verifying peer X.509 certificate... ok" \
8918 -C "received HelloRetryRequest message"
8919
8920requires_openssl_tls1_3
8921requires_openssl_3_x
8922requires_config_enabled MBEDTLS_SSL_CLI_C
8923requires_config_enabled MBEDTLS_DEBUG_C
8924requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8925requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8926requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8927run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
8928 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8929 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
8930 0 \
8931 -c "HTTP/1.0 200 ok" \
8932 -c "Protocol is TLSv1.3" \
8933 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8934 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8935 -c "NamedGroup: ffdhe3072 ( 101 )" \
8936 -c "Verifying peer X.509 certificate... ok" \
8937 -C "received HelloRetryRequest message"
8938
8939requires_openssl_tls1_3
8940requires_openssl_3_x
8941requires_config_enabled MBEDTLS_SSL_CLI_C
8942requires_config_enabled MBEDTLS_DEBUG_C
8943requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8944requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8945run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
8946 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8947 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
8948 0 \
8949 -c "HTTP/1.0 200 ok" \
8950 -c "Protocol is TLSv1.3" \
8951 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8952 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8953 -c "NamedGroup: ffdhe4096 ( 102 )" \
8954 -c "Verifying peer X.509 certificate... ok" \
8955 -C "received HelloRetryRequest message"
8956
8957requires_openssl_tls1_3
8958requires_openssl_3_x
8959requires_config_enabled MBEDTLS_SSL_CLI_C
8960requires_config_enabled MBEDTLS_DEBUG_C
8961requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8962requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8963run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
8964 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8965 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
8966 0 \
8967 -c "HTTP/1.0 200 ok" \
8968 -c "Protocol is TLSv1.3" \
8969 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8970 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8971 -c "NamedGroup: ffdhe4096 ( 102 )" \
8972 -c "Verifying peer X.509 certificate... ok" \
8973 -C "received HelloRetryRequest message"
8974
8975requires_openssl_tls1_3
8976requires_openssl_3_x
8977requires_config_enabled MBEDTLS_SSL_CLI_C
8978requires_config_enabled MBEDTLS_DEBUG_C
8979requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8980requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8981run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
8982 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
8983 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
8984 0 \
8985 -c "HTTP/1.0 200 ok" \
8986 -c "Protocol is TLSv1.3" \
8987 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8988 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8989 -c "NamedGroup: ffdhe4096 ( 102 )" \
8990 -c "Verifying peer X.509 certificate... ok" \
8991 -C "received HelloRetryRequest message"
8992
8993requires_openssl_tls1_3
8994requires_openssl_3_x
8995requires_config_enabled MBEDTLS_SSL_CLI_C
8996requires_config_enabled MBEDTLS_DEBUG_C
8997requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8998requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8999requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9000run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
9001 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9002 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
9003 0 \
9004 -c "HTTP/1.0 200 ok" \
9005 -c "Protocol is TLSv1.3" \
9006 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9007 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9008 -c "NamedGroup: ffdhe4096 ( 102 )" \
9009 -c "Verifying peer X.509 certificate... ok" \
9010 -C "received HelloRetryRequest message"
9011
9012requires_openssl_tls1_3
9013requires_openssl_3_x
9014requires_config_enabled MBEDTLS_SSL_CLI_C
9015requires_config_enabled MBEDTLS_DEBUG_C
9016requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9017requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9018run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
9019 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9020 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
9021 0 \
9022 -c "HTTP/1.0 200 ok" \
9023 -c "Protocol is TLSv1.3" \
9024 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9025 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9026 -c "NamedGroup: ffdhe6144 ( 103 )" \
9027 -c "Verifying peer X.509 certificate... ok" \
9028 -C "received HelloRetryRequest message"
9029
9030requires_openssl_tls1_3
9031requires_openssl_3_x
9032requires_config_enabled MBEDTLS_SSL_CLI_C
9033requires_config_enabled MBEDTLS_DEBUG_C
9034requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9035requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9036run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
9037 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9038 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
9039 0 \
9040 -c "HTTP/1.0 200 ok" \
9041 -c "Protocol is TLSv1.3" \
9042 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9043 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9044 -c "NamedGroup: ffdhe6144 ( 103 )" \
9045 -c "Verifying peer X.509 certificate... ok" \
9046 -C "received HelloRetryRequest message"
9047
9048requires_openssl_tls1_3
9049requires_openssl_3_x
9050requires_config_enabled MBEDTLS_SSL_CLI_C
9051requires_config_enabled MBEDTLS_DEBUG_C
9052requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9053requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9054run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
9055 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9056 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
9057 0 \
9058 -c "HTTP/1.0 200 ok" \
9059 -c "Protocol is TLSv1.3" \
9060 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9061 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9062 -c "NamedGroup: ffdhe6144 ( 103 )" \
9063 -c "Verifying peer X.509 certificate... ok" \
9064 -C "received HelloRetryRequest message"
9065
9066requires_openssl_tls1_3
9067requires_openssl_3_x
9068requires_config_enabled MBEDTLS_SSL_CLI_C
9069requires_config_enabled MBEDTLS_DEBUG_C
9070requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9071requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9072requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9073run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
9074 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9075 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
9076 0 \
9077 -c "HTTP/1.0 200 ok" \
9078 -c "Protocol is TLSv1.3" \
9079 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9080 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9081 -c "NamedGroup: ffdhe6144 ( 103 )" \
9082 -c "Verifying peer X.509 certificate... ok" \
9083 -C "received HelloRetryRequest message"
9084
9085requires_openssl_tls1_3
9086requires_openssl_3_x
9087requires_config_enabled MBEDTLS_SSL_CLI_C
9088requires_config_enabled MBEDTLS_DEBUG_C
9089requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9090requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9091run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
9092 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9093 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
9094 0 \
9095 -c "HTTP/1.0 200 ok" \
9096 -c "Protocol is TLSv1.3" \
9097 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9098 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9099 -c "NamedGroup: ffdhe8192 ( 104 )" \
9100 -c "Verifying peer X.509 certificate... ok" \
9101 -C "received HelloRetryRequest message"
9102
9103requires_openssl_tls1_3
9104requires_openssl_3_x
9105requires_config_enabled MBEDTLS_SSL_CLI_C
9106requires_config_enabled MBEDTLS_DEBUG_C
9107requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9108requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9109run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
9110 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9111 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
9112 0 \
9113 -c "HTTP/1.0 200 ok" \
9114 -c "Protocol is TLSv1.3" \
9115 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9116 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9117 -c "NamedGroup: ffdhe8192 ( 104 )" \
9118 -c "Verifying peer X.509 certificate... ok" \
9119 -C "received HelloRetryRequest message"
9120
9121requires_openssl_tls1_3
9122requires_openssl_3_x
9123requires_config_enabled MBEDTLS_SSL_CLI_C
9124requires_config_enabled MBEDTLS_DEBUG_C
9125requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9126requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9127run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
9128 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9129 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
9130 0 \
9131 -c "HTTP/1.0 200 ok" \
9132 -c "Protocol is TLSv1.3" \
9133 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9134 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9135 -c "NamedGroup: ffdhe8192 ( 104 )" \
9136 -c "Verifying peer X.509 certificate... ok" \
9137 -C "received HelloRetryRequest message"
9138
9139requires_openssl_tls1_3
9140requires_openssl_3_x
9141requires_config_enabled MBEDTLS_SSL_CLI_C
9142requires_config_enabled MBEDTLS_DEBUG_C
9143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9144requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9145requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9146run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
9147 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9148 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
9149 0 \
9150 -c "HTTP/1.0 200 ok" \
9151 -c "Protocol is TLSv1.3" \
9152 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9153 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9154 -c "NamedGroup: ffdhe8192 ( 104 )" \
9155 -c "Verifying peer X.509 certificate... ok" \
9156 -C "received HelloRetryRequest message"
9157
9158requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9159requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9160requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9161requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9162requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9163run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9164 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9165 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9166 0 \
9167 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9168 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9169 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9170 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9171 -c "NamedGroup: secp256r1 ( 17 )" \
9172 -c "Verifying peer X.509 certificate... ok" \
9173 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9174
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9175requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9176requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9177requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9178requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9180run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9181 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9182 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9183 0 \
9184 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9185 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9186 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9187 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9188 -c "NamedGroup: secp256r1 ( 17 )" \
9189 -c "Verifying peer X.509 certificate... ok" \
9190 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9191
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9192requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9193requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9194requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9195requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9196requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9197run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9198 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9199 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9200 0 \
9201 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9202 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9203 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9204 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9205 -c "NamedGroup: secp256r1 ( 17 )" \
9206 -c "Verifying peer X.509 certificate... ok" \
9207 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9208
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9209requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9210requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9211requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9212requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9213requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9214requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9215run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9216 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9217 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9218 0 \
9219 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9220 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9221 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9222 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9223 -c "NamedGroup: secp256r1 ( 17 )" \
9224 -c "Verifying peer X.509 certificate... ok" \
9225 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9226
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9227requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9228requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9229requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9230requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9231requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9232run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9233 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9234 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9235 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9236 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9237 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9238 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9239 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9240 -c "NamedGroup: secp384r1 ( 18 )" \
9241 -c "Verifying peer X.509 certificate... ok" \
9242 -C "received HelloRetryRequest message"
9243
9244requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9245requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9246requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9247requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9248requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9249run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9250 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9251 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9252 0 \
9253 -c "HTTP/1.0 200 ok" \
9254 -c "Protocol is TLSv1.3" \
9255 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9256 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9257 -c "NamedGroup: secp384r1 ( 18 )" \
9258 -c "Verifying peer X.509 certificate... ok" \
9259 -C "received HelloRetryRequest message"
9260
9261requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9262requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9263requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9264requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9265requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9266run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9267 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9268 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9269 0 \
9270 -c "HTTP/1.0 200 ok" \
9271 -c "Protocol is TLSv1.3" \
9272 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9273 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9274 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9275 -c "Verifying peer X.509 certificate... ok" \
9276 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9277
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9278requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9279requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9280requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9281requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9282requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9283requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9284run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9285 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9286 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9287 0 \
9288 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9289 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9290 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9291 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9292 -c "NamedGroup: secp384r1 ( 18 )" \
9293 -c "Verifying peer X.509 certificate... ok" \
9294 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9295
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9296requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9297requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9298requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9299requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9300requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9301run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9302 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9303 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9304 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9305 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9306 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9307 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9308 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9309 -c "NamedGroup: secp521r1 ( 19 )" \
9310 -c "Verifying peer X.509 certificate... ok" \
9311 -C "received HelloRetryRequest message"
9312
9313requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9314requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9315requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9316requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9317requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9318run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9319 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9320 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9321 0 \
9322 -c "HTTP/1.0 200 ok" \
9323 -c "Protocol is TLSv1.3" \
9324 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9325 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9326 -c "NamedGroup: secp521r1 ( 19 )" \
9327 -c "Verifying peer X.509 certificate... ok" \
9328 -C "received HelloRetryRequest message"
9329
9330requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9331requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9332requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9333requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9334requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9335run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9336 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9337 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9338 0 \
9339 -c "HTTP/1.0 200 ok" \
9340 -c "Protocol is TLSv1.3" \
9341 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9342 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9343 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9344 -c "Verifying peer X.509 certificate... ok" \
9345 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9346
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9347requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9348requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9349requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9350requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9351requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9352requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9353run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9354 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9355 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9356 0 \
9357 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9358 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9359 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9360 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9361 -c "NamedGroup: secp521r1 ( 19 )" \
9362 -c "Verifying peer X.509 certificate... ok" \
9363 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9364
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9365requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9366requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9367requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9368requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9369requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9370run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9371 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9372 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9373 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9374 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9375 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9376 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9377 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9378 -c "NamedGroup: x25519 ( 1d )" \
9379 -c "Verifying peer X.509 certificate... ok" \
9380 -C "received HelloRetryRequest message"
9381
9382requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9383requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9384requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9385requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9386requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9387run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9388 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9389 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9390 0 \
9391 -c "HTTP/1.0 200 ok" \
9392 -c "Protocol is TLSv1.3" \
9393 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9394 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9395 -c "NamedGroup: x25519 ( 1d )" \
9396 -c "Verifying peer X.509 certificate... ok" \
9397 -C "received HelloRetryRequest message"
9398
9399requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9400requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9401requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9402requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9403requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9404run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9405 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9406 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9407 0 \
9408 -c "HTTP/1.0 200 ok" \
9409 -c "Protocol is TLSv1.3" \
9410 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9411 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9412 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9413 -c "Verifying peer X.509 certificate... ok" \
9414 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9415
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9416requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9417requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9418requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9419requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9420requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9421requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9422run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9423 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9424 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9425 0 \
9426 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9427 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9428 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9429 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9430 -c "NamedGroup: x25519 ( 1d )" \
9431 -c "Verifying peer X.509 certificate... ok" \
9432 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9433
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9434requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9435requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9436requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9437requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9438requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9439run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9440 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9441 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9442 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9443 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9444 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9445 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9446 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9447 -c "NamedGroup: x448 ( 1e )" \
9448 -c "Verifying peer X.509 certificate... ok" \
9449 -C "received HelloRetryRequest message"
9450
9451requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9452requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9453requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9454requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9455requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9456run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9457 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9458 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9459 0 \
9460 -c "HTTP/1.0 200 ok" \
9461 -c "Protocol is TLSv1.3" \
9462 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9463 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9464 -c "NamedGroup: x448 ( 1e )" \
9465 -c "Verifying peer X.509 certificate... ok" \
9466 -C "received HelloRetryRequest message"
9467
9468requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9469requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9470requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9471requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9472requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9473run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9474 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9475 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9476 0 \
9477 -c "HTTP/1.0 200 ok" \
9478 -c "Protocol is TLSv1.3" \
9479 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9480 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9481 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9482 -c "Verifying peer X.509 certificate... ok" \
9483 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9484
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9485requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9486requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9487requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9488requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9489requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9490requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9491run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9492 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9493 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9494 0 \
9495 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9496 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9497 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9498 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9499 -c "NamedGroup: x448 ( 1e )" \
9500 -c "Verifying peer X.509 certificate... ok" \
9501 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9502
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9503requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]9504requires_openssl_3_x
9505requires_config_enabled MBEDTLS_SSL_CLI_C
9506requires_config_enabled MBEDTLS_DEBUG_C
9507requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9508requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9509run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
9510 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9511 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
9512 0 \
9513 -c "HTTP/1.0 200 ok" \
9514 -c "Protocol is TLSv1.3" \
9515 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9516 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9517 -c "NamedGroup: ffdhe2048 ( 100 )" \
9518 -c "Verifying peer X.509 certificate... ok" \
9519 -C "received HelloRetryRequest message"
9520
9521requires_openssl_tls1_3
9522requires_openssl_3_x
9523requires_config_enabled MBEDTLS_SSL_CLI_C
9524requires_config_enabled MBEDTLS_DEBUG_C
9525requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9526requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9527run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
9528 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9529 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
9530 0 \
9531 -c "HTTP/1.0 200 ok" \
9532 -c "Protocol is TLSv1.3" \
9533 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9534 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9535 -c "NamedGroup: ffdhe2048 ( 100 )" \
9536 -c "Verifying peer X.509 certificate... ok" \
9537 -C "received HelloRetryRequest message"
9538
9539requires_openssl_tls1_3
9540requires_openssl_3_x
9541requires_config_enabled MBEDTLS_SSL_CLI_C
9542requires_config_enabled MBEDTLS_DEBUG_C
9543requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9544requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9545run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
9546 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9547 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
9548 0 \
9549 -c "HTTP/1.0 200 ok" \
9550 -c "Protocol is TLSv1.3" \
9551 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9552 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9553 -c "NamedGroup: ffdhe2048 ( 100 )" \
9554 -c "Verifying peer X.509 certificate... ok" \
9555 -C "received HelloRetryRequest message"
9556
9557requires_openssl_tls1_3
9558requires_openssl_3_x
9559requires_config_enabled MBEDTLS_SSL_CLI_C
9560requires_config_enabled MBEDTLS_DEBUG_C
9561requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9562requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9563requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9564run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
9565 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9566 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
9567 0 \
9568 -c "HTTP/1.0 200 ok" \
9569 -c "Protocol is TLSv1.3" \
9570 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9571 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9572 -c "NamedGroup: ffdhe2048 ( 100 )" \
9573 -c "Verifying peer X.509 certificate... ok" \
9574 -C "received HelloRetryRequest message"
9575
9576requires_openssl_tls1_3
9577requires_openssl_3_x
9578requires_config_enabled MBEDTLS_SSL_CLI_C
9579requires_config_enabled MBEDTLS_DEBUG_C
9580requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9581requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9582run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
9583 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9584 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
9585 0 \
9586 -c "HTTP/1.0 200 ok" \
9587 -c "Protocol is TLSv1.3" \
9588 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9589 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9590 -c "NamedGroup: ffdhe3072 ( 101 )" \
9591 -c "Verifying peer X.509 certificate... ok" \
9592 -C "received HelloRetryRequest message"
9593
9594requires_openssl_tls1_3
9595requires_openssl_3_x
9596requires_config_enabled MBEDTLS_SSL_CLI_C
9597requires_config_enabled MBEDTLS_DEBUG_C
9598requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9599requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9600run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
9601 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9602 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
9603 0 \
9604 -c "HTTP/1.0 200 ok" \
9605 -c "Protocol is TLSv1.3" \
9606 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9607 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9608 -c "NamedGroup: ffdhe3072 ( 101 )" \
9609 -c "Verifying peer X.509 certificate... ok" \
9610 -C "received HelloRetryRequest message"
9611
9612requires_openssl_tls1_3
9613requires_openssl_3_x
9614requires_config_enabled MBEDTLS_SSL_CLI_C
9615requires_config_enabled MBEDTLS_DEBUG_C
9616requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9617requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9618run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
9619 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9620 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
9621 0 \
9622 -c "HTTP/1.0 200 ok" \
9623 -c "Protocol is TLSv1.3" \
9624 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9625 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9626 -c "NamedGroup: ffdhe3072 ( 101 )" \
9627 -c "Verifying peer X.509 certificate... ok" \
9628 -C "received HelloRetryRequest message"
9629
9630requires_openssl_tls1_3
9631requires_openssl_3_x
9632requires_config_enabled MBEDTLS_SSL_CLI_C
9633requires_config_enabled MBEDTLS_DEBUG_C
9634requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9635requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9636requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9637run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
9638 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9639 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
9640 0 \
9641 -c "HTTP/1.0 200 ok" \
9642 -c "Protocol is TLSv1.3" \
9643 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9644 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9645 -c "NamedGroup: ffdhe3072 ( 101 )" \
9646 -c "Verifying peer X.509 certificate... ok" \
9647 -C "received HelloRetryRequest message"
9648
9649requires_openssl_tls1_3
9650requires_openssl_3_x
9651requires_config_enabled MBEDTLS_SSL_CLI_C
9652requires_config_enabled MBEDTLS_DEBUG_C
9653requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9654requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9655run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
9656 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9657 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
9658 0 \
9659 -c "HTTP/1.0 200 ok" \
9660 -c "Protocol is TLSv1.3" \
9661 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9662 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9663 -c "NamedGroup: ffdhe4096 ( 102 )" \
9664 -c "Verifying peer X.509 certificate... ok" \
9665 -C "received HelloRetryRequest message"
9666
9667requires_openssl_tls1_3
9668requires_openssl_3_x
9669requires_config_enabled MBEDTLS_SSL_CLI_C
9670requires_config_enabled MBEDTLS_DEBUG_C
9671requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9672requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9673run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
9674 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9675 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
9676 0 \
9677 -c "HTTP/1.0 200 ok" \
9678 -c "Protocol is TLSv1.3" \
9679 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9680 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9681 -c "NamedGroup: ffdhe4096 ( 102 )" \
9682 -c "Verifying peer X.509 certificate... ok" \
9683 -C "received HelloRetryRequest message"
9684
9685requires_openssl_tls1_3
9686requires_openssl_3_x
9687requires_config_enabled MBEDTLS_SSL_CLI_C
9688requires_config_enabled MBEDTLS_DEBUG_C
9689requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9690requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9691run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
9692 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9693 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
9694 0 \
9695 -c "HTTP/1.0 200 ok" \
9696 -c "Protocol is TLSv1.3" \
9697 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9698 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9699 -c "NamedGroup: ffdhe4096 ( 102 )" \
9700 -c "Verifying peer X.509 certificate... ok" \
9701 -C "received HelloRetryRequest message"
9702
9703requires_openssl_tls1_3
9704requires_openssl_3_x
9705requires_config_enabled MBEDTLS_SSL_CLI_C
9706requires_config_enabled MBEDTLS_DEBUG_C
9707requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9708requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9709requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9710run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
9711 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9712 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
9713 0 \
9714 -c "HTTP/1.0 200 ok" \
9715 -c "Protocol is TLSv1.3" \
9716 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9717 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9718 -c "NamedGroup: ffdhe4096 ( 102 )" \
9719 -c "Verifying peer X.509 certificate... ok" \
9720 -C "received HelloRetryRequest message"
9721
9722requires_openssl_tls1_3
9723requires_openssl_3_x
9724requires_config_enabled MBEDTLS_SSL_CLI_C
9725requires_config_enabled MBEDTLS_DEBUG_C
9726requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9727requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9728run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
9729 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9730 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
9731 0 \
9732 -c "HTTP/1.0 200 ok" \
9733 -c "Protocol is TLSv1.3" \
9734 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9735 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9736 -c "NamedGroup: ffdhe6144 ( 103 )" \
9737 -c "Verifying peer X.509 certificate... ok" \
9738 -C "received HelloRetryRequest message"
9739
9740requires_openssl_tls1_3
9741requires_openssl_3_x
9742requires_config_enabled MBEDTLS_SSL_CLI_C
9743requires_config_enabled MBEDTLS_DEBUG_C
9744requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9745requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9746run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
9747 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9748 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
9749 0 \
9750 -c "HTTP/1.0 200 ok" \
9751 -c "Protocol is TLSv1.3" \
9752 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9753 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9754 -c "NamedGroup: ffdhe6144 ( 103 )" \
9755 -c "Verifying peer X.509 certificate... ok" \
9756 -C "received HelloRetryRequest message"
9757
9758requires_openssl_tls1_3
9759requires_openssl_3_x
9760requires_config_enabled MBEDTLS_SSL_CLI_C
9761requires_config_enabled MBEDTLS_DEBUG_C
9762requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9763requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9764run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
9765 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9766 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
9767 0 \
9768 -c "HTTP/1.0 200 ok" \
9769 -c "Protocol is TLSv1.3" \
9770 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9771 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9772 -c "NamedGroup: ffdhe6144 ( 103 )" \
9773 -c "Verifying peer X.509 certificate... ok" \
9774 -C "received HelloRetryRequest message"
9775
9776requires_openssl_tls1_3
9777requires_openssl_3_x
9778requires_config_enabled MBEDTLS_SSL_CLI_C
9779requires_config_enabled MBEDTLS_DEBUG_C
9780requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9781requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9782requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9783run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
9784 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9785 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
9786 0 \
9787 -c "HTTP/1.0 200 ok" \
9788 -c "Protocol is TLSv1.3" \
9789 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9790 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9791 -c "NamedGroup: ffdhe6144 ( 103 )" \
9792 -c "Verifying peer X.509 certificate... ok" \
9793 -C "received HelloRetryRequest message"
9794
9795requires_openssl_tls1_3
9796requires_openssl_3_x
9797requires_config_enabled MBEDTLS_SSL_CLI_C
9798requires_config_enabled MBEDTLS_DEBUG_C
9799requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9800requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9801run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
9802 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9803 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
9804 0 \
9805 -c "HTTP/1.0 200 ok" \
9806 -c "Protocol is TLSv1.3" \
9807 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9808 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9809 -c "NamedGroup: ffdhe8192 ( 104 )" \
9810 -c "Verifying peer X.509 certificate... ok" \
9811 -C "received HelloRetryRequest message"
9812
9813requires_openssl_tls1_3
9814requires_openssl_3_x
9815requires_config_enabled MBEDTLS_SSL_CLI_C
9816requires_config_enabled MBEDTLS_DEBUG_C
9817requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9818requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9819run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
9820 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9821 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
9822 0 \
9823 -c "HTTP/1.0 200 ok" \
9824 -c "Protocol is TLSv1.3" \
9825 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9826 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9827 -c "NamedGroup: ffdhe8192 ( 104 )" \
9828 -c "Verifying peer X.509 certificate... ok" \
9829 -C "received HelloRetryRequest message"
9830
9831requires_openssl_tls1_3
9832requires_openssl_3_x
9833requires_config_enabled MBEDTLS_SSL_CLI_C
9834requires_config_enabled MBEDTLS_DEBUG_C
9835requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9836requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9837run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
9838 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9839 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
9840 0 \
9841 -c "HTTP/1.0 200 ok" \
9842 -c "Protocol is TLSv1.3" \
9843 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9844 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9845 -c "NamedGroup: ffdhe8192 ( 104 )" \
9846 -c "Verifying peer X.509 certificate... ok" \
9847 -C "received HelloRetryRequest message"
9848
9849requires_openssl_tls1_3
9850requires_openssl_3_x
9851requires_config_enabled MBEDTLS_SSL_CLI_C
9852requires_config_enabled MBEDTLS_DEBUG_C
9853requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9854requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9855requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9856run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
9857 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
9858 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
9859 0 \
9860 -c "HTTP/1.0 200 ok" \
9861 -c "Protocol is TLSv1.3" \
9862 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9863 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9864 -c "NamedGroup: ffdhe8192 ( 104 )" \
9865 -c "Verifying peer X.509 certificate... ok" \
9866 -C "received HelloRetryRequest message"
9867
9868requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9869requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9870requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9871requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9873run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9874 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9875 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9876 0 \
9877 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9878 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9879 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9880 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9881 -c "NamedGroup: secp256r1 ( 17 )" \
9882 -c "Verifying peer X.509 certificate... ok" \
9883 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9884
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9885requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9886requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9887requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9888requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9889requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9890run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9891 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9892 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9893 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9894 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9895 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9896 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9897 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9898 -c "NamedGroup: secp256r1 ( 17 )" \
9899 -c "Verifying peer X.509 certificate... ok" \
9900 -C "received HelloRetryRequest message"
9901
9902requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9903requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9904requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9905requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9906requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9907run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9908 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9909 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9910 0 \
9911 -c "HTTP/1.0 200 ok" \
9912 -c "Protocol is TLSv1.3" \
9913 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9914 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9915 -c "NamedGroup: secp256r1 ( 17 )" \
9916 -c "Verifying peer X.509 certificate... ok" \
9917 -C "received HelloRetryRequest message"
9918
9919requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9920requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9921requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9922requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9923requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9924requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9925run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9926 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9927 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9928 0 \
9929 -c "HTTP/1.0 200 ok" \
9930 -c "Protocol is TLSv1.3" \
9931 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9932 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9933 -c "NamedGroup: secp256r1 ( 17 )" \
9934 -c "Verifying peer X.509 certificate... ok" \
9935 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9936
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9937requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9938requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9939requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9940requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9941requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9942run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9943 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9944 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9945 0 \
9946 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9947 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9948 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9949 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9950 -c "NamedGroup: secp384r1 ( 18 )" \
9951 -c "Verifying peer X.509 certificate... ok" \
9952 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]9953
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9954requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]9955requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9956requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9957requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]9958requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9959run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9960 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9961 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9962 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9963 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9964 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9965 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9966 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9967 -c "NamedGroup: secp384r1 ( 18 )" \
9968 -c "Verifying peer X.509 certificate... ok" \
9969 -C "received HelloRetryRequest message"
9970
9971requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9972requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9973requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9974requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9975requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9976run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9977 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9978 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9979 0 \
9980 -c "HTTP/1.0 200 ok" \
9981 -c "Protocol is TLSv1.3" \
9982 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9983 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9984 -c "NamedGroup: secp384r1 ( 18 )" \
9985 -c "Verifying peer X.509 certificate... ok" \
9986 -C "received HelloRetryRequest message"
9987
9988requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9989requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9990requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9991requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9992requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9993requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9994run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9995 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]9996 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]9997 0 \
9998 -c "HTTP/1.0 200 ok" \
9999 -c "Protocol is TLSv1.3" \
10000 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10001 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10002 -c "NamedGroup: secp384r1 ( 18 )" \
10003 -c "Verifying peer X.509 certificate... ok" \
10004 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10005
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10006requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10007requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10008requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10009requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10010requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10011run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10012 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10013 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10014 0 \
10015 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10016 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10017 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10018 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10019 -c "NamedGroup: secp521r1 ( 19 )" \
10020 -c "Verifying peer X.509 certificate... ok" \
10021 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10022
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10023requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10024requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10025requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10026requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10027requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10028run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10029 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10030 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10031 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10032 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10033 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10034 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10035 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10036 -c "NamedGroup: secp521r1 ( 19 )" \
10037 -c "Verifying peer X.509 certificate... ok" \
10038 -C "received HelloRetryRequest message"
10039
10040requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10041requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10042requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10043requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10044requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10045run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10046 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10047 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10048 0 \
10049 -c "HTTP/1.0 200 ok" \
10050 -c "Protocol is TLSv1.3" \
10051 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10052 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10053 -c "NamedGroup: secp521r1 ( 19 )" \
10054 -c "Verifying peer X.509 certificate... ok" \
10055 -C "received HelloRetryRequest message"
10056
10057requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10058requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10059requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10060requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10061requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10062requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10063run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10064 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10065 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10066 0 \
10067 -c "HTTP/1.0 200 ok" \
10068 -c "Protocol is TLSv1.3" \
10069 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10070 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10071 -c "NamedGroup: secp521r1 ( 19 )" \
10072 -c "Verifying peer X.509 certificate... ok" \
10073 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10074
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10075requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10076requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10077requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10078requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10079requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10080run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10081 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10082 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10083 0 \
10084 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10085 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10086 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10087 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10088 -c "NamedGroup: x25519 ( 1d )" \
10089 -c "Verifying peer X.509 certificate... ok" \
10090 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10091
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10092requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10093requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10094requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10095requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10096requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10097run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10098 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10099 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10100 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10101 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10102 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10103 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10104 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10105 -c "NamedGroup: x25519 ( 1d )" \
10106 -c "Verifying peer X.509 certificate... ok" \
10107 -C "received HelloRetryRequest message"
10108
10109requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10110requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10111requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10112requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10113requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10114run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10115 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10116 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10117 0 \
10118 -c "HTTP/1.0 200 ok" \
10119 -c "Protocol is TLSv1.3" \
10120 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10121 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10122 -c "NamedGroup: x25519 ( 1d )" \
10123 -c "Verifying peer X.509 certificate... ok" \
10124 -C "received HelloRetryRequest message"
10125
10126requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10127requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10128requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10129requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10130requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10131requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10132run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10133 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10134 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10135 0 \
10136 -c "HTTP/1.0 200 ok" \
10137 -c "Protocol is TLSv1.3" \
10138 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10139 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10140 -c "NamedGroup: x25519 ( 1d )" \
10141 -c "Verifying peer X.509 certificate... ok" \
10142 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10143
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10144requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10145requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10146requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10147requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10148requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10149run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10150 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10151 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10152 0 \
10153 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10154 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10155 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10156 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10157 -c "NamedGroup: x448 ( 1e )" \
10158 -c "Verifying peer X.509 certificate... ok" \
10159 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10160
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10161requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10162requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10163requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10165requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10166run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10167 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10168 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10169 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10170 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10171 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10172 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10173 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10174 -c "NamedGroup: x448 ( 1e )" \
10175 -c "Verifying peer X.509 certificate... ok" \
10176 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10177
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10178requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10179requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10180requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10181requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10182requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10183run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10184 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10185 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10186 0 \
10187 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]10188 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10189 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10190 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10191 -c "NamedGroup: x448 ( 1e )" \
10192 -c "Verifying peer X.509 certificate... ok" \
10193 -C "received HelloRetryRequest message"
10194
10195requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10196requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10197requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10198requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10199requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10200requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10201run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10202 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10203 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10204 0 \
10205 -c "HTTP/1.0 200 ok" \
10206 -c "Protocol is TLSv1.3" \
10207 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10208 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10209 -c "NamedGroup: x448 ( 1e )" \
10210 -c "Verifying peer X.509 certificate... ok" \
10211 -C "received HelloRetryRequest message"
10212
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]10213requires_openssl_tls1_3
10214requires_openssl_3_x
10215requires_config_enabled MBEDTLS_SSL_CLI_C
10216requires_config_enabled MBEDTLS_DEBUG_C
10217requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10218requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10219run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
10220 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10221 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
10222 0 \
10223 -c "HTTP/1.0 200 ok" \
10224 -c "Protocol is TLSv1.3" \
10225 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10226 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10227 -c "NamedGroup: ffdhe2048 ( 100 )" \
10228 -c "Verifying peer X.509 certificate... ok" \
10229 -C "received HelloRetryRequest message"
10230
10231requires_openssl_tls1_3
10232requires_openssl_3_x
10233requires_config_enabled MBEDTLS_SSL_CLI_C
10234requires_config_enabled MBEDTLS_DEBUG_C
10235requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10236requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10237run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
10238 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10239 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
10240 0 \
10241 -c "HTTP/1.0 200 ok" \
10242 -c "Protocol is TLSv1.3" \
10243 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10244 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10245 -c "NamedGroup: ffdhe2048 ( 100 )" \
10246 -c "Verifying peer X.509 certificate... ok" \
10247 -C "received HelloRetryRequest message"
10248
10249requires_openssl_tls1_3
10250requires_openssl_3_x
10251requires_config_enabled MBEDTLS_SSL_CLI_C
10252requires_config_enabled MBEDTLS_DEBUG_C
10253requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10254requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10255run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
10256 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10257 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
10258 0 \
10259 -c "HTTP/1.0 200 ok" \
10260 -c "Protocol is TLSv1.3" \
10261 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10262 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10263 -c "NamedGroup: ffdhe2048 ( 100 )" \
10264 -c "Verifying peer X.509 certificate... ok" \
10265 -C "received HelloRetryRequest message"
10266
10267requires_openssl_tls1_3
10268requires_openssl_3_x
10269requires_config_enabled MBEDTLS_SSL_CLI_C
10270requires_config_enabled MBEDTLS_DEBUG_C
10271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10272requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10273requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10274run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
10275 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10276 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
10277 0 \
10278 -c "HTTP/1.0 200 ok" \
10279 -c "Protocol is TLSv1.3" \
10280 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10281 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10282 -c "NamedGroup: ffdhe2048 ( 100 )" \
10283 -c "Verifying peer X.509 certificate... ok" \
10284 -C "received HelloRetryRequest message"
10285
10286requires_openssl_tls1_3
10287requires_openssl_3_x
10288requires_config_enabled MBEDTLS_SSL_CLI_C
10289requires_config_enabled MBEDTLS_DEBUG_C
10290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10291requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10292run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
10293 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10294 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
10295 0 \
10296 -c "HTTP/1.0 200 ok" \
10297 -c "Protocol is TLSv1.3" \
10298 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10299 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10300 -c "NamedGroup: ffdhe3072 ( 101 )" \
10301 -c "Verifying peer X.509 certificate... ok" \
10302 -C "received HelloRetryRequest message"
10303
10304requires_openssl_tls1_3
10305requires_openssl_3_x
10306requires_config_enabled MBEDTLS_SSL_CLI_C
10307requires_config_enabled MBEDTLS_DEBUG_C
10308requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10309requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10310run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
10311 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10312 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
10313 0 \
10314 -c "HTTP/1.0 200 ok" \
10315 -c "Protocol is TLSv1.3" \
10316 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10317 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10318 -c "NamedGroup: ffdhe3072 ( 101 )" \
10319 -c "Verifying peer X.509 certificate... ok" \
10320 -C "received HelloRetryRequest message"
10321
10322requires_openssl_tls1_3
10323requires_openssl_3_x
10324requires_config_enabled MBEDTLS_SSL_CLI_C
10325requires_config_enabled MBEDTLS_DEBUG_C
10326requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10327requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10328run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
10329 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10330 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
10331 0 \
10332 -c "HTTP/1.0 200 ok" \
10333 -c "Protocol is TLSv1.3" \
10334 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10335 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10336 -c "NamedGroup: ffdhe3072 ( 101 )" \
10337 -c "Verifying peer X.509 certificate... ok" \
10338 -C "received HelloRetryRequest message"
10339
10340requires_openssl_tls1_3
10341requires_openssl_3_x
10342requires_config_enabled MBEDTLS_SSL_CLI_C
10343requires_config_enabled MBEDTLS_DEBUG_C
10344requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10345requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10346requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10347run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
10348 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10349 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
10350 0 \
10351 -c "HTTP/1.0 200 ok" \
10352 -c "Protocol is TLSv1.3" \
10353 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10354 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10355 -c "NamedGroup: ffdhe3072 ( 101 )" \
10356 -c "Verifying peer X.509 certificate... ok" \
10357 -C "received HelloRetryRequest message"
10358
10359requires_openssl_tls1_3
10360requires_openssl_3_x
10361requires_config_enabled MBEDTLS_SSL_CLI_C
10362requires_config_enabled MBEDTLS_DEBUG_C
10363requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10364requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10365run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
10366 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10367 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
10368 0 \
10369 -c "HTTP/1.0 200 ok" \
10370 -c "Protocol is TLSv1.3" \
10371 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10372 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10373 -c "NamedGroup: ffdhe4096 ( 102 )" \
10374 -c "Verifying peer X.509 certificate... ok" \
10375 -C "received HelloRetryRequest message"
10376
10377requires_openssl_tls1_3
10378requires_openssl_3_x
10379requires_config_enabled MBEDTLS_SSL_CLI_C
10380requires_config_enabled MBEDTLS_DEBUG_C
10381requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10382requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10383run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
10384 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10385 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
10386 0 \
10387 -c "HTTP/1.0 200 ok" \
10388 -c "Protocol is TLSv1.3" \
10389 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10390 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10391 -c "NamedGroup: ffdhe4096 ( 102 )" \
10392 -c "Verifying peer X.509 certificate... ok" \
10393 -C "received HelloRetryRequest message"
10394
10395requires_openssl_tls1_3
10396requires_openssl_3_x
10397requires_config_enabled MBEDTLS_SSL_CLI_C
10398requires_config_enabled MBEDTLS_DEBUG_C
10399requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10400requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10401run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
10402 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10403 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
10404 0 \
10405 -c "HTTP/1.0 200 ok" \
10406 -c "Protocol is TLSv1.3" \
10407 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10408 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10409 -c "NamedGroup: ffdhe4096 ( 102 )" \
10410 -c "Verifying peer X.509 certificate... ok" \
10411 -C "received HelloRetryRequest message"
10412
10413requires_openssl_tls1_3
10414requires_openssl_3_x
10415requires_config_enabled MBEDTLS_SSL_CLI_C
10416requires_config_enabled MBEDTLS_DEBUG_C
10417requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10418requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10419requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10420run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
10421 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10422 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
10423 0 \
10424 -c "HTTP/1.0 200 ok" \
10425 -c "Protocol is TLSv1.3" \
10426 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10427 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10428 -c "NamedGroup: ffdhe4096 ( 102 )" \
10429 -c "Verifying peer X.509 certificate... ok" \
10430 -C "received HelloRetryRequest message"
10431
10432requires_openssl_tls1_3
10433requires_openssl_3_x
10434requires_config_enabled MBEDTLS_SSL_CLI_C
10435requires_config_enabled MBEDTLS_DEBUG_C
10436requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10437requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10438run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
10439 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10440 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
10441 0 \
10442 -c "HTTP/1.0 200 ok" \
10443 -c "Protocol is TLSv1.3" \
10444 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10445 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10446 -c "NamedGroup: ffdhe6144 ( 103 )" \
10447 -c "Verifying peer X.509 certificate... ok" \
10448 -C "received HelloRetryRequest message"
10449
10450requires_openssl_tls1_3
10451requires_openssl_3_x
10452requires_config_enabled MBEDTLS_SSL_CLI_C
10453requires_config_enabled MBEDTLS_DEBUG_C
10454requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10455requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10456run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
10457 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10458 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
10459 0 \
10460 -c "HTTP/1.0 200 ok" \
10461 -c "Protocol is TLSv1.3" \
10462 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10463 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10464 -c "NamedGroup: ffdhe6144 ( 103 )" \
10465 -c "Verifying peer X.509 certificate... ok" \
10466 -C "received HelloRetryRequest message"
10467
10468requires_openssl_tls1_3
10469requires_openssl_3_x
10470requires_config_enabled MBEDTLS_SSL_CLI_C
10471requires_config_enabled MBEDTLS_DEBUG_C
10472requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10473requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10474run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
10475 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10476 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
10477 0 \
10478 -c "HTTP/1.0 200 ok" \
10479 -c "Protocol is TLSv1.3" \
10480 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10481 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10482 -c "NamedGroup: ffdhe6144 ( 103 )" \
10483 -c "Verifying peer X.509 certificate... ok" \
10484 -C "received HelloRetryRequest message"
10485
10486requires_openssl_tls1_3
10487requires_openssl_3_x
10488requires_config_enabled MBEDTLS_SSL_CLI_C
10489requires_config_enabled MBEDTLS_DEBUG_C
10490requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10491requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10492requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10493run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
10494 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10495 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
10496 0 \
10497 -c "HTTP/1.0 200 ok" \
10498 -c "Protocol is TLSv1.3" \
10499 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10500 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10501 -c "NamedGroup: ffdhe6144 ( 103 )" \
10502 -c "Verifying peer X.509 certificate... ok" \
10503 -C "received HelloRetryRequest message"
10504
10505requires_openssl_tls1_3
10506requires_openssl_3_x
10507requires_config_enabled MBEDTLS_SSL_CLI_C
10508requires_config_enabled MBEDTLS_DEBUG_C
10509requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10510requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10511run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
10512 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10513 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
10514 0 \
10515 -c "HTTP/1.0 200 ok" \
10516 -c "Protocol is TLSv1.3" \
10517 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10518 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10519 -c "NamedGroup: ffdhe8192 ( 104 )" \
10520 -c "Verifying peer X.509 certificate... ok" \
10521 -C "received HelloRetryRequest message"
10522
10523requires_openssl_tls1_3
10524requires_openssl_3_x
10525requires_config_enabled MBEDTLS_SSL_CLI_C
10526requires_config_enabled MBEDTLS_DEBUG_C
10527requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10528requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10529run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
10530 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10531 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
10532 0 \
10533 -c "HTTP/1.0 200 ok" \
10534 -c "Protocol is TLSv1.3" \
10535 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10536 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10537 -c "NamedGroup: ffdhe8192 ( 104 )" \
10538 -c "Verifying peer X.509 certificate... ok" \
10539 -C "received HelloRetryRequest message"
10540
10541requires_openssl_tls1_3
10542requires_openssl_3_x
10543requires_config_enabled MBEDTLS_SSL_CLI_C
10544requires_config_enabled MBEDTLS_DEBUG_C
10545requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10546requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10547run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
10548 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10549 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
10550 0 \
10551 -c "HTTP/1.0 200 ok" \
10552 -c "Protocol is TLSv1.3" \
10553 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10554 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10555 -c "NamedGroup: ffdhe8192 ( 104 )" \
10556 -c "Verifying peer X.509 certificate... ok" \
10557 -C "received HelloRetryRequest message"
10558
10559requires_openssl_tls1_3
10560requires_openssl_3_x
10561requires_config_enabled MBEDTLS_SSL_CLI_C
10562requires_config_enabled MBEDTLS_DEBUG_C
10563requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10564requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10565requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10566run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
10567 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10568 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
10569 0 \
10570 -c "HTTP/1.0 200 ok" \
10571 -c "Protocol is TLSv1.3" \
10572 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10573 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10574 -c "NamedGroup: ffdhe8192 ( 104 )" \
10575 -c "Verifying peer X.509 certificate... ok" \
10576 -C "received HelloRetryRequest message"
10577
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10578requires_gnutls_tls1_3
10579requires_gnutls_next_no_ticket
10580requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10581requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10582requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10583requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10584requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10585run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10586 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10587 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10588 0 \
10589 -c "HTTP/1.0 200 OK" \
10590 -c "Protocol is TLSv1.3" \
10591 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10592 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10593 -c "NamedGroup: secp256r1 ( 17 )" \
10594 -c "Verifying peer X.509 certificate... ok" \
10595 -C "received HelloRetryRequest message"
10596
10597requires_gnutls_tls1_3
10598requires_gnutls_next_no_ticket
10599requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10600requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10601requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10602requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10603requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10604run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10605 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10606 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10607 0 \
10608 -c "HTTP/1.0 200 OK" \
10609 -c "Protocol is TLSv1.3" \
10610 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]10611 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]10612 -c "NamedGroup: secp256r1 ( 17 )" \
10613 -c "Verifying peer X.509 certificate... ok" \
10614 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]10615
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10616requires_gnutls_tls1_3
10617requires_gnutls_next_no_ticket
10618requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]10619requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10620requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10621requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]10622requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10623run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10624 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10625 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10626 0 \
10627 -c "HTTP/1.0 200 OK" \
10628 -c "Protocol is TLSv1.3" \
10629 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10630 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10631 -c "NamedGroup: secp256r1 ( 17 )" \
10632 -c "Verifying peer X.509 certificate... ok" \
10633 -C "received HelloRetryRequest message"
10634
10635requires_gnutls_tls1_3
10636requires_gnutls_next_no_ticket
10637requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10638requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10639requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10640requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10641requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10642requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10643run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10644 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10645 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10646 0 \
10647 -c "HTTP/1.0 200 OK" \
10648 -c "Protocol is TLSv1.3" \
10649 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10650 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10651 -c "NamedGroup: secp256r1 ( 17 )" \
10652 -c "Verifying peer X.509 certificate... ok" \
10653 -C "received HelloRetryRequest message"
10654
10655requires_gnutls_tls1_3
10656requires_gnutls_next_no_ticket
10657requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10658requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10659requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10660requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10661requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10662run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10663 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10664 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10665 0 \
10666 -c "HTTP/1.0 200 OK" \
10667 -c "Protocol is TLSv1.3" \
10668 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10669 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10670 -c "NamedGroup: secp384r1 ( 18 )" \
10671 -c "Verifying peer X.509 certificate... ok" \
10672 -C "received HelloRetryRequest message"
10673
10674requires_gnutls_tls1_3
10675requires_gnutls_next_no_ticket
10676requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10677requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10678requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10679requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10680requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10681run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10682 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10683 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10684 0 \
10685 -c "HTTP/1.0 200 OK" \
10686 -c "Protocol is TLSv1.3" \
10687 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10688 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10689 -c "NamedGroup: secp384r1 ( 18 )" \
10690 -c "Verifying peer X.509 certificate... ok" \
10691 -C "received HelloRetryRequest message"
10692
10693requires_gnutls_tls1_3
10694requires_gnutls_next_no_ticket
10695requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10696requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10697requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10698requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10700run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10701 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10702 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10703 0 \
10704 -c "HTTP/1.0 200 OK" \
10705 -c "Protocol is TLSv1.3" \
10706 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10707 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10708 -c "NamedGroup: secp384r1 ( 18 )" \
10709 -c "Verifying peer X.509 certificate... ok" \
10710 -C "received HelloRetryRequest message"
10711
10712requires_gnutls_tls1_3
10713requires_gnutls_next_no_ticket
10714requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10715requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10716requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10717requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10718requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10719requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10720run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10721 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10722 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10723 0 \
10724 -c "HTTP/1.0 200 OK" \
10725 -c "Protocol is TLSv1.3" \
10726 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10727 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10728 -c "NamedGroup: secp384r1 ( 18 )" \
10729 -c "Verifying peer X.509 certificate... ok" \
10730 -C "received HelloRetryRequest message"
10731
10732requires_gnutls_tls1_3
10733requires_gnutls_next_no_ticket
10734requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10735requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10736requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10737requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10738requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10739run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10740 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10741 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10742 0 \
10743 -c "HTTP/1.0 200 OK" \
10744 -c "Protocol is TLSv1.3" \
10745 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10746 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10747 -c "NamedGroup: secp521r1 ( 19 )" \
10748 -c "Verifying peer X.509 certificate... ok" \
10749 -C "received HelloRetryRequest message"
10750
10751requires_gnutls_tls1_3
10752requires_gnutls_next_no_ticket
10753requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10754requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10755requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10756requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10758run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10759 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10760 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10761 0 \
10762 -c "HTTP/1.0 200 OK" \
10763 -c "Protocol is TLSv1.3" \
10764 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10765 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10766 -c "NamedGroup: secp521r1 ( 19 )" \
10767 -c "Verifying peer X.509 certificate... ok" \
10768 -C "received HelloRetryRequest message"
10769
10770requires_gnutls_tls1_3
10771requires_gnutls_next_no_ticket
10772requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10773requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10774requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10775requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10776requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10777run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10778 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10779 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10780 0 \
10781 -c "HTTP/1.0 200 OK" \
10782 -c "Protocol is TLSv1.3" \
10783 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10784 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10785 -c "NamedGroup: secp521r1 ( 19 )" \
10786 -c "Verifying peer X.509 certificate... ok" \
10787 -C "received HelloRetryRequest message"
10788
10789requires_gnutls_tls1_3
10790requires_gnutls_next_no_ticket
10791requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10792requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10793requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10794requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10795requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10796requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10797run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10798 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10799 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10800 0 \
10801 -c "HTTP/1.0 200 OK" \
10802 -c "Protocol is TLSv1.3" \
10803 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10804 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10805 -c "NamedGroup: secp521r1 ( 19 )" \
10806 -c "Verifying peer X.509 certificate... ok" \
10807 -C "received HelloRetryRequest message"
10808
10809requires_gnutls_tls1_3
10810requires_gnutls_next_no_ticket
10811requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10812requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10813requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10814requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10815requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10816run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10817 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10818 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10819 0 \
10820 -c "HTTP/1.0 200 OK" \
10821 -c "Protocol is TLSv1.3" \
10822 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10823 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10824 -c "NamedGroup: x25519 ( 1d )" \
10825 -c "Verifying peer X.509 certificate... ok" \
10826 -C "received HelloRetryRequest message"
10827
10828requires_gnutls_tls1_3
10829requires_gnutls_next_no_ticket
10830requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10831requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10832requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10833requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10834requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10835run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10836 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10837 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10838 0 \
10839 -c "HTTP/1.0 200 OK" \
10840 -c "Protocol is TLSv1.3" \
10841 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10842 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10843 -c "NamedGroup: x25519 ( 1d )" \
10844 -c "Verifying peer X.509 certificate... ok" \
10845 -C "received HelloRetryRequest message"
10846
10847requires_gnutls_tls1_3
10848requires_gnutls_next_no_ticket
10849requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10850requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10851requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10852requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10853requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10854run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10855 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10856 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10857 0 \
10858 -c "HTTP/1.0 200 OK" \
10859 -c "Protocol is TLSv1.3" \
10860 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10861 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10862 -c "NamedGroup: x25519 ( 1d )" \
10863 -c "Verifying peer X.509 certificate... ok" \
10864 -C "received HelloRetryRequest message"
10865
10866requires_gnutls_tls1_3
10867requires_gnutls_next_no_ticket
10868requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10869requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10870requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10871requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10873requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10874run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10875 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10876 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10877 0 \
10878 -c "HTTP/1.0 200 OK" \
10879 -c "Protocol is TLSv1.3" \
10880 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10881 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10882 -c "NamedGroup: x25519 ( 1d )" \
10883 -c "Verifying peer X.509 certificate... ok" \
10884 -C "received HelloRetryRequest message"
10885
10886requires_gnutls_tls1_3
10887requires_gnutls_next_no_ticket
10888requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10889requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10890requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10891requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10892requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10893run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10894 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10895 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10896 0 \
10897 -c "HTTP/1.0 200 OK" \
10898 -c "Protocol is TLSv1.3" \
10899 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10900 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10901 -c "NamedGroup: x448 ( 1e )" \
10902 -c "Verifying peer X.509 certificate... ok" \
10903 -C "received HelloRetryRequest message"
10904
10905requires_gnutls_tls1_3
10906requires_gnutls_next_no_ticket
10907requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10908requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10909requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10912run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10913 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10914 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10915 0 \
10916 -c "HTTP/1.0 200 OK" \
10917 -c "Protocol is TLSv1.3" \
10918 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10919 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10920 -c "NamedGroup: x448 ( 1e )" \
10921 -c "Verifying peer X.509 certificate... ok" \
10922 -C "received HelloRetryRequest message"
10923
10924requires_gnutls_tls1_3
10925requires_gnutls_next_no_ticket
10926requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10927requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10928requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10929requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10930requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10931run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10932 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10933 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10934 0 \
10935 -c "HTTP/1.0 200 OK" \
10936 -c "Protocol is TLSv1.3" \
10937 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10938 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10939 -c "NamedGroup: x448 ( 1e )" \
10940 -c "Verifying peer X.509 certificate... ok" \
10941 -C "received HelloRetryRequest message"
10942
10943requires_gnutls_tls1_3
10944requires_gnutls_next_no_ticket
10945requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10946requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10947requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10948requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10949requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10950requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10951run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10952 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]10953 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10954 0 \
10955 -c "HTTP/1.0 200 OK" \
10956 -c "Protocol is TLSv1.3" \
10957 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10958 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10959 -c "NamedGroup: x448 ( 1e )" \
10960 -c "Verifying peer X.509 certificate... ok" \
10961 -C "received HelloRetryRequest message"
10962
10963requires_gnutls_tls1_3
10964requires_gnutls_next_no_ticket
10965requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10966requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10967requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10968requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]10969requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]10970run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
10971 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
10972 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
10973 0 \
10974 -c "HTTP/1.0 200 OK" \
10975 -c "Protocol is TLSv1.3" \
10976 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10977 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10978 -c "NamedGroup: ffdhe2048 ( 100 )" \
10979 -c "Verifying peer X.509 certificate... ok" \
10980 -C "received HelloRetryRequest message"
10981
10982requires_gnutls_tls1_3
10983requires_gnutls_next_no_ticket
10984requires_gnutls_next_disable_tls13_compat
10985requires_config_enabled MBEDTLS_SSL_CLI_C
10986requires_config_enabled MBEDTLS_DEBUG_C
10987requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10988requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10989run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
10990 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
10991 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
10992 0 \
10993 -c "HTTP/1.0 200 OK" \
10994 -c "Protocol is TLSv1.3" \
10995 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
10996 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10997 -c "NamedGroup: ffdhe2048 ( 100 )" \
10998 -c "Verifying peer X.509 certificate... ok" \
10999 -C "received HelloRetryRequest message"
11000
11001requires_gnutls_tls1_3
11002requires_gnutls_next_no_ticket
11003requires_gnutls_next_disable_tls13_compat
11004requires_config_enabled MBEDTLS_SSL_CLI_C
11005requires_config_enabled MBEDTLS_DEBUG_C
11006requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11007requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11008run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
11009 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
11010 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
11011 0 \
11012 -c "HTTP/1.0 200 OK" \
11013 -c "Protocol is TLSv1.3" \
11014 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11015 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11016 -c "NamedGroup: ffdhe2048 ( 100 )" \
11017 -c "Verifying peer X.509 certificate... ok" \
11018 -C "received HelloRetryRequest message"
11019
11020requires_gnutls_tls1_3
11021requires_gnutls_next_no_ticket
11022requires_gnutls_next_disable_tls13_compat
11023requires_config_enabled MBEDTLS_SSL_CLI_C
11024requires_config_enabled MBEDTLS_DEBUG_C
11025requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11026requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11027requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11028run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
11029 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
11030 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
11031 0 \
11032 -c "HTTP/1.0 200 OK" \
11033 -c "Protocol is TLSv1.3" \
11034 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11035 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11036 -c "NamedGroup: ffdhe2048 ( 100 )" \
11037 -c "Verifying peer X.509 certificate... ok" \
11038 -C "received HelloRetryRequest message"
11039
11040requires_gnutls_tls1_3
11041requires_gnutls_next_no_ticket
11042requires_gnutls_next_disable_tls13_compat
11043requires_config_enabled MBEDTLS_SSL_CLI_C
11044requires_config_enabled MBEDTLS_DEBUG_C
11045requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11046requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11047run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
11048 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
11049 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
11050 0 \
11051 -c "HTTP/1.0 200 OK" \
11052 -c "Protocol is TLSv1.3" \
11053 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11054 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11055 -c "NamedGroup: ffdhe3072 ( 101 )" \
11056 -c "Verifying peer X.509 certificate... ok" \
11057 -C "received HelloRetryRequest message"
11058
11059requires_gnutls_tls1_3
11060requires_gnutls_next_no_ticket
11061requires_gnutls_next_disable_tls13_compat
11062requires_config_enabled MBEDTLS_SSL_CLI_C
11063requires_config_enabled MBEDTLS_DEBUG_C
11064requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11065requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11066run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
11067 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
11068 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
11069 0 \
11070 -c "HTTP/1.0 200 OK" \
11071 -c "Protocol is TLSv1.3" \
11072 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11073 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11074 -c "NamedGroup: ffdhe3072 ( 101 )" \
11075 -c "Verifying peer X.509 certificate... ok" \
11076 -C "received HelloRetryRequest message"
11077
11078requires_gnutls_tls1_3
11079requires_gnutls_next_no_ticket
11080requires_gnutls_next_disable_tls13_compat
11081requires_config_enabled MBEDTLS_SSL_CLI_C
11082requires_config_enabled MBEDTLS_DEBUG_C
11083requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11084requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11085run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
11086 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
11087 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
11088 0 \
11089 -c "HTTP/1.0 200 OK" \
11090 -c "Protocol is TLSv1.3" \
11091 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11092 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11093 -c "NamedGroup: ffdhe3072 ( 101 )" \
11094 -c "Verifying peer X.509 certificate... ok" \
11095 -C "received HelloRetryRequest message"
11096
11097requires_gnutls_tls1_3
11098requires_gnutls_next_no_ticket
11099requires_gnutls_next_disable_tls13_compat
11100requires_config_enabled MBEDTLS_SSL_CLI_C
11101requires_config_enabled MBEDTLS_DEBUG_C
11102requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11103requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11104requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11105run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
11106 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
11107 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
11108 0 \
11109 -c "HTTP/1.0 200 OK" \
11110 -c "Protocol is TLSv1.3" \
11111 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11112 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11113 -c "NamedGroup: ffdhe3072 ( 101 )" \
11114 -c "Verifying peer X.509 certificate... ok" \
11115 -C "received HelloRetryRequest message"
11116
11117requires_gnutls_tls1_3
11118requires_gnutls_next_no_ticket
11119requires_gnutls_next_disable_tls13_compat
11120requires_config_enabled MBEDTLS_SSL_CLI_C
11121requires_config_enabled MBEDTLS_DEBUG_C
11122requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11123requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11124run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
11125 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
11126 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
11127 0 \
11128 -c "HTTP/1.0 200 OK" \
11129 -c "Protocol is TLSv1.3" \
11130 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11131 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11132 -c "NamedGroup: ffdhe4096 ( 102 )" \
11133 -c "Verifying peer X.509 certificate... ok" \
11134 -C "received HelloRetryRequest message"
11135
11136requires_gnutls_tls1_3
11137requires_gnutls_next_no_ticket
11138requires_gnutls_next_disable_tls13_compat
11139requires_config_enabled MBEDTLS_SSL_CLI_C
11140requires_config_enabled MBEDTLS_DEBUG_C
11141requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11142requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11143run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
11144 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
11145 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
11146 0 \
11147 -c "HTTP/1.0 200 OK" \
11148 -c "Protocol is TLSv1.3" \
11149 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11150 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11151 -c "NamedGroup: ffdhe4096 ( 102 )" \
11152 -c "Verifying peer X.509 certificate... ok" \
11153 -C "received HelloRetryRequest message"
11154
11155requires_gnutls_tls1_3
11156requires_gnutls_next_no_ticket
11157requires_gnutls_next_disable_tls13_compat
11158requires_config_enabled MBEDTLS_SSL_CLI_C
11159requires_config_enabled MBEDTLS_DEBUG_C
11160requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11162run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
11163 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
11164 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
11165 0 \
11166 -c "HTTP/1.0 200 OK" \
11167 -c "Protocol is TLSv1.3" \
11168 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11169 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11170 -c "NamedGroup: ffdhe4096 ( 102 )" \
11171 -c "Verifying peer X.509 certificate... ok" \
11172 -C "received HelloRetryRequest message"
11173
11174requires_gnutls_tls1_3
11175requires_gnutls_next_no_ticket
11176requires_gnutls_next_disable_tls13_compat
11177requires_config_enabled MBEDTLS_SSL_CLI_C
11178requires_config_enabled MBEDTLS_DEBUG_C
11179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11180requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11181requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11182run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
11183 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
11184 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
11185 0 \
11186 -c "HTTP/1.0 200 OK" \
11187 -c "Protocol is TLSv1.3" \
11188 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11189 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11190 -c "NamedGroup: ffdhe4096 ( 102 )" \
11191 -c "Verifying peer X.509 certificate... ok" \
11192 -C "received HelloRetryRequest message"
11193
11194requires_gnutls_tls1_3
11195requires_gnutls_next_no_ticket
11196requires_gnutls_next_disable_tls13_compat
11197requires_config_enabled MBEDTLS_SSL_CLI_C
11198requires_config_enabled MBEDTLS_DEBUG_C
11199requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11200requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11201run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
11202 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
11203 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
11204 0 \
11205 -c "HTTP/1.0 200 OK" \
11206 -c "Protocol is TLSv1.3" \
11207 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11208 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11209 -c "NamedGroup: ffdhe6144 ( 103 )" \
11210 -c "Verifying peer X.509 certificate... ok" \
11211 -C "received HelloRetryRequest message"
11212
11213requires_gnutls_tls1_3
11214requires_gnutls_next_no_ticket
11215requires_gnutls_next_disable_tls13_compat
11216requires_config_enabled MBEDTLS_SSL_CLI_C
11217requires_config_enabled MBEDTLS_DEBUG_C
11218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11220run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
11221 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
11222 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
11223 0 \
11224 -c "HTTP/1.0 200 OK" \
11225 -c "Protocol is TLSv1.3" \
11226 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11227 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11228 -c "NamedGroup: ffdhe6144 ( 103 )" \
11229 -c "Verifying peer X.509 certificate... ok" \
11230 -C "received HelloRetryRequest message"
11231
11232requires_gnutls_tls1_3
11233requires_gnutls_next_no_ticket
11234requires_gnutls_next_disable_tls13_compat
11235requires_config_enabled MBEDTLS_SSL_CLI_C
11236requires_config_enabled MBEDTLS_DEBUG_C
11237requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11239run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
11240 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
11241 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
11242 0 \
11243 -c "HTTP/1.0 200 OK" \
11244 -c "Protocol is TLSv1.3" \
11245 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11246 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11247 -c "NamedGroup: ffdhe6144 ( 103 )" \
11248 -c "Verifying peer X.509 certificate... ok" \
11249 -C "received HelloRetryRequest message"
11250
11251requires_gnutls_tls1_3
11252requires_gnutls_next_no_ticket
11253requires_gnutls_next_disable_tls13_compat
11254requires_config_enabled MBEDTLS_SSL_CLI_C
11255requires_config_enabled MBEDTLS_DEBUG_C
11256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11258requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11259run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
11260 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
11261 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
11262 0 \
11263 -c "HTTP/1.0 200 OK" \
11264 -c "Protocol is TLSv1.3" \
11265 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11266 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11267 -c "NamedGroup: ffdhe6144 ( 103 )" \
11268 -c "Verifying peer X.509 certificate... ok" \
11269 -C "received HelloRetryRequest message"
11270
11271requires_gnutls_tls1_3
11272requires_gnutls_next_no_ticket
11273requires_gnutls_next_disable_tls13_compat
11274requires_config_enabled MBEDTLS_SSL_CLI_C
11275requires_config_enabled MBEDTLS_DEBUG_C
11276requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11277requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11278run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
11279 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
11280 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
11281 0 \
11282 -c "HTTP/1.0 200 OK" \
11283 -c "Protocol is TLSv1.3" \
11284 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11285 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11286 -c "NamedGroup: ffdhe8192 ( 104 )" \
11287 -c "Verifying peer X.509 certificate... ok" \
11288 -C "received HelloRetryRequest message"
11289
11290requires_gnutls_tls1_3
11291requires_gnutls_next_no_ticket
11292requires_gnutls_next_disable_tls13_compat
11293requires_config_enabled MBEDTLS_SSL_CLI_C
11294requires_config_enabled MBEDTLS_DEBUG_C
11295requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11296requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11297run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
11298 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
11299 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
11300 0 \
11301 -c "HTTP/1.0 200 OK" \
11302 -c "Protocol is TLSv1.3" \
11303 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11304 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11305 -c "NamedGroup: ffdhe8192 ( 104 )" \
11306 -c "Verifying peer X.509 certificate... ok" \
11307 -C "received HelloRetryRequest message"
11308
11309requires_gnutls_tls1_3
11310requires_gnutls_next_no_ticket
11311requires_gnutls_next_disable_tls13_compat
11312requires_config_enabled MBEDTLS_SSL_CLI_C
11313requires_config_enabled MBEDTLS_DEBUG_C
11314requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11315requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11316run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
11317 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
11318 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
11319 0 \
11320 -c "HTTP/1.0 200 OK" \
11321 -c "Protocol is TLSv1.3" \
11322 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11323 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11324 -c "NamedGroup: ffdhe8192 ( 104 )" \
11325 -c "Verifying peer X.509 certificate... ok" \
11326 -C "received HelloRetryRequest message"
11327
11328requires_gnutls_tls1_3
11329requires_gnutls_next_no_ticket
11330requires_gnutls_next_disable_tls13_compat
11331requires_config_enabled MBEDTLS_SSL_CLI_C
11332requires_config_enabled MBEDTLS_DEBUG_C
11333requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11334requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11335requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11336run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
11337 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
11338 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
11339 0 \
11340 -c "HTTP/1.0 200 OK" \
11341 -c "Protocol is TLSv1.3" \
11342 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
11343 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11344 -c "NamedGroup: ffdhe8192 ( 104 )" \
11345 -c "Verifying peer X.509 certificate... ok" \
11346 -C "received HelloRetryRequest message"
11347
11348requires_gnutls_tls1_3
11349requires_gnutls_next_no_ticket
11350requires_gnutls_next_disable_tls13_compat
11351requires_config_enabled MBEDTLS_SSL_CLI_C
11352requires_config_enabled MBEDTLS_DEBUG_C
11353requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11354requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11355run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11356 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11357 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11358 0 \
11359 -c "HTTP/1.0 200 OK" \
11360 -c "Protocol is TLSv1.3" \
11361 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11362 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11363 -c "NamedGroup: secp256r1 ( 17 )" \
11364 -c "Verifying peer X.509 certificate... ok" \
11365 -C "received HelloRetryRequest message"
11366
11367requires_gnutls_tls1_3
11368requires_gnutls_next_no_ticket
11369requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11370requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11371requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11372requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11373requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11374run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11375 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11376 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11377 0 \
11378 -c "HTTP/1.0 200 OK" \
11379 -c "Protocol is TLSv1.3" \
11380 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11381 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11382 -c "NamedGroup: secp256r1 ( 17 )" \
11383 -c "Verifying peer X.509 certificate... ok" \
11384 -C "received HelloRetryRequest message"
11385
11386requires_gnutls_tls1_3
11387requires_gnutls_next_no_ticket
11388requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11389requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11390requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11391requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11392requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11393run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11394 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11395 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11396 0 \
11397 -c "HTTP/1.0 200 OK" \
11398 -c "Protocol is TLSv1.3" \
11399 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11400 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11401 -c "NamedGroup: secp256r1 ( 17 )" \
11402 -c "Verifying peer X.509 certificate... ok" \
11403 -C "received HelloRetryRequest message"
11404
11405requires_gnutls_tls1_3
11406requires_gnutls_next_no_ticket
11407requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11408requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11409requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11410requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11412requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11413run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11414 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11415 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11416 0 \
11417 -c "HTTP/1.0 200 OK" \
11418 -c "Protocol is TLSv1.3" \
11419 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11420 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11421 -c "NamedGroup: secp256r1 ( 17 )" \
11422 -c "Verifying peer X.509 certificate... ok" \
11423 -C "received HelloRetryRequest message"
11424
11425requires_gnutls_tls1_3
11426requires_gnutls_next_no_ticket
11427requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11428requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11429requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11430requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11431requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11432run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11433 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11434 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11435 0 \
11436 -c "HTTP/1.0 200 OK" \
11437 -c "Protocol is TLSv1.3" \
11438 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11439 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11440 -c "NamedGroup: secp384r1 ( 18 )" \
11441 -c "Verifying peer X.509 certificate... ok" \
11442 -C "received HelloRetryRequest message"
11443
11444requires_gnutls_tls1_3
11445requires_gnutls_next_no_ticket
11446requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11447requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11448requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11449requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11450requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11451run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11452 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11453 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11454 0 \
11455 -c "HTTP/1.0 200 OK" \
11456 -c "Protocol is TLSv1.3" \
11457 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11458 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11459 -c "NamedGroup: secp384r1 ( 18 )" \
11460 -c "Verifying peer X.509 certificate... ok" \
11461 -C "received HelloRetryRequest message"
11462
11463requires_gnutls_tls1_3
11464requires_gnutls_next_no_ticket
11465requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11466requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11467requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11468requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11469requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11470run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11471 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11472 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11473 0 \
11474 -c "HTTP/1.0 200 OK" \
11475 -c "Protocol is TLSv1.3" \
11476 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11477 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11478 -c "NamedGroup: secp384r1 ( 18 )" \
11479 -c "Verifying peer X.509 certificate... ok" \
11480 -C "received HelloRetryRequest message"
11481
11482requires_gnutls_tls1_3
11483requires_gnutls_next_no_ticket
11484requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11485requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11486requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11487requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11488requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11489requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11490run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11491 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11492 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11493 0 \
11494 -c "HTTP/1.0 200 OK" \
11495 -c "Protocol is TLSv1.3" \
11496 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11497 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11498 -c "NamedGroup: secp384r1 ( 18 )" \
11499 -c "Verifying peer X.509 certificate... ok" \
11500 -C "received HelloRetryRequest message"
11501
11502requires_gnutls_tls1_3
11503requires_gnutls_next_no_ticket
11504requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11505requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11506requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11507requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11508requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11509run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11510 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11511 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11512 0 \
11513 -c "HTTP/1.0 200 OK" \
11514 -c "Protocol is TLSv1.3" \
11515 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11516 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11517 -c "NamedGroup: secp521r1 ( 19 )" \
11518 -c "Verifying peer X.509 certificate... ok" \
11519 -C "received HelloRetryRequest message"
11520
11521requires_gnutls_tls1_3
11522requires_gnutls_next_no_ticket
11523requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11524requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11525requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11526requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11527requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11528run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11529 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11530 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11531 0 \
11532 -c "HTTP/1.0 200 OK" \
11533 -c "Protocol is TLSv1.3" \
11534 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11535 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11536 -c "NamedGroup: secp521r1 ( 19 )" \
11537 -c "Verifying peer X.509 certificate... ok" \
11538 -C "received HelloRetryRequest message"
11539
11540requires_gnutls_tls1_3
11541requires_gnutls_next_no_ticket
11542requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11543requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11544requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11545requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11546requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11547run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11548 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11549 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11550 0 \
11551 -c "HTTP/1.0 200 OK" \
11552 -c "Protocol is TLSv1.3" \
11553 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11554 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11555 -c "NamedGroup: secp521r1 ( 19 )" \
11556 -c "Verifying peer X.509 certificate... ok" \
11557 -C "received HelloRetryRequest message"
11558
11559requires_gnutls_tls1_3
11560requires_gnutls_next_no_ticket
11561requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11562requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11563requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11564requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11565requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11566requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11567run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11568 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11569 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11570 0 \
11571 -c "HTTP/1.0 200 OK" \
11572 -c "Protocol is TLSv1.3" \
11573 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11574 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11575 -c "NamedGroup: secp521r1 ( 19 )" \
11576 -c "Verifying peer X.509 certificate... ok" \
11577 -C "received HelloRetryRequest message"
11578
11579requires_gnutls_tls1_3
11580requires_gnutls_next_no_ticket
11581requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11582requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11583requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11584requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11585requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11586run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11587 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11588 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11589 0 \
11590 -c "HTTP/1.0 200 OK" \
11591 -c "Protocol is TLSv1.3" \
11592 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11593 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11594 -c "NamedGroup: x25519 ( 1d )" \
11595 -c "Verifying peer X.509 certificate... ok" \
11596 -C "received HelloRetryRequest message"
11597
11598requires_gnutls_tls1_3
11599requires_gnutls_next_no_ticket
11600requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11601requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11602requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11603requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11604requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11605run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11606 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11607 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11608 0 \
11609 -c "HTTP/1.0 200 OK" \
11610 -c "Protocol is TLSv1.3" \
11611 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11612 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11613 -c "NamedGroup: x25519 ( 1d )" \
11614 -c "Verifying peer X.509 certificate... ok" \
11615 -C "received HelloRetryRequest message"
11616
11617requires_gnutls_tls1_3
11618requires_gnutls_next_no_ticket
11619requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11620requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11621requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11622requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11623requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11624run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11625 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11626 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11627 0 \
11628 -c "HTTP/1.0 200 OK" \
11629 -c "Protocol is TLSv1.3" \
11630 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11631 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11632 -c "NamedGroup: x25519 ( 1d )" \
11633 -c "Verifying peer X.509 certificate... ok" \
11634 -C "received HelloRetryRequest message"
11635
11636requires_gnutls_tls1_3
11637requires_gnutls_next_no_ticket
11638requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11639requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11640requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11641requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11642requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11643requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11644run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11645 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11646 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11647 0 \
11648 -c "HTTP/1.0 200 OK" \
11649 -c "Protocol is TLSv1.3" \
11650 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11651 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11652 -c "NamedGroup: x25519 ( 1d )" \
11653 -c "Verifying peer X.509 certificate... ok" \
11654 -C "received HelloRetryRequest message"
11655
11656requires_gnutls_tls1_3
11657requires_gnutls_next_no_ticket
11658requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11659requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11660requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11661requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11662requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11663run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11664 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11665 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11666 0 \
11667 -c "HTTP/1.0 200 OK" \
11668 -c "Protocol is TLSv1.3" \
11669 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11670 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11671 -c "NamedGroup: x448 ( 1e )" \
11672 -c "Verifying peer X.509 certificate... ok" \
11673 -C "received HelloRetryRequest message"
11674
11675requires_gnutls_tls1_3
11676requires_gnutls_next_no_ticket
11677requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11678requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11679requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11680requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11681requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11682run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11683 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11684 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11685 0 \
11686 -c "HTTP/1.0 200 OK" \
11687 -c "Protocol is TLSv1.3" \
11688 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11689 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11690 -c "NamedGroup: x448 ( 1e )" \
11691 -c "Verifying peer X.509 certificate... ok" \
11692 -C "received HelloRetryRequest message"
11693
11694requires_gnutls_tls1_3
11695requires_gnutls_next_no_ticket
11696requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11697requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11698requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11699requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11700requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11701run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11702 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11703 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11704 0 \
11705 -c "HTTP/1.0 200 OK" \
11706 -c "Protocol is TLSv1.3" \
11707 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11708 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11709 -c "NamedGroup: x448 ( 1e )" \
11710 -c "Verifying peer X.509 certificate... ok" \
11711 -C "received HelloRetryRequest message"
11712
11713requires_gnutls_tls1_3
11714requires_gnutls_next_no_ticket
11715requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11716requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11717requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11718requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11719requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11720requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11721run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11722 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]11723 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11724 0 \
11725 -c "HTTP/1.0 200 OK" \
11726 -c "Protocol is TLSv1.3" \
11727 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11728 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11729 -c "NamedGroup: x448 ( 1e )" \
11730 -c "Verifying peer X.509 certificate... ok" \
11731 -C "received HelloRetryRequest message"
11732
11733requires_gnutls_tls1_3
11734requires_gnutls_next_no_ticket
11735requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11736requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11737requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11738requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]11739requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]11740run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
11741 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
11742 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
11743 0 \
11744 -c "HTTP/1.0 200 OK" \
11745 -c "Protocol is TLSv1.3" \
11746 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11747 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11748 -c "NamedGroup: ffdhe2048 ( 100 )" \
11749 -c "Verifying peer X.509 certificate... ok" \
11750 -C "received HelloRetryRequest message"
11751
11752requires_gnutls_tls1_3
11753requires_gnutls_next_no_ticket
11754requires_gnutls_next_disable_tls13_compat
11755requires_config_enabled MBEDTLS_SSL_CLI_C
11756requires_config_enabled MBEDTLS_DEBUG_C
11757requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11758requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11759run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
11760 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
11761 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
11762 0 \
11763 -c "HTTP/1.0 200 OK" \
11764 -c "Protocol is TLSv1.3" \
11765 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11766 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11767 -c "NamedGroup: ffdhe2048 ( 100 )" \
11768 -c "Verifying peer X.509 certificate... ok" \
11769 -C "received HelloRetryRequest message"
11770
11771requires_gnutls_tls1_3
11772requires_gnutls_next_no_ticket
11773requires_gnutls_next_disable_tls13_compat
11774requires_config_enabled MBEDTLS_SSL_CLI_C
11775requires_config_enabled MBEDTLS_DEBUG_C
11776requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11777requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11778run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
11779 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
11780 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
11781 0 \
11782 -c "HTTP/1.0 200 OK" \
11783 -c "Protocol is TLSv1.3" \
11784 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11785 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11786 -c "NamedGroup: ffdhe2048 ( 100 )" \
11787 -c "Verifying peer X.509 certificate... ok" \
11788 -C "received HelloRetryRequest message"
11789
11790requires_gnutls_tls1_3
11791requires_gnutls_next_no_ticket
11792requires_gnutls_next_disable_tls13_compat
11793requires_config_enabled MBEDTLS_SSL_CLI_C
11794requires_config_enabled MBEDTLS_DEBUG_C
11795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11797requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11798run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
11799 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
11800 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
11801 0 \
11802 -c "HTTP/1.0 200 OK" \
11803 -c "Protocol is TLSv1.3" \
11804 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11805 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11806 -c "NamedGroup: ffdhe2048 ( 100 )" \
11807 -c "Verifying peer X.509 certificate... ok" \
11808 -C "received HelloRetryRequest message"
11809
11810requires_gnutls_tls1_3
11811requires_gnutls_next_no_ticket
11812requires_gnutls_next_disable_tls13_compat
11813requires_config_enabled MBEDTLS_SSL_CLI_C
11814requires_config_enabled MBEDTLS_DEBUG_C
11815requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11816requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11817run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp256r1_sha256" \
11818 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
11819 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
11820 0 \
11821 -c "HTTP/1.0 200 OK" \
11822 -c "Protocol is TLSv1.3" \
11823 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11824 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11825 -c "NamedGroup: ffdhe3072 ( 101 )" \
11826 -c "Verifying peer X.509 certificate... ok" \
11827 -C "received HelloRetryRequest message"
11828
11829requires_gnutls_tls1_3
11830requires_gnutls_next_no_ticket
11831requires_gnutls_next_disable_tls13_compat
11832requires_config_enabled MBEDTLS_SSL_CLI_C
11833requires_config_enabled MBEDTLS_DEBUG_C
11834requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11835requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11836run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp384r1_sha384" \
11837 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
11838 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
11839 0 \
11840 -c "HTTP/1.0 200 OK" \
11841 -c "Protocol is TLSv1.3" \
11842 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11843 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11844 -c "NamedGroup: ffdhe3072 ( 101 )" \
11845 -c "Verifying peer X.509 certificate... ok" \
11846 -C "received HelloRetryRequest message"
11847
11848requires_gnutls_tls1_3
11849requires_gnutls_next_no_ticket
11850requires_gnutls_next_disable_tls13_compat
11851requires_config_enabled MBEDTLS_SSL_CLI_C
11852requires_config_enabled MBEDTLS_DEBUG_C
11853requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11854requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11855run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp521r1_sha512" \
11856 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
11857 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
11858 0 \
11859 -c "HTTP/1.0 200 OK" \
11860 -c "Protocol is TLSv1.3" \
11861 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11862 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11863 -c "NamedGroup: ffdhe3072 ( 101 )" \
11864 -c "Verifying peer X.509 certificate... ok" \
11865 -C "received HelloRetryRequest message"
11866
11867requires_gnutls_tls1_3
11868requires_gnutls_next_no_ticket
11869requires_gnutls_next_disable_tls13_compat
11870requires_config_enabled MBEDTLS_SSL_CLI_C
11871requires_config_enabled MBEDTLS_DEBUG_C
11872requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11873requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11874requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11875run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe3072,rsa_pss_rsae_sha256" \
11876 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
11877 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
11878 0 \
11879 -c "HTTP/1.0 200 OK" \
11880 -c "Protocol is TLSv1.3" \
11881 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11882 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11883 -c "NamedGroup: ffdhe3072 ( 101 )" \
11884 -c "Verifying peer X.509 certificate... ok" \
11885 -C "received HelloRetryRequest message"
11886
11887requires_gnutls_tls1_3
11888requires_gnutls_next_no_ticket
11889requires_gnutls_next_disable_tls13_compat
11890requires_config_enabled MBEDTLS_SSL_CLI_C
11891requires_config_enabled MBEDTLS_DEBUG_C
11892requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11893requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11894run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp256r1_sha256" \
11895 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
11896 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
11897 0 \
11898 -c "HTTP/1.0 200 OK" \
11899 -c "Protocol is TLSv1.3" \
11900 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11901 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11902 -c "NamedGroup: ffdhe4096 ( 102 )" \
11903 -c "Verifying peer X.509 certificate... ok" \
11904 -C "received HelloRetryRequest message"
11905
11906requires_gnutls_tls1_3
11907requires_gnutls_next_no_ticket
11908requires_gnutls_next_disable_tls13_compat
11909requires_config_enabled MBEDTLS_SSL_CLI_C
11910requires_config_enabled MBEDTLS_DEBUG_C
11911requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11912requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11913run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp384r1_sha384" \
11914 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
11915 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
11916 0 \
11917 -c "HTTP/1.0 200 OK" \
11918 -c "Protocol is TLSv1.3" \
11919 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11920 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11921 -c "NamedGroup: ffdhe4096 ( 102 )" \
11922 -c "Verifying peer X.509 certificate... ok" \
11923 -C "received HelloRetryRequest message"
11924
11925requires_gnutls_tls1_3
11926requires_gnutls_next_no_ticket
11927requires_gnutls_next_disable_tls13_compat
11928requires_config_enabled MBEDTLS_SSL_CLI_C
11929requires_config_enabled MBEDTLS_DEBUG_C
11930requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11931requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11932run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp521r1_sha512" \
11933 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
11934 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
11935 0 \
11936 -c "HTTP/1.0 200 OK" \
11937 -c "Protocol is TLSv1.3" \
11938 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11939 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11940 -c "NamedGroup: ffdhe4096 ( 102 )" \
11941 -c "Verifying peer X.509 certificate... ok" \
11942 -C "received HelloRetryRequest message"
11943
11944requires_gnutls_tls1_3
11945requires_gnutls_next_no_ticket
11946requires_gnutls_next_disable_tls13_compat
11947requires_config_enabled MBEDTLS_SSL_CLI_C
11948requires_config_enabled MBEDTLS_DEBUG_C
11949requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11950requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11951requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
11952run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe4096,rsa_pss_rsae_sha256" \
11953 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
11954 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
11955 0 \
11956 -c "HTTP/1.0 200 OK" \
11957 -c "Protocol is TLSv1.3" \
11958 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11959 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11960 -c "NamedGroup: ffdhe4096 ( 102 )" \
11961 -c "Verifying peer X.509 certificate... ok" \
11962 -C "received HelloRetryRequest message"
11963
11964requires_gnutls_tls1_3
11965requires_gnutls_next_no_ticket
11966requires_gnutls_next_disable_tls13_compat
11967requires_config_enabled MBEDTLS_SSL_CLI_C
11968requires_config_enabled MBEDTLS_DEBUG_C
11969requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11970requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11971run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp256r1_sha256" \
11972 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
11973 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
11974 0 \
11975 -c "HTTP/1.0 200 OK" \
11976 -c "Protocol is TLSv1.3" \
11977 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11978 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11979 -c "NamedGroup: ffdhe6144 ( 103 )" \
11980 -c "Verifying peer X.509 certificate... ok" \
11981 -C "received HelloRetryRequest message"
11982
11983requires_gnutls_tls1_3
11984requires_gnutls_next_no_ticket
11985requires_gnutls_next_disable_tls13_compat
11986requires_config_enabled MBEDTLS_SSL_CLI_C
11987requires_config_enabled MBEDTLS_DEBUG_C
11988requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11989requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11990run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp384r1_sha384" \
11991 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
11992 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
11993 0 \
11994 -c "HTTP/1.0 200 OK" \
11995 -c "Protocol is TLSv1.3" \
11996 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
11997 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11998 -c "NamedGroup: ffdhe6144 ( 103 )" \
11999 -c "Verifying peer X.509 certificate... ok" \
12000 -C "received HelloRetryRequest message"
12001
12002requires_gnutls_tls1_3
12003requires_gnutls_next_no_ticket
12004requires_gnutls_next_disable_tls13_compat
12005requires_config_enabled MBEDTLS_SSL_CLI_C
12006requires_config_enabled MBEDTLS_DEBUG_C
12007requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12008requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12009run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp521r1_sha512" \
12010 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
12011 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
12012 0 \
12013 -c "HTTP/1.0 200 OK" \
12014 -c "Protocol is TLSv1.3" \
12015 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
12016 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12017 -c "NamedGroup: ffdhe6144 ( 103 )" \
12018 -c "Verifying peer X.509 certificate... ok" \
12019 -C "received HelloRetryRequest message"
12020
12021requires_gnutls_tls1_3
12022requires_gnutls_next_no_ticket
12023requires_gnutls_next_disable_tls13_compat
12024requires_config_enabled MBEDTLS_SSL_CLI_C
12025requires_config_enabled MBEDTLS_DEBUG_C
12026requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12027requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12028requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12029run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe6144,rsa_pss_rsae_sha256" \
12030 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
12031 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
12032 0 \
12033 -c "HTTP/1.0 200 OK" \
12034 -c "Protocol is TLSv1.3" \
12035 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
12036 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12037 -c "NamedGroup: ffdhe6144 ( 103 )" \
12038 -c "Verifying peer X.509 certificate... ok" \
12039 -C "received HelloRetryRequest message"
12040
12041requires_gnutls_tls1_3
12042requires_gnutls_next_no_ticket
12043requires_gnutls_next_disable_tls13_compat
12044requires_config_enabled MBEDTLS_SSL_CLI_C
12045requires_config_enabled MBEDTLS_DEBUG_C
12046requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12047requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12048run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
12049 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
12050 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
12051 0 \
12052 -c "HTTP/1.0 200 OK" \
12053 -c "Protocol is TLSv1.3" \
12054 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
12055 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12056 -c "NamedGroup: ffdhe8192 ( 104 )" \
12057 -c "Verifying peer X.509 certificate... ok" \
12058 -C "received HelloRetryRequest message"
12059
12060requires_gnutls_tls1_3
12061requires_gnutls_next_no_ticket
12062requires_gnutls_next_disable_tls13_compat
12063requires_config_enabled MBEDTLS_SSL_CLI_C
12064requires_config_enabled MBEDTLS_DEBUG_C
12065requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12066requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12067run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
12068 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
12069 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
12070 0 \
12071 -c "HTTP/1.0 200 OK" \
12072 -c "Protocol is TLSv1.3" \
12073 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
12074 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12075 -c "NamedGroup: ffdhe8192 ( 104 )" \
12076 -c "Verifying peer X.509 certificate... ok" \
12077 -C "received HelloRetryRequest message"
12078
12079requires_gnutls_tls1_3
12080requires_gnutls_next_no_ticket
12081requires_gnutls_next_disable_tls13_compat
12082requires_config_enabled MBEDTLS_SSL_CLI_C
12083requires_config_enabled MBEDTLS_DEBUG_C
12084requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12085requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12086run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
12087 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
12088 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
12089 0 \
12090 -c "HTTP/1.0 200 OK" \
12091 -c "Protocol is TLSv1.3" \
12092 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
12093 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12094 -c "NamedGroup: ffdhe8192 ( 104 )" \
12095 -c "Verifying peer X.509 certificate... ok" \
12096 -C "received HelloRetryRequest message"
12097
12098requires_gnutls_tls1_3
12099requires_gnutls_next_no_ticket
12100requires_gnutls_next_disable_tls13_compat
12101requires_config_enabled MBEDTLS_SSL_CLI_C
12102requires_config_enabled MBEDTLS_DEBUG_C
12103requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12104requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12105requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12106run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
12107 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
12108 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
12109 0 \
12110 -c "HTTP/1.0 200 OK" \
12111 -c "Protocol is TLSv1.3" \
12112 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
12113 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12114 -c "NamedGroup: ffdhe8192 ( 104 )" \
12115 -c "Verifying peer X.509 certificate... ok" \
12116 -C "received HelloRetryRequest message"
12117
12118requires_gnutls_tls1_3
12119requires_gnutls_next_no_ticket
12120requires_gnutls_next_disable_tls13_compat
12121requires_config_enabled MBEDTLS_SSL_CLI_C
12122requires_config_enabled MBEDTLS_DEBUG_C
12123requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12124requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12125run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12126 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12127 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12128 0 \
12129 -c "HTTP/1.0 200 OK" \
12130 -c "Protocol is TLSv1.3" \
12131 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12132 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12133 -c "NamedGroup: secp256r1 ( 17 )" \
12134 -c "Verifying peer X.509 certificate... ok" \
12135 -C "received HelloRetryRequest message"
12136
12137requires_gnutls_tls1_3
12138requires_gnutls_next_no_ticket
12139requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12140requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12141requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12142requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12143requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12144run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12145 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12146 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12147 0 \
12148 -c "HTTP/1.0 200 OK" \
12149 -c "Protocol is TLSv1.3" \
12150 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12151 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12152 -c "NamedGroup: secp256r1 ( 17 )" \
12153 -c "Verifying peer X.509 certificate... ok" \
12154 -C "received HelloRetryRequest message"
12155
12156requires_gnutls_tls1_3
12157requires_gnutls_next_no_ticket
12158requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12159requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12160requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12161requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12162requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12163run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12164 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12165 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12166 0 \
12167 -c "HTTP/1.0 200 OK" \
12168 -c "Protocol is TLSv1.3" \
12169 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12170 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12171 -c "NamedGroup: secp256r1 ( 17 )" \
12172 -c "Verifying peer X.509 certificate... ok" \
12173 -C "received HelloRetryRequest message"
12174
12175requires_gnutls_tls1_3
12176requires_gnutls_next_no_ticket
12177requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12178requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12179requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12180requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12181requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12182requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12183run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12184 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12185 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12186 0 \
12187 -c "HTTP/1.0 200 OK" \
12188 -c "Protocol is TLSv1.3" \
12189 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12190 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12191 -c "NamedGroup: secp256r1 ( 17 )" \
12192 -c "Verifying peer X.509 certificate... ok" \
12193 -C "received HelloRetryRequest message"
12194
12195requires_gnutls_tls1_3
12196requires_gnutls_next_no_ticket
12197requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12198requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12199requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12200requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12201requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12202run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12203 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12204 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12205 0 \
12206 -c "HTTP/1.0 200 OK" \
12207 -c "Protocol is TLSv1.3" \
12208 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12209 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12210 -c "NamedGroup: secp384r1 ( 18 )" \
12211 -c "Verifying peer X.509 certificate... ok" \
12212 -C "received HelloRetryRequest message"
12213
12214requires_gnutls_tls1_3
12215requires_gnutls_next_no_ticket
12216requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12217requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12218requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12219requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12221run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12222 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12223 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12224 0 \
12225 -c "HTTP/1.0 200 OK" \
12226 -c "Protocol is TLSv1.3" \
12227 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12228 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12229 -c "NamedGroup: secp384r1 ( 18 )" \
12230 -c "Verifying peer X.509 certificate... ok" \
12231 -C "received HelloRetryRequest message"
12232
12233requires_gnutls_tls1_3
12234requires_gnutls_next_no_ticket
12235requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12236requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12237requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12238requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12240run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12241 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12242 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12243 0 \
12244 -c "HTTP/1.0 200 OK" \
12245 -c "Protocol is TLSv1.3" \
12246 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12247 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12248 -c "NamedGroup: secp384r1 ( 18 )" \
12249 -c "Verifying peer X.509 certificate... ok" \
12250 -C "received HelloRetryRequest message"
12251
12252requires_gnutls_tls1_3
12253requires_gnutls_next_no_ticket
12254requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12255requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12256requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12257requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12258requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12259requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12260run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12261 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12262 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12263 0 \
12264 -c "HTTP/1.0 200 OK" \
12265 -c "Protocol is TLSv1.3" \
12266 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12267 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12268 -c "NamedGroup: secp384r1 ( 18 )" \
12269 -c "Verifying peer X.509 certificate... ok" \
12270 -C "received HelloRetryRequest message"
12271
12272requires_gnutls_tls1_3
12273requires_gnutls_next_no_ticket
12274requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12275requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12276requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12277requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12278requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12279run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12280 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12281 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12282 0 \
12283 -c "HTTP/1.0 200 OK" \
12284 -c "Protocol is TLSv1.3" \
12285 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12286 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12287 -c "NamedGroup: secp521r1 ( 19 )" \
12288 -c "Verifying peer X.509 certificate... ok" \
12289 -C "received HelloRetryRequest message"
12290
12291requires_gnutls_tls1_3
12292requires_gnutls_next_no_ticket
12293requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12294requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12295requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12296requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12297requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12298run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12299 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12300 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12301 0 \
12302 -c "HTTP/1.0 200 OK" \
12303 -c "Protocol is TLSv1.3" \
12304 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12305 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12306 -c "NamedGroup: secp521r1 ( 19 )" \
12307 -c "Verifying peer X.509 certificate... ok" \
12308 -C "received HelloRetryRequest message"
12309
12310requires_gnutls_tls1_3
12311requires_gnutls_next_no_ticket
12312requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12313requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12314requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12315requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12316requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12317run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12318 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12319 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12320 0 \
12321 -c "HTTP/1.0 200 OK" \
12322 -c "Protocol is TLSv1.3" \
12323 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12324 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12325 -c "NamedGroup: secp521r1 ( 19 )" \
12326 -c "Verifying peer X.509 certificate... ok" \
12327 -C "received HelloRetryRequest message"
12328
12329requires_gnutls_tls1_3
12330requires_gnutls_next_no_ticket
12331requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12332requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12333requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12334requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12335requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12336requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12337run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12338 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12339 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12340 0 \
12341 -c "HTTP/1.0 200 OK" \
12342 -c "Protocol is TLSv1.3" \
12343 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12344 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12345 -c "NamedGroup: secp521r1 ( 19 )" \
12346 -c "Verifying peer X.509 certificate... ok" \
12347 -C "received HelloRetryRequest message"
12348
12349requires_gnutls_tls1_3
12350requires_gnutls_next_no_ticket
12351requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12352requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12353requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12354requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12355requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12356run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12357 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12358 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12359 0 \
12360 -c "HTTP/1.0 200 OK" \
12361 -c "Protocol is TLSv1.3" \
12362 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12363 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12364 -c "NamedGroup: x25519 ( 1d )" \
12365 -c "Verifying peer X.509 certificate... ok" \
12366 -C "received HelloRetryRequest message"
12367
12368requires_gnutls_tls1_3
12369requires_gnutls_next_no_ticket
12370requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12371requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12372requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12373requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12374requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12375run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12376 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12377 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12378 0 \
12379 -c "HTTP/1.0 200 OK" \
12380 -c "Protocol is TLSv1.3" \
12381 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12382 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12383 -c "NamedGroup: x25519 ( 1d )" \
12384 -c "Verifying peer X.509 certificate... ok" \
12385 -C "received HelloRetryRequest message"
12386
12387requires_gnutls_tls1_3
12388requires_gnutls_next_no_ticket
12389requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12390requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12391requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12392requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12393requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12394run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12395 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12396 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12397 0 \
12398 -c "HTTP/1.0 200 OK" \
12399 -c "Protocol is TLSv1.3" \
12400 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12401 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12402 -c "NamedGroup: x25519 ( 1d )" \
12403 -c "Verifying peer X.509 certificate... ok" \
12404 -C "received HelloRetryRequest message"
12405
12406requires_gnutls_tls1_3
12407requires_gnutls_next_no_ticket
12408requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12409requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12410requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12411requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12412requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12413requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12414run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12415 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12416 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12417 0 \
12418 -c "HTTP/1.0 200 OK" \
12419 -c "Protocol is TLSv1.3" \
12420 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12421 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12422 -c "NamedGroup: x25519 ( 1d )" \
12423 -c "Verifying peer X.509 certificate... ok" \
12424 -C "received HelloRetryRequest message"
12425
12426requires_gnutls_tls1_3
12427requires_gnutls_next_no_ticket
12428requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12429requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12430requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12431requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12432requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12433run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12434 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12435 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12436 0 \
12437 -c "HTTP/1.0 200 OK" \
12438 -c "Protocol is TLSv1.3" \
12439 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12440 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12441 -c "NamedGroup: x448 ( 1e )" \
12442 -c "Verifying peer X.509 certificate... ok" \
12443 -C "received HelloRetryRequest message"
12444
12445requires_gnutls_tls1_3
12446requires_gnutls_next_no_ticket
12447requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12448requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12449requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12450requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12451requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12452run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12453 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12454 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12455 0 \
12456 -c "HTTP/1.0 200 OK" \
12457 -c "Protocol is TLSv1.3" \
12458 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12459 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12460 -c "NamedGroup: x448 ( 1e )" \
12461 -c "Verifying peer X.509 certificate... ok" \
12462 -C "received HelloRetryRequest message"
12463
12464requires_gnutls_tls1_3
12465requires_gnutls_next_no_ticket
12466requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12467requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12468requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12469requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12470requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12471run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12472 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12473 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12474 0 \
12475 -c "HTTP/1.0 200 OK" \
12476 -c "Protocol is TLSv1.3" \
12477 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12478 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12479 -c "NamedGroup: x448 ( 1e )" \
12480 -c "Verifying peer X.509 certificate... ok" \
12481 -C "received HelloRetryRequest message"
12482
12483requires_gnutls_tls1_3
12484requires_gnutls_next_no_ticket
12485requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12486requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12487requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12488requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12489requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12490requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12491run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12492 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12493 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12494 0 \
12495 -c "HTTP/1.0 200 OK" \
12496 -c "Protocol is TLSv1.3" \
12497 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12498 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12499 -c "NamedGroup: x448 ( 1e )" \
12500 -c "Verifying peer X.509 certificate... ok" \
12501 -C "received HelloRetryRequest message"
12502
12503requires_gnutls_tls1_3
12504requires_gnutls_next_no_ticket
12505requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12506requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12507requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12508requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12509requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]12510run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
12511 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
12512 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
12513 0 \
12514 -c "HTTP/1.0 200 OK" \
12515 -c "Protocol is TLSv1.3" \
12516 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12517 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12518 -c "NamedGroup: ffdhe2048 ( 100 )" \
12519 -c "Verifying peer X.509 certificate... ok" \
12520 -C "received HelloRetryRequest message"
12521
12522requires_gnutls_tls1_3
12523requires_gnutls_next_no_ticket
12524requires_gnutls_next_disable_tls13_compat
12525requires_config_enabled MBEDTLS_SSL_CLI_C
12526requires_config_enabled MBEDTLS_DEBUG_C
12527requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12528requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12529run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
12530 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
12531 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
12532 0 \
12533 -c "HTTP/1.0 200 OK" \
12534 -c "Protocol is TLSv1.3" \
12535 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12536 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12537 -c "NamedGroup: ffdhe2048 ( 100 )" \
12538 -c "Verifying peer X.509 certificate... ok" \
12539 -C "received HelloRetryRequest message"
12540
12541requires_gnutls_tls1_3
12542requires_gnutls_next_no_ticket
12543requires_gnutls_next_disable_tls13_compat
12544requires_config_enabled MBEDTLS_SSL_CLI_C
12545requires_config_enabled MBEDTLS_DEBUG_C
12546requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12547requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12548run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
12549 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
12550 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
12551 0 \
12552 -c "HTTP/1.0 200 OK" \
12553 -c "Protocol is TLSv1.3" \
12554 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12555 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12556 -c "NamedGroup: ffdhe2048 ( 100 )" \
12557 -c "Verifying peer X.509 certificate... ok" \
12558 -C "received HelloRetryRequest message"
12559
12560requires_gnutls_tls1_3
12561requires_gnutls_next_no_ticket
12562requires_gnutls_next_disable_tls13_compat
12563requires_config_enabled MBEDTLS_SSL_CLI_C
12564requires_config_enabled MBEDTLS_DEBUG_C
12565requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12566requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12567requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12568run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
12569 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
12570 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
12571 0 \
12572 -c "HTTP/1.0 200 OK" \
12573 -c "Protocol is TLSv1.3" \
12574 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12575 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12576 -c "NamedGroup: ffdhe2048 ( 100 )" \
12577 -c "Verifying peer X.509 certificate... ok" \
12578 -C "received HelloRetryRequest message"
12579
12580requires_gnutls_tls1_3
12581requires_gnutls_next_no_ticket
12582requires_gnutls_next_disable_tls13_compat
12583requires_config_enabled MBEDTLS_SSL_CLI_C
12584requires_config_enabled MBEDTLS_DEBUG_C
12585requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12586requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12587run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
12588 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
12589 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
12590 0 \
12591 -c "HTTP/1.0 200 OK" \
12592 -c "Protocol is TLSv1.3" \
12593 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12594 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12595 -c "NamedGroup: ffdhe3072 ( 101 )" \
12596 -c "Verifying peer X.509 certificate... ok" \
12597 -C "received HelloRetryRequest message"
12598
12599requires_gnutls_tls1_3
12600requires_gnutls_next_no_ticket
12601requires_gnutls_next_disable_tls13_compat
12602requires_config_enabled MBEDTLS_SSL_CLI_C
12603requires_config_enabled MBEDTLS_DEBUG_C
12604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12605requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12606run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
12607 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
12608 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
12609 0 \
12610 -c "HTTP/1.0 200 OK" \
12611 -c "Protocol is TLSv1.3" \
12612 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12613 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12614 -c "NamedGroup: ffdhe3072 ( 101 )" \
12615 -c "Verifying peer X.509 certificate... ok" \
12616 -C "received HelloRetryRequest message"
12617
12618requires_gnutls_tls1_3
12619requires_gnutls_next_no_ticket
12620requires_gnutls_next_disable_tls13_compat
12621requires_config_enabled MBEDTLS_SSL_CLI_C
12622requires_config_enabled MBEDTLS_DEBUG_C
12623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12624requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12625run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
12626 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
12627 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
12628 0 \
12629 -c "HTTP/1.0 200 OK" \
12630 -c "Protocol is TLSv1.3" \
12631 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12632 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12633 -c "NamedGroup: ffdhe3072 ( 101 )" \
12634 -c "Verifying peer X.509 certificate... ok" \
12635 -C "received HelloRetryRequest message"
12636
12637requires_gnutls_tls1_3
12638requires_gnutls_next_no_ticket
12639requires_gnutls_next_disable_tls13_compat
12640requires_config_enabled MBEDTLS_SSL_CLI_C
12641requires_config_enabled MBEDTLS_DEBUG_C
12642requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12643requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12644requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12645run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
12646 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
12647 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
12648 0 \
12649 -c "HTTP/1.0 200 OK" \
12650 -c "Protocol is TLSv1.3" \
12651 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12652 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12653 -c "NamedGroup: ffdhe3072 ( 101 )" \
12654 -c "Verifying peer X.509 certificate... ok" \
12655 -C "received HelloRetryRequest message"
12656
12657requires_gnutls_tls1_3
12658requires_gnutls_next_no_ticket
12659requires_gnutls_next_disable_tls13_compat
12660requires_config_enabled MBEDTLS_SSL_CLI_C
12661requires_config_enabled MBEDTLS_DEBUG_C
12662requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12663requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12664run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
12665 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
12666 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
12667 0 \
12668 -c "HTTP/1.0 200 OK" \
12669 -c "Protocol is TLSv1.3" \
12670 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12671 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12672 -c "NamedGroup: ffdhe4096 ( 102 )" \
12673 -c "Verifying peer X.509 certificate... ok" \
12674 -C "received HelloRetryRequest message"
12675
12676requires_gnutls_tls1_3
12677requires_gnutls_next_no_ticket
12678requires_gnutls_next_disable_tls13_compat
12679requires_config_enabled MBEDTLS_SSL_CLI_C
12680requires_config_enabled MBEDTLS_DEBUG_C
12681requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12682requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12683run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
12684 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
12685 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
12686 0 \
12687 -c "HTTP/1.0 200 OK" \
12688 -c "Protocol is TLSv1.3" \
12689 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12690 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12691 -c "NamedGroup: ffdhe4096 ( 102 )" \
12692 -c "Verifying peer X.509 certificate... ok" \
12693 -C "received HelloRetryRequest message"
12694
12695requires_gnutls_tls1_3
12696requires_gnutls_next_no_ticket
12697requires_gnutls_next_disable_tls13_compat
12698requires_config_enabled MBEDTLS_SSL_CLI_C
12699requires_config_enabled MBEDTLS_DEBUG_C
12700requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12701requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12702run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
12703 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
12704 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
12705 0 \
12706 -c "HTTP/1.0 200 OK" \
12707 -c "Protocol is TLSv1.3" \
12708 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12709 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12710 -c "NamedGroup: ffdhe4096 ( 102 )" \
12711 -c "Verifying peer X.509 certificate... ok" \
12712 -C "received HelloRetryRequest message"
12713
12714requires_gnutls_tls1_3
12715requires_gnutls_next_no_ticket
12716requires_gnutls_next_disable_tls13_compat
12717requires_config_enabled MBEDTLS_SSL_CLI_C
12718requires_config_enabled MBEDTLS_DEBUG_C
12719requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12720requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12721requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12722run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
12723 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
12724 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
12725 0 \
12726 -c "HTTP/1.0 200 OK" \
12727 -c "Protocol is TLSv1.3" \
12728 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12729 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12730 -c "NamedGroup: ffdhe4096 ( 102 )" \
12731 -c "Verifying peer X.509 certificate... ok" \
12732 -C "received HelloRetryRequest message"
12733
12734requires_gnutls_tls1_3
12735requires_gnutls_next_no_ticket
12736requires_gnutls_next_disable_tls13_compat
12737requires_config_enabled MBEDTLS_SSL_CLI_C
12738requires_config_enabled MBEDTLS_DEBUG_C
12739requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12740requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12741run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
12742 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
12743 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
12744 0 \
12745 -c "HTTP/1.0 200 OK" \
12746 -c "Protocol is TLSv1.3" \
12747 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12748 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12749 -c "NamedGroup: ffdhe6144 ( 103 )" \
12750 -c "Verifying peer X.509 certificate... ok" \
12751 -C "received HelloRetryRequest message"
12752
12753requires_gnutls_tls1_3
12754requires_gnutls_next_no_ticket
12755requires_gnutls_next_disable_tls13_compat
12756requires_config_enabled MBEDTLS_SSL_CLI_C
12757requires_config_enabled MBEDTLS_DEBUG_C
12758requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12759requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12760run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
12761 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
12762 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
12763 0 \
12764 -c "HTTP/1.0 200 OK" \
12765 -c "Protocol is TLSv1.3" \
12766 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12767 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12768 -c "NamedGroup: ffdhe6144 ( 103 )" \
12769 -c "Verifying peer X.509 certificate... ok" \
12770 -C "received HelloRetryRequest message"
12771
12772requires_gnutls_tls1_3
12773requires_gnutls_next_no_ticket
12774requires_gnutls_next_disable_tls13_compat
12775requires_config_enabled MBEDTLS_SSL_CLI_C
12776requires_config_enabled MBEDTLS_DEBUG_C
12777requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12778requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12779run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
12780 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
12781 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
12782 0 \
12783 -c "HTTP/1.0 200 OK" \
12784 -c "Protocol is TLSv1.3" \
12785 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12786 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12787 -c "NamedGroup: ffdhe6144 ( 103 )" \
12788 -c "Verifying peer X.509 certificate... ok" \
12789 -C "received HelloRetryRequest message"
12790
12791requires_gnutls_tls1_3
12792requires_gnutls_next_no_ticket
12793requires_gnutls_next_disable_tls13_compat
12794requires_config_enabled MBEDTLS_SSL_CLI_C
12795requires_config_enabled MBEDTLS_DEBUG_C
12796requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12797requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12798requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12799run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
12800 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
12801 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
12802 0 \
12803 -c "HTTP/1.0 200 OK" \
12804 -c "Protocol is TLSv1.3" \
12805 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12806 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12807 -c "NamedGroup: ffdhe6144 ( 103 )" \
12808 -c "Verifying peer X.509 certificate... ok" \
12809 -C "received HelloRetryRequest message"
12810
12811requires_gnutls_tls1_3
12812requires_gnutls_next_no_ticket
12813requires_gnutls_next_disable_tls13_compat
12814requires_config_enabled MBEDTLS_SSL_CLI_C
12815requires_config_enabled MBEDTLS_DEBUG_C
12816requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12817requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12818run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
12819 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
12820 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
12821 0 \
12822 -c "HTTP/1.0 200 OK" \
12823 -c "Protocol is TLSv1.3" \
12824 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12825 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12826 -c "NamedGroup: ffdhe8192 ( 104 )" \
12827 -c "Verifying peer X.509 certificate... ok" \
12828 -C "received HelloRetryRequest message"
12829
12830requires_gnutls_tls1_3
12831requires_gnutls_next_no_ticket
12832requires_gnutls_next_disable_tls13_compat
12833requires_config_enabled MBEDTLS_SSL_CLI_C
12834requires_config_enabled MBEDTLS_DEBUG_C
12835requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12836requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12837run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
12838 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
12839 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
12840 0 \
12841 -c "HTTP/1.0 200 OK" \
12842 -c "Protocol is TLSv1.3" \
12843 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12844 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12845 -c "NamedGroup: ffdhe8192 ( 104 )" \
12846 -c "Verifying peer X.509 certificate... ok" \
12847 -C "received HelloRetryRequest message"
12848
12849requires_gnutls_tls1_3
12850requires_gnutls_next_no_ticket
12851requires_gnutls_next_disable_tls13_compat
12852requires_config_enabled MBEDTLS_SSL_CLI_C
12853requires_config_enabled MBEDTLS_DEBUG_C
12854requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12856run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
12857 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
12858 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
12859 0 \
12860 -c "HTTP/1.0 200 OK" \
12861 -c "Protocol is TLSv1.3" \
12862 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12863 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12864 -c "NamedGroup: ffdhe8192 ( 104 )" \
12865 -c "Verifying peer X.509 certificate... ok" \
12866 -C "received HelloRetryRequest message"
12867
12868requires_gnutls_tls1_3
12869requires_gnutls_next_no_ticket
12870requires_gnutls_next_disable_tls13_compat
12871requires_config_enabled MBEDTLS_SSL_CLI_C
12872requires_config_enabled MBEDTLS_DEBUG_C
12873requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12874requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12875requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12876run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
12877 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
12878 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
12879 0 \
12880 -c "HTTP/1.0 200 OK" \
12881 -c "Protocol is TLSv1.3" \
12882 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
12883 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12884 -c "NamedGroup: ffdhe8192 ( 104 )" \
12885 -c "Verifying peer X.509 certificate... ok" \
12886 -C "received HelloRetryRequest message"
12887
12888requires_gnutls_tls1_3
12889requires_gnutls_next_no_ticket
12890requires_gnutls_next_disable_tls13_compat
12891requires_config_enabled MBEDTLS_SSL_CLI_C
12892requires_config_enabled MBEDTLS_DEBUG_C
12893requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12894requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12895run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12896 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12897 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12898 0 \
12899 -c "HTTP/1.0 200 OK" \
12900 -c "Protocol is TLSv1.3" \
12901 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12902 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12903 -c "NamedGroup: secp256r1 ( 17 )" \
12904 -c "Verifying peer X.509 certificate... ok" \
12905 -C "received HelloRetryRequest message"
12906
12907requires_gnutls_tls1_3
12908requires_gnutls_next_no_ticket
12909requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12910requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12911requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12912requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12913requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12914run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12915 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12916 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12917 0 \
12918 -c "HTTP/1.0 200 OK" \
12919 -c "Protocol is TLSv1.3" \
12920 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12921 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12922 -c "NamedGroup: secp256r1 ( 17 )" \
12923 -c "Verifying peer X.509 certificate... ok" \
12924 -C "received HelloRetryRequest message"
12925
12926requires_gnutls_tls1_3
12927requires_gnutls_next_no_ticket
12928requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12929requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12930requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12931requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12932requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12933run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12934 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12935 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12936 0 \
12937 -c "HTTP/1.0 200 OK" \
12938 -c "Protocol is TLSv1.3" \
12939 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12940 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12941 -c "NamedGroup: secp256r1 ( 17 )" \
12942 -c "Verifying peer X.509 certificate... ok" \
12943 -C "received HelloRetryRequest message"
12944
12945requires_gnutls_tls1_3
12946requires_gnutls_next_no_ticket
12947requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12948requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12949requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12950requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12951requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12952requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
12953run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12954 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12955 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12956 0 \
12957 -c "HTTP/1.0 200 OK" \
12958 -c "Protocol is TLSv1.3" \
12959 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12960 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12961 -c "NamedGroup: secp256r1 ( 17 )" \
12962 -c "Verifying peer X.509 certificate... ok" \
12963 -C "received HelloRetryRequest message"
12964
12965requires_gnutls_tls1_3
12966requires_gnutls_next_no_ticket
12967requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12968requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12969requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12970requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12971requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12972run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12973 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12974 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12975 0 \
12976 -c "HTTP/1.0 200 OK" \
12977 -c "Protocol is TLSv1.3" \
12978 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12979 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12980 -c "NamedGroup: secp384r1 ( 18 )" \
12981 -c "Verifying peer X.509 certificate... ok" \
12982 -C "received HelloRetryRequest message"
12983
12984requires_gnutls_tls1_3
12985requires_gnutls_next_no_ticket
12986requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12987requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12988requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12989requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12990requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12991run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12992 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]12993 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]12994 0 \
12995 -c "HTTP/1.0 200 OK" \
12996 -c "Protocol is TLSv1.3" \
12997 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
12998 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12999 -c "NamedGroup: secp384r1 ( 18 )" \
13000 -c "Verifying peer X.509 certificate... ok" \
13001 -C "received HelloRetryRequest message"
13002
13003requires_gnutls_tls1_3
13004requires_gnutls_next_no_ticket
13005requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13006requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13007requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13008requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13009requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13010run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13011 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13012 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13013 0 \
13014 -c "HTTP/1.0 200 OK" \
13015 -c "Protocol is TLSv1.3" \
13016 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13017 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13018 -c "NamedGroup: secp384r1 ( 18 )" \
13019 -c "Verifying peer X.509 certificate... ok" \
13020 -C "received HelloRetryRequest message"
13021
13022requires_gnutls_tls1_3
13023requires_gnutls_next_no_ticket
13024requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13025requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13026requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13027requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13028requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13029requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13030run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13031 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13032 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13033 0 \
13034 -c "HTTP/1.0 200 OK" \
13035 -c "Protocol is TLSv1.3" \
13036 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13037 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13038 -c "NamedGroup: secp384r1 ( 18 )" \
13039 -c "Verifying peer X.509 certificate... ok" \
13040 -C "received HelloRetryRequest message"
13041
13042requires_gnutls_tls1_3
13043requires_gnutls_next_no_ticket
13044requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13045requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13046requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13047requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13048requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13049run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13050 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13051 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13052 0 \
13053 -c "HTTP/1.0 200 OK" \
13054 -c "Protocol is TLSv1.3" \
13055 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13056 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13057 -c "NamedGroup: secp521r1 ( 19 )" \
13058 -c "Verifying peer X.509 certificate... ok" \
13059 -C "received HelloRetryRequest message"
13060
13061requires_gnutls_tls1_3
13062requires_gnutls_next_no_ticket
13063requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13064requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13065requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13066requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13067requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13068run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13069 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13070 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13071 0 \
13072 -c "HTTP/1.0 200 OK" \
13073 -c "Protocol is TLSv1.3" \
13074 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13075 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13076 -c "NamedGroup: secp521r1 ( 19 )" \
13077 -c "Verifying peer X.509 certificate... ok" \
13078 -C "received HelloRetryRequest message"
13079
13080requires_gnutls_tls1_3
13081requires_gnutls_next_no_ticket
13082requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13083requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13084requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13085requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13086requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13087run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13088 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13089 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13090 0 \
13091 -c "HTTP/1.0 200 OK" \
13092 -c "Protocol is TLSv1.3" \
13093 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13094 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13095 -c "NamedGroup: secp521r1 ( 19 )" \
13096 -c "Verifying peer X.509 certificate... ok" \
13097 -C "received HelloRetryRequest message"
13098
13099requires_gnutls_tls1_3
13100requires_gnutls_next_no_ticket
13101requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13102requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13103requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13104requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13105requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13106requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13107run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13108 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13109 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13110 0 \
13111 -c "HTTP/1.0 200 OK" \
13112 -c "Protocol is TLSv1.3" \
13113 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13114 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13115 -c "NamedGroup: secp521r1 ( 19 )" \
13116 -c "Verifying peer X.509 certificate... ok" \
13117 -C "received HelloRetryRequest message"
13118
13119requires_gnutls_tls1_3
13120requires_gnutls_next_no_ticket
13121requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13122requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13123requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13124requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13125requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13126run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13127 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13128 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13129 0 \
13130 -c "HTTP/1.0 200 OK" \
13131 -c "Protocol is TLSv1.3" \
13132 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13133 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13134 -c "NamedGroup: x25519 ( 1d )" \
13135 -c "Verifying peer X.509 certificate... ok" \
13136 -C "received HelloRetryRequest message"
13137
13138requires_gnutls_tls1_3
13139requires_gnutls_next_no_ticket
13140requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13141requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13142requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13144requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13145run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13146 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13147 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13148 0 \
13149 -c "HTTP/1.0 200 OK" \
13150 -c "Protocol is TLSv1.3" \
13151 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13152 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13153 -c "NamedGroup: x25519 ( 1d )" \
13154 -c "Verifying peer X.509 certificate... ok" \
13155 -C "received HelloRetryRequest message"
13156
13157requires_gnutls_tls1_3
13158requires_gnutls_next_no_ticket
13159requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13160requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13161requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13162requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13163requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13164run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13165 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13166 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13167 0 \
13168 -c "HTTP/1.0 200 OK" \
13169 -c "Protocol is TLSv1.3" \
13170 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13171 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13172 -c "NamedGroup: x25519 ( 1d )" \
13173 -c "Verifying peer X.509 certificate... ok" \
13174 -C "received HelloRetryRequest message"
13175
13176requires_gnutls_tls1_3
13177requires_gnutls_next_no_ticket
13178requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13179requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13180requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13181requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13182requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13183requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13184run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13185 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13186 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13187 0 \
13188 -c "HTTP/1.0 200 OK" \
13189 -c "Protocol is TLSv1.3" \
13190 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13191 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13192 -c "NamedGroup: x25519 ( 1d )" \
13193 -c "Verifying peer X.509 certificate... ok" \
13194 -C "received HelloRetryRequest message"
13195
13196requires_gnutls_tls1_3
13197requires_gnutls_next_no_ticket
13198requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13199requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13200requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13201requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13202requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13203run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13204 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13205 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13206 0 \
13207 -c "HTTP/1.0 200 OK" \
13208 -c "Protocol is TLSv1.3" \
13209 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13210 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13211 -c "NamedGroup: x448 ( 1e )" \
13212 -c "Verifying peer X.509 certificate... ok" \
13213 -C "received HelloRetryRequest message"
13214
13215requires_gnutls_tls1_3
13216requires_gnutls_next_no_ticket
13217requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13218requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13219requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13220requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13222run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13223 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13224 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13225 0 \
13226 -c "HTTP/1.0 200 OK" \
13227 -c "Protocol is TLSv1.3" \
13228 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13229 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13230 -c "NamedGroup: x448 ( 1e )" \
13231 -c "Verifying peer X.509 certificate... ok" \
13232 -C "received HelloRetryRequest message"
13233
13234requires_gnutls_tls1_3
13235requires_gnutls_next_no_ticket
13236requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13237requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13238requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13239requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13240requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13241run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13242 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13243 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13244 0 \
13245 -c "HTTP/1.0 200 OK" \
13246 -c "Protocol is TLSv1.3" \
13247 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13248 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13249 -c "NamedGroup: x448 ( 1e )" \
13250 -c "Verifying peer X.509 certificate... ok" \
13251 -C "received HelloRetryRequest message"
13252
13253requires_gnutls_tls1_3
13254requires_gnutls_next_no_ticket
13255requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13256requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13257requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13258requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13259requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13260requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13261run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13262 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13263 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13264 0 \
13265 -c "HTTP/1.0 200 OK" \
13266 -c "Protocol is TLSv1.3" \
13267 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13268 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13269 -c "NamedGroup: x448 ( 1e )" \
13270 -c "Verifying peer X.509 certificate... ok" \
13271 -C "received HelloRetryRequest message"
13272
13273requires_gnutls_tls1_3
13274requires_gnutls_next_no_ticket
13275requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13276requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13277requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13278requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13279requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]13280run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
13281 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
13282 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
13283 0 \
13284 -c "HTTP/1.0 200 OK" \
13285 -c "Protocol is TLSv1.3" \
13286 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13287 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13288 -c "NamedGroup: ffdhe2048 ( 100 )" \
13289 -c "Verifying peer X.509 certificate... ok" \
13290 -C "received HelloRetryRequest message"
13291
13292requires_gnutls_tls1_3
13293requires_gnutls_next_no_ticket
13294requires_gnutls_next_disable_tls13_compat
13295requires_config_enabled MBEDTLS_SSL_CLI_C
13296requires_config_enabled MBEDTLS_DEBUG_C
13297requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13298requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13299run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
13300 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
13301 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
13302 0 \
13303 -c "HTTP/1.0 200 OK" \
13304 -c "Protocol is TLSv1.3" \
13305 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13306 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13307 -c "NamedGroup: ffdhe2048 ( 100 )" \
13308 -c "Verifying peer X.509 certificate... ok" \
13309 -C "received HelloRetryRequest message"
13310
13311requires_gnutls_tls1_3
13312requires_gnutls_next_no_ticket
13313requires_gnutls_next_disable_tls13_compat
13314requires_config_enabled MBEDTLS_SSL_CLI_C
13315requires_config_enabled MBEDTLS_DEBUG_C
13316requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13317requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13318run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
13319 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
13320 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
13321 0 \
13322 -c "HTTP/1.0 200 OK" \
13323 -c "Protocol is TLSv1.3" \
13324 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13325 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13326 -c "NamedGroup: ffdhe2048 ( 100 )" \
13327 -c "Verifying peer X.509 certificate... ok" \
13328 -C "received HelloRetryRequest message"
13329
13330requires_gnutls_tls1_3
13331requires_gnutls_next_no_ticket
13332requires_gnutls_next_disable_tls13_compat
13333requires_config_enabled MBEDTLS_SSL_CLI_C
13334requires_config_enabled MBEDTLS_DEBUG_C
13335requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13336requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13337requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13338run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
13339 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
13340 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
13341 0 \
13342 -c "HTTP/1.0 200 OK" \
13343 -c "Protocol is TLSv1.3" \
13344 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13345 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13346 -c "NamedGroup: ffdhe2048 ( 100 )" \
13347 -c "Verifying peer X.509 certificate... ok" \
13348 -C "received HelloRetryRequest message"
13349
13350requires_gnutls_tls1_3
13351requires_gnutls_next_no_ticket
13352requires_gnutls_next_disable_tls13_compat
13353requires_config_enabled MBEDTLS_SSL_CLI_C
13354requires_config_enabled MBEDTLS_DEBUG_C
13355requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13356requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13357run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
13358 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
13359 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
13360 0 \
13361 -c "HTTP/1.0 200 OK" \
13362 -c "Protocol is TLSv1.3" \
13363 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13364 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13365 -c "NamedGroup: ffdhe3072 ( 101 )" \
13366 -c "Verifying peer X.509 certificate... ok" \
13367 -C "received HelloRetryRequest message"
13368
13369requires_gnutls_tls1_3
13370requires_gnutls_next_no_ticket
13371requires_gnutls_next_disable_tls13_compat
13372requires_config_enabled MBEDTLS_SSL_CLI_C
13373requires_config_enabled MBEDTLS_DEBUG_C
13374requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13375requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13376run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
13377 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
13378 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
13379 0 \
13380 -c "HTTP/1.0 200 OK" \
13381 -c "Protocol is TLSv1.3" \
13382 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13383 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13384 -c "NamedGroup: ffdhe3072 ( 101 )" \
13385 -c "Verifying peer X.509 certificate... ok" \
13386 -C "received HelloRetryRequest message"
13387
13388requires_gnutls_tls1_3
13389requires_gnutls_next_no_ticket
13390requires_gnutls_next_disable_tls13_compat
13391requires_config_enabled MBEDTLS_SSL_CLI_C
13392requires_config_enabled MBEDTLS_DEBUG_C
13393requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13395run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
13396 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
13397 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
13398 0 \
13399 -c "HTTP/1.0 200 OK" \
13400 -c "Protocol is TLSv1.3" \
13401 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13402 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13403 -c "NamedGroup: ffdhe3072 ( 101 )" \
13404 -c "Verifying peer X.509 certificate... ok" \
13405 -C "received HelloRetryRequest message"
13406
13407requires_gnutls_tls1_3
13408requires_gnutls_next_no_ticket
13409requires_gnutls_next_disable_tls13_compat
13410requires_config_enabled MBEDTLS_SSL_CLI_C
13411requires_config_enabled MBEDTLS_DEBUG_C
13412requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13413requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13414requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13415run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
13416 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
13417 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
13418 0 \
13419 -c "HTTP/1.0 200 OK" \
13420 -c "Protocol is TLSv1.3" \
13421 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13422 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13423 -c "NamedGroup: ffdhe3072 ( 101 )" \
13424 -c "Verifying peer X.509 certificate... ok" \
13425 -C "received HelloRetryRequest message"
13426
13427requires_gnutls_tls1_3
13428requires_gnutls_next_no_ticket
13429requires_gnutls_next_disable_tls13_compat
13430requires_config_enabled MBEDTLS_SSL_CLI_C
13431requires_config_enabled MBEDTLS_DEBUG_C
13432requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13433requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13434run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
13435 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
13436 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
13437 0 \
13438 -c "HTTP/1.0 200 OK" \
13439 -c "Protocol is TLSv1.3" \
13440 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13441 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13442 -c "NamedGroup: ffdhe4096 ( 102 )" \
13443 -c "Verifying peer X.509 certificate... ok" \
13444 -C "received HelloRetryRequest message"
13445
13446requires_gnutls_tls1_3
13447requires_gnutls_next_no_ticket
13448requires_gnutls_next_disable_tls13_compat
13449requires_config_enabled MBEDTLS_SSL_CLI_C
13450requires_config_enabled MBEDTLS_DEBUG_C
13451requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13452requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13453run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
13454 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
13455 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
13456 0 \
13457 -c "HTTP/1.0 200 OK" \
13458 -c "Protocol is TLSv1.3" \
13459 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13460 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13461 -c "NamedGroup: ffdhe4096 ( 102 )" \
13462 -c "Verifying peer X.509 certificate... ok" \
13463 -C "received HelloRetryRequest message"
13464
13465requires_gnutls_tls1_3
13466requires_gnutls_next_no_ticket
13467requires_gnutls_next_disable_tls13_compat
13468requires_config_enabled MBEDTLS_SSL_CLI_C
13469requires_config_enabled MBEDTLS_DEBUG_C
13470requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13471requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13472run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
13473 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
13474 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
13475 0 \
13476 -c "HTTP/1.0 200 OK" \
13477 -c "Protocol is TLSv1.3" \
13478 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13479 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13480 -c "NamedGroup: ffdhe4096 ( 102 )" \
13481 -c "Verifying peer X.509 certificate... ok" \
13482 -C "received HelloRetryRequest message"
13483
13484requires_gnutls_tls1_3
13485requires_gnutls_next_no_ticket
13486requires_gnutls_next_disable_tls13_compat
13487requires_config_enabled MBEDTLS_SSL_CLI_C
13488requires_config_enabled MBEDTLS_DEBUG_C
13489requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13490requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13491requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13492run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
13493 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
13494 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
13495 0 \
13496 -c "HTTP/1.0 200 OK" \
13497 -c "Protocol is TLSv1.3" \
13498 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13499 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13500 -c "NamedGroup: ffdhe4096 ( 102 )" \
13501 -c "Verifying peer X.509 certificate... ok" \
13502 -C "received HelloRetryRequest message"
13503
13504requires_gnutls_tls1_3
13505requires_gnutls_next_no_ticket
13506requires_gnutls_next_disable_tls13_compat
13507requires_config_enabled MBEDTLS_SSL_CLI_C
13508requires_config_enabled MBEDTLS_DEBUG_C
13509requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13510requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13511run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
13512 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
13513 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
13514 0 \
13515 -c "HTTP/1.0 200 OK" \
13516 -c "Protocol is TLSv1.3" \
13517 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13518 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13519 -c "NamedGroup: ffdhe6144 ( 103 )" \
13520 -c "Verifying peer X.509 certificate... ok" \
13521 -C "received HelloRetryRequest message"
13522
13523requires_gnutls_tls1_3
13524requires_gnutls_next_no_ticket
13525requires_gnutls_next_disable_tls13_compat
13526requires_config_enabled MBEDTLS_SSL_CLI_C
13527requires_config_enabled MBEDTLS_DEBUG_C
13528requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13529requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13530run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
13531 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
13532 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
13533 0 \
13534 -c "HTTP/1.0 200 OK" \
13535 -c "Protocol is TLSv1.3" \
13536 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13537 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13538 -c "NamedGroup: ffdhe6144 ( 103 )" \
13539 -c "Verifying peer X.509 certificate... ok" \
13540 -C "received HelloRetryRequest message"
13541
13542requires_gnutls_tls1_3
13543requires_gnutls_next_no_ticket
13544requires_gnutls_next_disable_tls13_compat
13545requires_config_enabled MBEDTLS_SSL_CLI_C
13546requires_config_enabled MBEDTLS_DEBUG_C
13547requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13548requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13549run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
13550 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
13551 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
13552 0 \
13553 -c "HTTP/1.0 200 OK" \
13554 -c "Protocol is TLSv1.3" \
13555 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13556 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13557 -c "NamedGroup: ffdhe6144 ( 103 )" \
13558 -c "Verifying peer X.509 certificate... ok" \
13559 -C "received HelloRetryRequest message"
13560
13561requires_gnutls_tls1_3
13562requires_gnutls_next_no_ticket
13563requires_gnutls_next_disable_tls13_compat
13564requires_config_enabled MBEDTLS_SSL_CLI_C
13565requires_config_enabled MBEDTLS_DEBUG_C
13566requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13567requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13568requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13569run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
13570 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
13571 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
13572 0 \
13573 -c "HTTP/1.0 200 OK" \
13574 -c "Protocol is TLSv1.3" \
13575 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13576 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13577 -c "NamedGroup: ffdhe6144 ( 103 )" \
13578 -c "Verifying peer X.509 certificate... ok" \
13579 -C "received HelloRetryRequest message"
13580
13581requires_gnutls_tls1_3
13582requires_gnutls_next_no_ticket
13583requires_gnutls_next_disable_tls13_compat
13584requires_config_enabled MBEDTLS_SSL_CLI_C
13585requires_config_enabled MBEDTLS_DEBUG_C
13586requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13587requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13588run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
13589 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
13590 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
13591 0 \
13592 -c "HTTP/1.0 200 OK" \
13593 -c "Protocol is TLSv1.3" \
13594 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13595 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13596 -c "NamedGroup: ffdhe8192 ( 104 )" \
13597 -c "Verifying peer X.509 certificate... ok" \
13598 -C "received HelloRetryRequest message"
13599
13600requires_gnutls_tls1_3
13601requires_gnutls_next_no_ticket
13602requires_gnutls_next_disable_tls13_compat
13603requires_config_enabled MBEDTLS_SSL_CLI_C
13604requires_config_enabled MBEDTLS_DEBUG_C
13605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13606requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13607run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
13608 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
13609 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
13610 0 \
13611 -c "HTTP/1.0 200 OK" \
13612 -c "Protocol is TLSv1.3" \
13613 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13614 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13615 -c "NamedGroup: ffdhe8192 ( 104 )" \
13616 -c "Verifying peer X.509 certificate... ok" \
13617 -C "received HelloRetryRequest message"
13618
13619requires_gnutls_tls1_3
13620requires_gnutls_next_no_ticket
13621requires_gnutls_next_disable_tls13_compat
13622requires_config_enabled MBEDTLS_SSL_CLI_C
13623requires_config_enabled MBEDTLS_DEBUG_C
13624requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13625requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13626run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
13627 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
13628 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
13629 0 \
13630 -c "HTTP/1.0 200 OK" \
13631 -c "Protocol is TLSv1.3" \
13632 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13633 -c "Certificate Verify: Signature algorithm ( 0603 )" \
13634 -c "NamedGroup: ffdhe8192 ( 104 )" \
13635 -c "Verifying peer X.509 certificate... ok" \
13636 -C "received HelloRetryRequest message"
13637
13638requires_gnutls_tls1_3
13639requires_gnutls_next_no_ticket
13640requires_gnutls_next_disable_tls13_compat
13641requires_config_enabled MBEDTLS_SSL_CLI_C
13642requires_config_enabled MBEDTLS_DEBUG_C
13643requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13644requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13645requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13646run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
13647 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
13648 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
13649 0 \
13650 -c "HTTP/1.0 200 OK" \
13651 -c "Protocol is TLSv1.3" \
13652 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
13653 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13654 -c "NamedGroup: ffdhe8192 ( 104 )" \
13655 -c "Verifying peer X.509 certificate... ok" \
13656 -C "received HelloRetryRequest message"
13657
13658requires_gnutls_tls1_3
13659requires_gnutls_next_no_ticket
13660requires_gnutls_next_disable_tls13_compat
13661requires_config_enabled MBEDTLS_SSL_CLI_C
13662requires_config_enabled MBEDTLS_DEBUG_C
13663requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13664requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13665run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13666 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13667 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13668 0 \
13669 -c "HTTP/1.0 200 OK" \
13670 -c "Protocol is TLSv1.3" \
13671 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13672 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13673 -c "NamedGroup: secp256r1 ( 17 )" \
13674 -c "Verifying peer X.509 certificate... ok" \
13675 -C "received HelloRetryRequest message"
13676
13677requires_gnutls_tls1_3
13678requires_gnutls_next_no_ticket
13679requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13680requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13681requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13682requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13683requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13684run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13685 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13686 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13687 0 \
13688 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]13689 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13690 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13691 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]13692 -c "NamedGroup: secp256r1 ( 17 )" \
13693 -c "Verifying peer X.509 certificate... ok" \
13694 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]13695
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13696requires_gnutls_tls1_3
13697requires_gnutls_next_no_ticket
13698requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13699requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13700requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13701requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]13702requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13703run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13704 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13705 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13706 0 \
13707 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]13708 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13709 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13710 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]13711 -c "NamedGroup: secp256r1 ( 17 )" \
13712 -c "Verifying peer X.509 certificate... ok" \
13713 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]13714
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13715requires_gnutls_tls1_3
13716requires_gnutls_next_no_ticket
13717requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13718requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13719requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13720requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]13721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13722requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13723run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13724 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13725 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13726 0 \
13727 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]13728 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13729 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13730 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]13731 -c "NamedGroup: secp256r1 ( 17 )" \
13732 -c "Verifying peer X.509 certificate... ok" \
13733 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]13734
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13735requires_gnutls_tls1_3
13736requires_gnutls_next_no_ticket
13737requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13738requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13739requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13740requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]13741requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13742run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13743 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13744 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13745 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13746 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]13747 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13748 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13749 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13750 -c "NamedGroup: secp384r1 ( 18 )" \
13751 -c "Verifying peer X.509 certificate... ok" \
13752 -C "received HelloRetryRequest message"
13753
13754requires_gnutls_tls1_3
13755requires_gnutls_next_no_ticket
13756requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13757requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13758requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13759requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13760requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13761run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13762 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13763 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13764 0 \
13765 -c "HTTP/1.0 200 OK" \
13766 -c "Protocol is TLSv1.3" \
13767 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13768 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13769 -c "NamedGroup: secp384r1 ( 18 )" \
13770 -c "Verifying peer X.509 certificate... ok" \
13771 -C "received HelloRetryRequest message"
13772
13773requires_gnutls_tls1_3
13774requires_gnutls_next_no_ticket
13775requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13776requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13777requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13778requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13779requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13780run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13781 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13782 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13783 0 \
13784 -c "HTTP/1.0 200 OK" \
13785 -c "Protocol is TLSv1.3" \
13786 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13787 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]13788 -c "NamedGroup: secp384r1 ( 18 )" \
13789 -c "Verifying peer X.509 certificate... ok" \
13790 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]13791
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13792requires_gnutls_tls1_3
13793requires_gnutls_next_no_ticket
13794requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13795requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13796requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13797requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]13798requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13799requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13800run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13801 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13802 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13803 0 \
13804 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]13805 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13806 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13807 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]13808 -c "NamedGroup: secp384r1 ( 18 )" \
13809 -c "Verifying peer X.509 certificate... ok" \
13810 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]13811
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13812requires_gnutls_tls1_3
13813requires_gnutls_next_no_ticket
13814requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13815requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13816requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13817requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]13818requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13819run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13820 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13821 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13822 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13823 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]13824 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13825 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13826 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13827 -c "NamedGroup: secp521r1 ( 19 )" \
13828 -c "Verifying peer X.509 certificate... ok" \
13829 -C "received HelloRetryRequest message"
13830
13831requires_gnutls_tls1_3
13832requires_gnutls_next_no_ticket
13833requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13834requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13835requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13836requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13837requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13838run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13839 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13840 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13841 0 \
13842 -c "HTTP/1.0 200 OK" \
13843 -c "Protocol is TLSv1.3" \
13844 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13845 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13846 -c "NamedGroup: secp521r1 ( 19 )" \
13847 -c "Verifying peer X.509 certificate... ok" \
13848 -C "received HelloRetryRequest message"
13849
13850requires_gnutls_tls1_3
13851requires_gnutls_next_no_ticket
13852requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13853requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13854requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13855requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13856requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13857run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13858 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13859 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13860 0 \
13861 -c "HTTP/1.0 200 OK" \
13862 -c "Protocol is TLSv1.3" \
13863 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13864 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]13865 -c "NamedGroup: secp521r1 ( 19 )" \
13866 -c "Verifying peer X.509 certificate... ok" \
13867 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]13868
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13869requires_gnutls_tls1_3
13870requires_gnutls_next_no_ticket
13871requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13872requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13873requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13874requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]13875requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13876requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13877run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13878 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13879 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13880 0 \
13881 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]13882 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13883 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13884 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]13885 -c "NamedGroup: secp521r1 ( 19 )" \
13886 -c "Verifying peer X.509 certificate... ok" \
13887 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]13888
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13889requires_gnutls_tls1_3
13890requires_gnutls_next_no_ticket
13891requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13892requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13893requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13894requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]13895requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13896run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13897 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13898 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13899 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13900 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]13901 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13902 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13903 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13904 -c "NamedGroup: x25519 ( 1d )" \
13905 -c "Verifying peer X.509 certificate... ok" \
13906 -C "received HelloRetryRequest message"
13907
13908requires_gnutls_tls1_3
13909requires_gnutls_next_no_ticket
13910requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13911requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13912requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13914requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13915run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13916 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13917 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13918 0 \
13919 -c "HTTP/1.0 200 OK" \
13920 -c "Protocol is TLSv1.3" \
13921 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13922 -c "Certificate Verify: Signature algorithm ( 0503 )" \
13923 -c "NamedGroup: x25519 ( 1d )" \
13924 -c "Verifying peer X.509 certificate... ok" \
13925 -C "received HelloRetryRequest message"
13926
13927requires_gnutls_tls1_3
13928requires_gnutls_next_no_ticket
13929requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13930requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13931requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13932requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13933requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13934run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13935 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13936 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13937 0 \
13938 -c "HTTP/1.0 200 OK" \
13939 -c "Protocol is TLSv1.3" \
13940 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13941 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]13942 -c "NamedGroup: x25519 ( 1d )" \
13943 -c "Verifying peer X.509 certificate... ok" \
13944 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]13945
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13946requires_gnutls_tls1_3
13947requires_gnutls_next_no_ticket
13948requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13949requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13950requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13951requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]13952requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13953requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13954run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13955 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13956 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13957 0 \
13958 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]13959 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13960 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13961 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]13962 -c "NamedGroup: x25519 ( 1d )" \
13963 -c "Verifying peer X.509 certificate... ok" \
13964 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]13965
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13966requires_gnutls_tls1_3
13967requires_gnutls_next_no_ticket
13968requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]13969requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13970requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13971requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]13972requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13973run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13974 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13975 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13976 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13977 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]13978 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]13979 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13980 -c "Certificate Verify: Signature algorithm ( 0403 )" \
13981 -c "NamedGroup: x448 ( 1e )" \
13982 -c "Verifying peer X.509 certificate... ok" \
13983 -C "received HelloRetryRequest message"
13984
13985requires_gnutls_tls1_3
13986requires_gnutls_next_no_ticket
13987requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13988requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13989requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13990requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13991requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13992run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]13993 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]13994 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]13995 0 \
13996 -c "HTTP/1.0 200 OK" \
13997 -c "Protocol is TLSv1.3" \
13998 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
13999 -c "Certificate Verify: Signature algorithm ( 0503 )" \
14000 -c "NamedGroup: x448 ( 1e )" \
14001 -c "Verifying peer X.509 certificate... ok" \
14002 -C "received HelloRetryRequest message"
14003
14004requires_gnutls_tls1_3
14005requires_gnutls_next_no_ticket
14006requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]14007requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14008requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14009requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]14010requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14011run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14012 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14013 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]14014 0 \
14015 -c "HTTP/1.0 200 OK" \
14016 -c "Protocol is TLSv1.3" \
14017 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14018 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]14019 -c "NamedGroup: x448 ( 1e )" \
14020 -c "Verifying peer X.509 certificate... ok" \
14021 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]14022
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]14023requires_gnutls_tls1_3
14024requires_gnutls_next_no_ticket
14025requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]14026requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14027requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14028requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]14029requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]14030requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14031run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14032 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14033 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]14034 0 \
14035 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]14036 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]14037 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]14038 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]14039 -c "NamedGroup: x448 ( 1e )" \
14040 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]14041 -C "received HelloRetryRequest message"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]14042
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]14043requires_gnutls_tls1_3
14044requires_gnutls_next_no_ticket
14045requires_gnutls_next_disable_tls13_compat
14046requires_config_enabled MBEDTLS_SSL_CLI_C
14047requires_config_enabled MBEDTLS_DEBUG_C
14048requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14049requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14050run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
14051 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14052 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
14053 0 \
14054 -c "HTTP/1.0 200 OK" \
14055 -c "Protocol is TLSv1.3" \
14056 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14057 -c "Certificate Verify: Signature algorithm ( 0403 )" \
14058 -c "NamedGroup: ffdhe2048 ( 100 )" \
14059 -c "Verifying peer X.509 certificate... ok" \
14060 -C "received HelloRetryRequest message"
14061
14062requires_gnutls_tls1_3
14063requires_gnutls_next_no_ticket
14064requires_gnutls_next_disable_tls13_compat
14065requires_config_enabled MBEDTLS_SSL_CLI_C
14066requires_config_enabled MBEDTLS_DEBUG_C
14067requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14068requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14069run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
14070 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14071 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
14072 0 \
14073 -c "HTTP/1.0 200 OK" \
14074 -c "Protocol is TLSv1.3" \
14075 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14076 -c "Certificate Verify: Signature algorithm ( 0503 )" \
14077 -c "NamedGroup: ffdhe2048 ( 100 )" \
14078 -c "Verifying peer X.509 certificate... ok" \
14079 -C "received HelloRetryRequest message"
14080
14081requires_gnutls_tls1_3
14082requires_gnutls_next_no_ticket
14083requires_gnutls_next_disable_tls13_compat
14084requires_config_enabled MBEDTLS_SSL_CLI_C
14085requires_config_enabled MBEDTLS_DEBUG_C
14086requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14087requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14088run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
14089 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14090 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
14091 0 \
14092 -c "HTTP/1.0 200 OK" \
14093 -c "Protocol is TLSv1.3" \
14094 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14095 -c "Certificate Verify: Signature algorithm ( 0603 )" \
14096 -c "NamedGroup: ffdhe2048 ( 100 )" \
14097 -c "Verifying peer X.509 certificate... ok" \
14098 -C "received HelloRetryRequest message"
14099
14100requires_gnutls_tls1_3
14101requires_gnutls_next_no_ticket
14102requires_gnutls_next_disable_tls13_compat
14103requires_config_enabled MBEDTLS_SSL_CLI_C
14104requires_config_enabled MBEDTLS_DEBUG_C
14105requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14106requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14107requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
14108run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
14109 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14110 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
14111 0 \
14112 -c "HTTP/1.0 200 OK" \
14113 -c "Protocol is TLSv1.3" \
14114 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14115 -c "Certificate Verify: Signature algorithm ( 0804 )" \
14116 -c "NamedGroup: ffdhe2048 ( 100 )" \
14117 -c "Verifying peer X.509 certificate... ok" \
14118 -C "received HelloRetryRequest message"
14119
14120requires_gnutls_tls1_3
14121requires_gnutls_next_no_ticket
14122requires_gnutls_next_disable_tls13_compat
14123requires_config_enabled MBEDTLS_SSL_CLI_C
14124requires_config_enabled MBEDTLS_DEBUG_C
14125requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14126requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14127run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
14128 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
14129 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
14130 0 \
14131 -c "HTTP/1.0 200 OK" \
14132 -c "Protocol is TLSv1.3" \
14133 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14134 -c "Certificate Verify: Signature algorithm ( 0403 )" \
14135 -c "NamedGroup: ffdhe3072 ( 101 )" \
14136 -c "Verifying peer X.509 certificate... ok" \
14137 -C "received HelloRetryRequest message"
14138
14139requires_gnutls_tls1_3
14140requires_gnutls_next_no_ticket
14141requires_gnutls_next_disable_tls13_compat
14142requires_config_enabled MBEDTLS_SSL_CLI_C
14143requires_config_enabled MBEDTLS_DEBUG_C
14144requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14145requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14146run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
14147 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
14148 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
14149 0 \
14150 -c "HTTP/1.0 200 OK" \
14151 -c "Protocol is TLSv1.3" \
14152 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14153 -c "Certificate Verify: Signature algorithm ( 0503 )" \
14154 -c "NamedGroup: ffdhe3072 ( 101 )" \
14155 -c "Verifying peer X.509 certificate... ok" \
14156 -C "received HelloRetryRequest message"
14157
14158requires_gnutls_tls1_3
14159requires_gnutls_next_no_ticket
14160requires_gnutls_next_disable_tls13_compat
14161requires_config_enabled MBEDTLS_SSL_CLI_C
14162requires_config_enabled MBEDTLS_DEBUG_C
14163requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14164requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14165run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
14166 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
14167 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
14168 0 \
14169 -c "HTTP/1.0 200 OK" \
14170 -c "Protocol is TLSv1.3" \
14171 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14172 -c "Certificate Verify: Signature algorithm ( 0603 )" \
14173 -c "NamedGroup: ffdhe3072 ( 101 )" \
14174 -c "Verifying peer X.509 certificate... ok" \
14175 -C "received HelloRetryRequest message"
14176
14177requires_gnutls_tls1_3
14178requires_gnutls_next_no_ticket
14179requires_gnutls_next_disable_tls13_compat
14180requires_config_enabled MBEDTLS_SSL_CLI_C
14181requires_config_enabled MBEDTLS_DEBUG_C
14182requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14183requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14184requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
14185run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
14186 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
14187 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
14188 0 \
14189 -c "HTTP/1.0 200 OK" \
14190 -c "Protocol is TLSv1.3" \
14191 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14192 -c "Certificate Verify: Signature algorithm ( 0804 )" \
14193 -c "NamedGroup: ffdhe3072 ( 101 )" \
14194 -c "Verifying peer X.509 certificate... ok" \
14195 -C "received HelloRetryRequest message"
14196
14197requires_gnutls_tls1_3
14198requires_gnutls_next_no_ticket
14199requires_gnutls_next_disable_tls13_compat
14200requires_config_enabled MBEDTLS_SSL_CLI_C
14201requires_config_enabled MBEDTLS_DEBUG_C
14202requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14203requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14204run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
14205 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
14206 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
14207 0 \
14208 -c "HTTP/1.0 200 OK" \
14209 -c "Protocol is TLSv1.3" \
14210 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14211 -c "Certificate Verify: Signature algorithm ( 0403 )" \
14212 -c "NamedGroup: ffdhe4096 ( 102 )" \
14213 -c "Verifying peer X.509 certificate... ok" \
14214 -C "received HelloRetryRequest message"
14215
14216requires_gnutls_tls1_3
14217requires_gnutls_next_no_ticket
14218requires_gnutls_next_disable_tls13_compat
14219requires_config_enabled MBEDTLS_SSL_CLI_C
14220requires_config_enabled MBEDTLS_DEBUG_C
14221requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14222requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14223run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
14224 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
14225 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
14226 0 \
14227 -c "HTTP/1.0 200 OK" \
14228 -c "Protocol is TLSv1.3" \
14229 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14230 -c "Certificate Verify: Signature algorithm ( 0503 )" \
14231 -c "NamedGroup: ffdhe4096 ( 102 )" \
14232 -c "Verifying peer X.509 certificate... ok" \
14233 -C "received HelloRetryRequest message"
14234
14235requires_gnutls_tls1_3
14236requires_gnutls_next_no_ticket
14237requires_gnutls_next_disable_tls13_compat
14238requires_config_enabled MBEDTLS_SSL_CLI_C
14239requires_config_enabled MBEDTLS_DEBUG_C
14240requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14241requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14242run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
14243 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
14244 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
14245 0 \
14246 -c "HTTP/1.0 200 OK" \
14247 -c "Protocol is TLSv1.3" \
14248 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14249 -c "Certificate Verify: Signature algorithm ( 0603 )" \
14250 -c "NamedGroup: ffdhe4096 ( 102 )" \
14251 -c "Verifying peer X.509 certificate... ok" \
14252 -C "received HelloRetryRequest message"
14253
14254requires_gnutls_tls1_3
14255requires_gnutls_next_no_ticket
14256requires_gnutls_next_disable_tls13_compat
14257requires_config_enabled MBEDTLS_SSL_CLI_C
14258requires_config_enabled MBEDTLS_DEBUG_C
14259requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14260requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14261requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
14262run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
14263 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
14264 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
14265 0 \
14266 -c "HTTP/1.0 200 OK" \
14267 -c "Protocol is TLSv1.3" \
14268 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14269 -c "Certificate Verify: Signature algorithm ( 0804 )" \
14270 -c "NamedGroup: ffdhe4096 ( 102 )" \
14271 -c "Verifying peer X.509 certificate... ok" \
14272 -C "received HelloRetryRequest message"
14273
14274requires_gnutls_tls1_3
14275requires_gnutls_next_no_ticket
14276requires_gnutls_next_disable_tls13_compat
14277requires_config_enabled MBEDTLS_SSL_CLI_C
14278requires_config_enabled MBEDTLS_DEBUG_C
14279requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14280requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14281run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
14282 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
14283 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
14284 0 \
14285 -c "HTTP/1.0 200 OK" \
14286 -c "Protocol is TLSv1.3" \
14287 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14288 -c "Certificate Verify: Signature algorithm ( 0403 )" \
14289 -c "NamedGroup: ffdhe6144 ( 103 )" \
14290 -c "Verifying peer X.509 certificate... ok" \
14291 -C "received HelloRetryRequest message"
14292
14293requires_gnutls_tls1_3
14294requires_gnutls_next_no_ticket
14295requires_gnutls_next_disable_tls13_compat
14296requires_config_enabled MBEDTLS_SSL_CLI_C
14297requires_config_enabled MBEDTLS_DEBUG_C
14298requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14299requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14300run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
14301 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
14302 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
14303 0 \
14304 -c "HTTP/1.0 200 OK" \
14305 -c "Protocol is TLSv1.3" \
14306 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14307 -c "Certificate Verify: Signature algorithm ( 0503 )" \
14308 -c "NamedGroup: ffdhe6144 ( 103 )" \
14309 -c "Verifying peer X.509 certificate... ok" \
14310 -C "received HelloRetryRequest message"
14311
14312requires_gnutls_tls1_3
14313requires_gnutls_next_no_ticket
14314requires_gnutls_next_disable_tls13_compat
14315requires_config_enabled MBEDTLS_SSL_CLI_C
14316requires_config_enabled MBEDTLS_DEBUG_C
14317requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14318requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14319run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
14320 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
14321 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
14322 0 \
14323 -c "HTTP/1.0 200 OK" \
14324 -c "Protocol is TLSv1.3" \
14325 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14326 -c "Certificate Verify: Signature algorithm ( 0603 )" \
14327 -c "NamedGroup: ffdhe6144 ( 103 )" \
14328 -c "Verifying peer X.509 certificate... ok" \
14329 -C "received HelloRetryRequest message"
14330
14331requires_gnutls_tls1_3
14332requires_gnutls_next_no_ticket
14333requires_gnutls_next_disable_tls13_compat
14334requires_config_enabled MBEDTLS_SSL_CLI_C
14335requires_config_enabled MBEDTLS_DEBUG_C
14336requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14337requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14338requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
14339run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
14340 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
14341 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
14342 0 \
14343 -c "HTTP/1.0 200 OK" \
14344 -c "Protocol is TLSv1.3" \
14345 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14346 -c "Certificate Verify: Signature algorithm ( 0804 )" \
14347 -c "NamedGroup: ffdhe6144 ( 103 )" \
14348 -c "Verifying peer X.509 certificate... ok" \
14349 -C "received HelloRetryRequest message"
14350
14351requires_gnutls_tls1_3
14352requires_gnutls_next_no_ticket
14353requires_gnutls_next_disable_tls13_compat
14354requires_config_enabled MBEDTLS_SSL_CLI_C
14355requires_config_enabled MBEDTLS_DEBUG_C
14356requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14357requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14358run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
14359 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
14360 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
14361 0 \
14362 -c "HTTP/1.0 200 OK" \
14363 -c "Protocol is TLSv1.3" \
14364 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14365 -c "Certificate Verify: Signature algorithm ( 0403 )" \
14366 -c "NamedGroup: ffdhe8192 ( 104 )" \
14367 -c "Verifying peer X.509 certificate... ok" \
14368 -C "received HelloRetryRequest message"
14369
14370requires_gnutls_tls1_3
14371requires_gnutls_next_no_ticket
14372requires_gnutls_next_disable_tls13_compat
14373requires_config_enabled MBEDTLS_SSL_CLI_C
14374requires_config_enabled MBEDTLS_DEBUG_C
14375requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14376requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14377run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
14378 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
14379 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
14380 0 \
14381 -c "HTTP/1.0 200 OK" \
14382 -c "Protocol is TLSv1.3" \
14383 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14384 -c "Certificate Verify: Signature algorithm ( 0503 )" \
14385 -c "NamedGroup: ffdhe8192 ( 104 )" \
14386 -c "Verifying peer X.509 certificate... ok" \
14387 -C "received HelloRetryRequest message"
14388
14389requires_gnutls_tls1_3
14390requires_gnutls_next_no_ticket
14391requires_gnutls_next_disable_tls13_compat
14392requires_config_enabled MBEDTLS_SSL_CLI_C
14393requires_config_enabled MBEDTLS_DEBUG_C
14394requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14395requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14396run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
14397 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
14398 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
14399 0 \
14400 -c "HTTP/1.0 200 OK" \
14401 -c "Protocol is TLSv1.3" \
14402 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14403 -c "Certificate Verify: Signature algorithm ( 0603 )" \
14404 -c "NamedGroup: ffdhe8192 ( 104 )" \
14405 -c "Verifying peer X.509 certificate... ok" \
14406 -C "received HelloRetryRequest message"
14407
14408requires_gnutls_tls1_3
14409requires_gnutls_next_no_ticket
14410requires_gnutls_next_disable_tls13_compat
14411requires_config_enabled MBEDTLS_SSL_CLI_C
14412requires_config_enabled MBEDTLS_DEBUG_C
14413requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14414requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14415requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
14416run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
14417 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
14418 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
14419 0 \
14420 -c "HTTP/1.0 200 OK" \
14421 -c "Protocol is TLSv1.3" \
14422 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
14423 -c "Certificate Verify: Signature algorithm ( 0804 )" \
14424 -c "NamedGroup: ffdhe8192 ( 104 )" \
14425 -c "Verifying peer X.509 certificate... ok" \
14426 -C "received HelloRetryRequest message"
14427
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14428requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14429requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14430requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14431requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14432requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14433requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14434requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14435requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14436run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14437 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14438 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14439 0 \
14440 -s "Protocol is TLSv1.3" \
14441 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14442 -s "received signature algorithm: 0x403" \
14443 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14444 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14445 -c "Protocol is TLSv1.3" \
14446 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14447 -c "Certificate Verify: Signature algorithm ( 0403 )" \
14448 -c "NamedGroup: secp256r1 ( 17 )" \
14449 -c "Verifying peer X.509 certificate... ok" \
14450 -C "received HelloRetryRequest message"
14451
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14452requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14453requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14454requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14455requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14456requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14457requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14458requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14459requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14460run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14461 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14462 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14463 0 \
14464 -s "Protocol is TLSv1.3" \
14465 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14466 -s "received signature algorithm: 0x503" \
14467 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14468 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14469 -c "Protocol is TLSv1.3" \
14470 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14471 -c "Certificate Verify: Signature algorithm ( 0503 )" \
14472 -c "NamedGroup: secp256r1 ( 17 )" \
14473 -c "Verifying peer X.509 certificate... ok" \
14474 -C "received HelloRetryRequest message"
14475
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14476requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14477requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14478requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14479requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14480requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14481requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14482requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14483requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14484run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14485 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14486 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14487 0 \
14488 -s "Protocol is TLSv1.3" \
14489 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14490 -s "received signature algorithm: 0x603" \
14491 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14492 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14493 -c "Protocol is TLSv1.3" \
14494 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14495 -c "Certificate Verify: Signature algorithm ( 0603 )" \
14496 -c "NamedGroup: secp256r1 ( 17 )" \
14497 -c "Verifying peer X.509 certificate... ok" \
14498 -C "received HelloRetryRequest message"
14499
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14500requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14501requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14502requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14503requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14504requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14505requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14506requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14507requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14508requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14509requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
14510run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14511 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14512 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14513 0 \
14514 -s "Protocol is TLSv1.3" \
14515 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14516 -s "received signature algorithm: 0x804" \
14517 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14518 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14519 -c "Protocol is TLSv1.3" \
14520 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14521 -c "Certificate Verify: Signature algorithm ( 0804 )" \
14522 -c "NamedGroup: secp256r1 ( 17 )" \
14523 -c "Verifying peer X.509 certificate... ok" \
14524 -C "received HelloRetryRequest message"
14525
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14526requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14527requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14528requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14529requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14530requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14531requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14532requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14533requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14534run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14535 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14536 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14537 0 \
14538 -s "Protocol is TLSv1.3" \
14539 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14540 -s "received signature algorithm: 0x403" \
14541 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14542 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14543 -c "Protocol is TLSv1.3" \
14544 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14545 -c "Certificate Verify: Signature algorithm ( 0403 )" \
14546 -c "NamedGroup: secp384r1 ( 18 )" \
14547 -c "Verifying peer X.509 certificate... ok" \
14548 -C "received HelloRetryRequest message"
14549
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14550requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14551requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14552requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14553requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14554requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14555requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14556requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14557requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14558run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14559 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14560 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14561 0 \
14562 -s "Protocol is TLSv1.3" \
14563 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14564 -s "received signature algorithm: 0x503" \
14565 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14566 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14567 -c "Protocol is TLSv1.3" \
14568 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14569 -c "Certificate Verify: Signature algorithm ( 0503 )" \
14570 -c "NamedGroup: secp384r1 ( 18 )" \
14571 -c "Verifying peer X.509 certificate... ok" \
14572 -C "received HelloRetryRequest message"
14573
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14574requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14575requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14576requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14577requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14578requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14579requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14580requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14581requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14582run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14583 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14584 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14585 0 \
14586 -s "Protocol is TLSv1.3" \
14587 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14588 -s "received signature algorithm: 0x603" \
14589 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14590 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14591 -c "Protocol is TLSv1.3" \
14592 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14593 -c "Certificate Verify: Signature algorithm ( 0603 )" \
14594 -c "NamedGroup: secp384r1 ( 18 )" \
14595 -c "Verifying peer X.509 certificate... ok" \
14596 -C "received HelloRetryRequest message"
14597
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14598requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14599requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14600requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14601requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14602requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14603requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14604requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14606requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14607requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
14608run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14609 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14610 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14611 0 \
14612 -s "Protocol is TLSv1.3" \
14613 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14614 -s "received signature algorithm: 0x804" \
14615 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14616 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14617 -c "Protocol is TLSv1.3" \
14618 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14619 -c "Certificate Verify: Signature algorithm ( 0804 )" \
14620 -c "NamedGroup: secp384r1 ( 18 )" \
14621 -c "Verifying peer X.509 certificate... ok" \
14622 -C "received HelloRetryRequest message"
14623
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14624requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14625requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14626requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14627requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14628requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14629requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14630requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14631requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14632run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14633 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14634 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14635 0 \
14636 -s "Protocol is TLSv1.3" \
14637 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14638 -s "received signature algorithm: 0x403" \
14639 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14640 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14641 -c "Protocol is TLSv1.3" \
14642 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14643 -c "Certificate Verify: Signature algorithm ( 0403 )" \
14644 -c "NamedGroup: secp521r1 ( 19 )" \
14645 -c "Verifying peer X.509 certificate... ok" \
14646 -C "received HelloRetryRequest message"
14647
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14648requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14649requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14650requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14651requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14652requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14653requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14654requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14655requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14656run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14657 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14658 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14659 0 \
14660 -s "Protocol is TLSv1.3" \
14661 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14662 -s "received signature algorithm: 0x503" \
14663 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14664 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14665 -c "Protocol is TLSv1.3" \
14666 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14667 -c "Certificate Verify: Signature algorithm ( 0503 )" \
14668 -c "NamedGroup: secp521r1 ( 19 )" \
14669 -c "Verifying peer X.509 certificate... ok" \
14670 -C "received HelloRetryRequest message"
14671
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14672requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14673requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14674requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14675requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14676requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14677requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14679requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14680run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14681 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14682 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14683 0 \
14684 -s "Protocol is TLSv1.3" \
14685 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14686 -s "received signature algorithm: 0x603" \
14687 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14688 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14689 -c "Protocol is TLSv1.3" \
14690 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14691 -c "Certificate Verify: Signature algorithm ( 0603 )" \
14692 -c "NamedGroup: secp521r1 ( 19 )" \
14693 -c "Verifying peer X.509 certificate... ok" \
14694 -C "received HelloRetryRequest message"
14695
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14696requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14697requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14698requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14700requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14701requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14702requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14703requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14704requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14705requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
14706run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14707 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14708 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14709 0 \
14710 -s "Protocol is TLSv1.3" \
14711 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14712 -s "received signature algorithm: 0x804" \
14713 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14714 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14715 -c "Protocol is TLSv1.3" \
14716 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14717 -c "Certificate Verify: Signature algorithm ( 0804 )" \
14718 -c "NamedGroup: secp521r1 ( 19 )" \
14719 -c "Verifying peer X.509 certificate... ok" \
14720 -C "received HelloRetryRequest message"
14721
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14722requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14723requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14724requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14725requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14726requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14727requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14728requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14729requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14730run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14731 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14732 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14733 0 \
14734 -s "Protocol is TLSv1.3" \
14735 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14736 -s "received signature algorithm: 0x403" \
14737 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14738 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14739 -c "Protocol is TLSv1.3" \
14740 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14741 -c "Certificate Verify: Signature algorithm ( 0403 )" \
14742 -c "NamedGroup: x25519 ( 1d )" \
14743 -c "Verifying peer X.509 certificate... ok" \
14744 -C "received HelloRetryRequest message"
14745
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14746requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14747requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14748requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14749requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14750requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14751requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14752requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14753requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14754run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14755 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14756 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14757 0 \
14758 -s "Protocol is TLSv1.3" \
14759 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14760 -s "received signature algorithm: 0x503" \
14761 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14762 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14763 -c "Protocol is TLSv1.3" \
14764 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14765 -c "Certificate Verify: Signature algorithm ( 0503 )" \
14766 -c "NamedGroup: x25519 ( 1d )" \
14767 -c "Verifying peer X.509 certificate... ok" \
14768 -C "received HelloRetryRequest message"
14769
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14770requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14771requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14772requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14773requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14774requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14775requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14776requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14777requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14778run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14779 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14780 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14781 0 \
14782 -s "Protocol is TLSv1.3" \
14783 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14784 -s "received signature algorithm: 0x603" \
14785 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14786 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14787 -c "Protocol is TLSv1.3" \
14788 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14789 -c "Certificate Verify: Signature algorithm ( 0603 )" \
14790 -c "NamedGroup: x25519 ( 1d )" \
14791 -c "Verifying peer X.509 certificate... ok" \
14792 -C "received HelloRetryRequest message"
14793
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14794requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14795requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14796requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14797requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14798requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14799requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14800requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14801requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14802requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14803requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
14804run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14805 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14806 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14807 0 \
14808 -s "Protocol is TLSv1.3" \
14809 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14810 -s "received signature algorithm: 0x804" \
14811 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14812 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14813 -c "Protocol is TLSv1.3" \
14814 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14815 -c "Certificate Verify: Signature algorithm ( 0804 )" \
14816 -c "NamedGroup: x25519 ( 1d )" \
14817 -c "Verifying peer X.509 certificate... ok" \
14818 -C "received HelloRetryRequest message"
14819
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14820requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14821requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14822requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14823requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14824requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14825requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14826requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14827requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14828run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14829 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14830 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14831 0 \
14832 -s "Protocol is TLSv1.3" \
14833 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14834 -s "received signature algorithm: 0x403" \
14835 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14836 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14837 -c "Protocol is TLSv1.3" \
14838 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14839 -c "Certificate Verify: Signature algorithm ( 0403 )" \
14840 -c "NamedGroup: x448 ( 1e )" \
14841 -c "Verifying peer X.509 certificate... ok" \
14842 -C "received HelloRetryRequest message"
14843
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14844requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14845requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14846requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14847requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14848requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14849requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14850requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14851requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14852run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14853 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14854 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14855 0 \
14856 -s "Protocol is TLSv1.3" \
14857 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14858 -s "received signature algorithm: 0x503" \
14859 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14860 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14861 -c "Protocol is TLSv1.3" \
14862 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14863 -c "Certificate Verify: Signature algorithm ( 0503 )" \
14864 -c "NamedGroup: x448 ( 1e )" \
14865 -c "Verifying peer X.509 certificate... ok" \
14866 -C "received HelloRetryRequest message"
14867
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14868requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14869requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14870requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14871requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14872requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14873requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14874requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14875requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14876run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14877 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14878 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14879 0 \
14880 -s "Protocol is TLSv1.3" \
14881 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14882 -s "received signature algorithm: 0x603" \
14883 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14884 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14885 -c "Protocol is TLSv1.3" \
14886 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14887 -c "Certificate Verify: Signature algorithm ( 0603 )" \
14888 -c "NamedGroup: x448 ( 1e )" \
14889 -c "Verifying peer X.509 certificate... ok" \
14890 -C "received HelloRetryRequest message"
14891
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14892requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14893requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14894requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14895requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14896requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14897requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14898requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14899requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14900requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14901requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
14902run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]14903 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14904 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14905 0 \
14906 -s "Protocol is TLSv1.3" \
14907 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14908 -s "received signature algorithm: 0x804" \
14909 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14910 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14911 -c "Protocol is TLSv1.3" \
14912 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14913 -c "Certificate Verify: Signature algorithm ( 0804 )" \
14914 -c "NamedGroup: x448 ( 1e )" \
14915 -c "Verifying peer X.509 certificate... ok" \
14916 -C "received HelloRetryRequest message"
14917
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14918requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14919requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14920requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14921requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14922requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14923requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14924requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14925requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]14926run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
14927 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14928 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
14929 0 \
14930 -s "Protocol is TLSv1.3" \
14931 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14932 -s "received signature algorithm: 0x403" \
14933 -s "got named group: ffdhe2048(0100)" \
14934 -s "Certificate verification was skipped" \
14935 -c "Protocol is TLSv1.3" \
14936 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14937 -c "Certificate Verify: Signature algorithm ( 0403 )" \
14938 -c "NamedGroup: ffdhe2048 ( 100 )" \
14939 -c "Verifying peer X.509 certificate... ok" \
14940 -C "received HelloRetryRequest message"
14941
14942requires_config_enabled MBEDTLS_SSL_SRV_C
14943requires_config_enabled MBEDTLS_DEBUG_C
14944requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14945requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14946requires_config_enabled MBEDTLS_SSL_CLI_C
14947requires_config_enabled MBEDTLS_DEBUG_C
14948requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14949requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14950run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
14951 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14952 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
14953 0 \
14954 -s "Protocol is TLSv1.3" \
14955 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14956 -s "received signature algorithm: 0x503" \
14957 -s "got named group: ffdhe2048(0100)" \
14958 -s "Certificate verification was skipped" \
14959 -c "Protocol is TLSv1.3" \
14960 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14961 -c "Certificate Verify: Signature algorithm ( 0503 )" \
14962 -c "NamedGroup: ffdhe2048 ( 100 )" \
14963 -c "Verifying peer X.509 certificate... ok" \
14964 -C "received HelloRetryRequest message"
14965
14966requires_config_enabled MBEDTLS_SSL_SRV_C
14967requires_config_enabled MBEDTLS_DEBUG_C
14968requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14969requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14970requires_config_enabled MBEDTLS_SSL_CLI_C
14971requires_config_enabled MBEDTLS_DEBUG_C
14972requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14973requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14974run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
14975 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14976 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
14977 0 \
14978 -s "Protocol is TLSv1.3" \
14979 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
14980 -s "received signature algorithm: 0x603" \
14981 -s "got named group: ffdhe2048(0100)" \
14982 -s "Certificate verification was skipped" \
14983 -c "Protocol is TLSv1.3" \
14984 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
14985 -c "Certificate Verify: Signature algorithm ( 0603 )" \
14986 -c "NamedGroup: ffdhe2048 ( 100 )" \
14987 -c "Verifying peer X.509 certificate... ok" \
14988 -C "received HelloRetryRequest message"
14989
14990requires_config_enabled MBEDTLS_SSL_SRV_C
14991requires_config_enabled MBEDTLS_DEBUG_C
14992requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14993requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14994requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
14995requires_config_enabled MBEDTLS_SSL_CLI_C
14996requires_config_enabled MBEDTLS_DEBUG_C
14997requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14998requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
14999requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15000run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
15001 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15002 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
15003 0 \
15004 -s "Protocol is TLSv1.3" \
15005 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15006 -s "received signature algorithm: 0x804" \
15007 -s "got named group: ffdhe2048(0100)" \
15008 -s "Certificate verification was skipped" \
15009 -c "Protocol is TLSv1.3" \
15010 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15011 -c "Certificate Verify: Signature algorithm ( 0804 )" \
15012 -c "NamedGroup: ffdhe2048 ( 100 )" \
15013 -c "Verifying peer X.509 certificate... ok" \
15014 -C "received HelloRetryRequest message"
15015
15016requires_config_enabled MBEDTLS_SSL_SRV_C
15017requires_config_enabled MBEDTLS_DEBUG_C
15018requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15019requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15020requires_config_enabled MBEDTLS_SSL_CLI_C
15021requires_config_enabled MBEDTLS_DEBUG_C
15022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15023requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15024run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
15025 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15026 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
15027 0 \
15028 -s "Protocol is TLSv1.3" \
15029 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15030 -s "received signature algorithm: 0x403" \
15031 -s "got named group: ffdhe3072(0101)" \
15032 -s "Certificate verification was skipped" \
15033 -c "Protocol is TLSv1.3" \
15034 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15035 -c "Certificate Verify: Signature algorithm ( 0403 )" \
15036 -c "NamedGroup: ffdhe3072 ( 101 )" \
15037 -c "Verifying peer X.509 certificate... ok" \
15038 -C "received HelloRetryRequest message"
15039
15040requires_config_enabled MBEDTLS_SSL_SRV_C
15041requires_config_enabled MBEDTLS_DEBUG_C
15042requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15043requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15044requires_config_enabled MBEDTLS_SSL_CLI_C
15045requires_config_enabled MBEDTLS_DEBUG_C
15046requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15047requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15048run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
15049 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15050 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
15051 0 \
15052 -s "Protocol is TLSv1.3" \
15053 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15054 -s "received signature algorithm: 0x503" \
15055 -s "got named group: ffdhe3072(0101)" \
15056 -s "Certificate verification was skipped" \
15057 -c "Protocol is TLSv1.3" \
15058 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15059 -c "Certificate Verify: Signature algorithm ( 0503 )" \
15060 -c "NamedGroup: ffdhe3072 ( 101 )" \
15061 -c "Verifying peer X.509 certificate... ok" \
15062 -C "received HelloRetryRequest message"
15063
15064requires_config_enabled MBEDTLS_SSL_SRV_C
15065requires_config_enabled MBEDTLS_DEBUG_C
15066requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15067requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15068requires_config_enabled MBEDTLS_SSL_CLI_C
15069requires_config_enabled MBEDTLS_DEBUG_C
15070requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15071requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15072run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
15073 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15074 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
15075 0 \
15076 -s "Protocol is TLSv1.3" \
15077 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15078 -s "received signature algorithm: 0x603" \
15079 -s "got named group: ffdhe3072(0101)" \
15080 -s "Certificate verification was skipped" \
15081 -c "Protocol is TLSv1.3" \
15082 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15083 -c "Certificate Verify: Signature algorithm ( 0603 )" \
15084 -c "NamedGroup: ffdhe3072 ( 101 )" \
15085 -c "Verifying peer X.509 certificate... ok" \
15086 -C "received HelloRetryRequest message"
15087
15088requires_config_enabled MBEDTLS_SSL_SRV_C
15089requires_config_enabled MBEDTLS_DEBUG_C
15090requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15091requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15092requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15093requires_config_enabled MBEDTLS_SSL_CLI_C
15094requires_config_enabled MBEDTLS_DEBUG_C
15095requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15096requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15097requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15098run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
15099 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15100 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
15101 0 \
15102 -s "Protocol is TLSv1.3" \
15103 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15104 -s "received signature algorithm: 0x804" \
15105 -s "got named group: ffdhe3072(0101)" \
15106 -s "Certificate verification was skipped" \
15107 -c "Protocol is TLSv1.3" \
15108 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15109 -c "Certificate Verify: Signature algorithm ( 0804 )" \
15110 -c "NamedGroup: ffdhe3072 ( 101 )" \
15111 -c "Verifying peer X.509 certificate... ok" \
15112 -C "received HelloRetryRequest message"
15113
15114requires_config_enabled MBEDTLS_SSL_SRV_C
15115requires_config_enabled MBEDTLS_DEBUG_C
15116requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15117requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15118requires_config_enabled MBEDTLS_SSL_CLI_C
15119requires_config_enabled MBEDTLS_DEBUG_C
15120requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15122run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
15123 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15124 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
15125 0 \
15126 -s "Protocol is TLSv1.3" \
15127 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15128 -s "received signature algorithm: 0x403" \
15129 -s "got named group: ffdhe4096(0102)" \
15130 -s "Certificate verification was skipped" \
15131 -c "Protocol is TLSv1.3" \
15132 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15133 -c "Certificate Verify: Signature algorithm ( 0403 )" \
15134 -c "NamedGroup: ffdhe4096 ( 102 )" \
15135 -c "Verifying peer X.509 certificate... ok" \
15136 -C "received HelloRetryRequest message"
15137
15138requires_config_enabled MBEDTLS_SSL_SRV_C
15139requires_config_enabled MBEDTLS_DEBUG_C
15140requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15142requires_config_enabled MBEDTLS_SSL_CLI_C
15143requires_config_enabled MBEDTLS_DEBUG_C
15144requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15145requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15146run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
15147 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15148 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
15149 0 \
15150 -s "Protocol is TLSv1.3" \
15151 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15152 -s "received signature algorithm: 0x503" \
15153 -s "got named group: ffdhe4096(0102)" \
15154 -s "Certificate verification was skipped" \
15155 -c "Protocol is TLSv1.3" \
15156 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15157 -c "Certificate Verify: Signature algorithm ( 0503 )" \
15158 -c "NamedGroup: ffdhe4096 ( 102 )" \
15159 -c "Verifying peer X.509 certificate... ok" \
15160 -C "received HelloRetryRequest message"
15161
15162requires_config_enabled MBEDTLS_SSL_SRV_C
15163requires_config_enabled MBEDTLS_DEBUG_C
15164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15165requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15166requires_config_enabled MBEDTLS_SSL_CLI_C
15167requires_config_enabled MBEDTLS_DEBUG_C
15168requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15169requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15170run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
15171 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15172 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
15173 0 \
15174 -s "Protocol is TLSv1.3" \
15175 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15176 -s "received signature algorithm: 0x603" \
15177 -s "got named group: ffdhe4096(0102)" \
15178 -s "Certificate verification was skipped" \
15179 -c "Protocol is TLSv1.3" \
15180 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15181 -c "Certificate Verify: Signature algorithm ( 0603 )" \
15182 -c "NamedGroup: ffdhe4096 ( 102 )" \
15183 -c "Verifying peer X.509 certificate... ok" \
15184 -C "received HelloRetryRequest message"
15185
15186requires_config_enabled MBEDTLS_SSL_SRV_C
15187requires_config_enabled MBEDTLS_DEBUG_C
15188requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15189requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15190requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15191requires_config_enabled MBEDTLS_SSL_CLI_C
15192requires_config_enabled MBEDTLS_DEBUG_C
15193requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15194requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15195requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15196run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
15197 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15198 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
15199 0 \
15200 -s "Protocol is TLSv1.3" \
15201 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15202 -s "received signature algorithm: 0x804" \
15203 -s "got named group: ffdhe4096(0102)" \
15204 -s "Certificate verification was skipped" \
15205 -c "Protocol is TLSv1.3" \
15206 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15207 -c "Certificate Verify: Signature algorithm ( 0804 )" \
15208 -c "NamedGroup: ffdhe4096 ( 102 )" \
15209 -c "Verifying peer X.509 certificate... ok" \
15210 -C "received HelloRetryRequest message"
15211
15212requires_config_enabled MBEDTLS_SSL_SRV_C
15213requires_config_enabled MBEDTLS_DEBUG_C
15214requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15215requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15216requires_config_enabled MBEDTLS_SSL_CLI_C
15217requires_config_enabled MBEDTLS_DEBUG_C
15218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15220run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
15221 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15222 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
15223 0 \
15224 -s "Protocol is TLSv1.3" \
15225 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15226 -s "received signature algorithm: 0x403" \
15227 -s "got named group: ffdhe6144(0103)" \
15228 -s "Certificate verification was skipped" \
15229 -c "Protocol is TLSv1.3" \
15230 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15231 -c "Certificate Verify: Signature algorithm ( 0403 )" \
15232 -c "NamedGroup: ffdhe6144 ( 103 )" \
15233 -c "Verifying peer X.509 certificate... ok" \
15234 -C "received HelloRetryRequest message"
15235
15236requires_config_enabled MBEDTLS_SSL_SRV_C
15237requires_config_enabled MBEDTLS_DEBUG_C
15238requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15240requires_config_enabled MBEDTLS_SSL_CLI_C
15241requires_config_enabled MBEDTLS_DEBUG_C
15242requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15243requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15244run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
15245 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15246 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
15247 0 \
15248 -s "Protocol is TLSv1.3" \
15249 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15250 -s "received signature algorithm: 0x503" \
15251 -s "got named group: ffdhe6144(0103)" \
15252 -s "Certificate verification was skipped" \
15253 -c "Protocol is TLSv1.3" \
15254 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15255 -c "Certificate Verify: Signature algorithm ( 0503 )" \
15256 -c "NamedGroup: ffdhe6144 ( 103 )" \
15257 -c "Verifying peer X.509 certificate... ok" \
15258 -C "received HelloRetryRequest message"
15259
15260requires_config_enabled MBEDTLS_SSL_SRV_C
15261requires_config_enabled MBEDTLS_DEBUG_C
15262requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15263requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15264requires_config_enabled MBEDTLS_SSL_CLI_C
15265requires_config_enabled MBEDTLS_DEBUG_C
15266requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15267requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15268run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
15269 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15270 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
15271 0 \
15272 -s "Protocol is TLSv1.3" \
15273 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15274 -s "received signature algorithm: 0x603" \
15275 -s "got named group: ffdhe6144(0103)" \
15276 -s "Certificate verification was skipped" \
15277 -c "Protocol is TLSv1.3" \
15278 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15279 -c "Certificate Verify: Signature algorithm ( 0603 )" \
15280 -c "NamedGroup: ffdhe6144 ( 103 )" \
15281 -c "Verifying peer X.509 certificate... ok" \
15282 -C "received HelloRetryRequest message"
15283
15284requires_config_enabled MBEDTLS_SSL_SRV_C
15285requires_config_enabled MBEDTLS_DEBUG_C
15286requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15287requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15288requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15289requires_config_enabled MBEDTLS_SSL_CLI_C
15290requires_config_enabled MBEDTLS_DEBUG_C
15291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15292requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15293requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15294run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
15295 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15296 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
15297 0 \
15298 -s "Protocol is TLSv1.3" \
15299 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15300 -s "received signature algorithm: 0x804" \
15301 -s "got named group: ffdhe6144(0103)" \
15302 -s "Certificate verification was skipped" \
15303 -c "Protocol is TLSv1.3" \
15304 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15305 -c "Certificate Verify: Signature algorithm ( 0804 )" \
15306 -c "NamedGroup: ffdhe6144 ( 103 )" \
15307 -c "Verifying peer X.509 certificate... ok" \
15308 -C "received HelloRetryRequest message"
15309
15310requires_config_enabled MBEDTLS_SSL_SRV_C
15311requires_config_enabled MBEDTLS_DEBUG_C
15312requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15313requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15314requires_config_enabled MBEDTLS_SSL_CLI_C
15315requires_config_enabled MBEDTLS_DEBUG_C
15316requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15317requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15318run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
15319 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15320 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
15321 0 \
15322 -s "Protocol is TLSv1.3" \
15323 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15324 -s "received signature algorithm: 0x403" \
15325 -s "got named group: ffdhe8192(0104)" \
15326 -s "Certificate verification was skipped" \
15327 -c "Protocol is TLSv1.3" \
15328 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15329 -c "Certificate Verify: Signature algorithm ( 0403 )" \
15330 -c "NamedGroup: ffdhe8192 ( 104 )" \
15331 -c "Verifying peer X.509 certificate... ok" \
15332 -C "received HelloRetryRequest message"
15333
15334requires_config_enabled MBEDTLS_SSL_SRV_C
15335requires_config_enabled MBEDTLS_DEBUG_C
15336requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15337requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15338requires_config_enabled MBEDTLS_SSL_CLI_C
15339requires_config_enabled MBEDTLS_DEBUG_C
15340requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15341requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15342run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
15343 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15344 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
15345 0 \
15346 -s "Protocol is TLSv1.3" \
15347 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15348 -s "received signature algorithm: 0x503" \
15349 -s "got named group: ffdhe8192(0104)" \
15350 -s "Certificate verification was skipped" \
15351 -c "Protocol is TLSv1.3" \
15352 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15353 -c "Certificate Verify: Signature algorithm ( 0503 )" \
15354 -c "NamedGroup: ffdhe8192 ( 104 )" \
15355 -c "Verifying peer X.509 certificate... ok" \
15356 -C "received HelloRetryRequest message"
15357
15358requires_config_enabled MBEDTLS_SSL_SRV_C
15359requires_config_enabled MBEDTLS_DEBUG_C
15360requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15361requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15362requires_config_enabled MBEDTLS_SSL_CLI_C
15363requires_config_enabled MBEDTLS_DEBUG_C
15364requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15365requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15366run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
15367 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15368 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
15369 0 \
15370 -s "Protocol is TLSv1.3" \
15371 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15372 -s "received signature algorithm: 0x603" \
15373 -s "got named group: ffdhe8192(0104)" \
15374 -s "Certificate verification was skipped" \
15375 -c "Protocol is TLSv1.3" \
15376 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15377 -c "Certificate Verify: Signature algorithm ( 0603 )" \
15378 -c "NamedGroup: ffdhe8192 ( 104 )" \
15379 -c "Verifying peer X.509 certificate... ok" \
15380 -C "received HelloRetryRequest message"
15381
15382requires_config_enabled MBEDTLS_SSL_SRV_C
15383requires_config_enabled MBEDTLS_DEBUG_C
15384requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15385requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15386requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15387requires_config_enabled MBEDTLS_SSL_CLI_C
15388requires_config_enabled MBEDTLS_DEBUG_C
15389requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15390requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15391requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15392run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
15393 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15394 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
15395 0 \
15396 -s "Protocol is TLSv1.3" \
15397 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
15398 -s "received signature algorithm: 0x804" \
15399 -s "got named group: ffdhe8192(0104)" \
15400 -s "Certificate verification was skipped" \
15401 -c "Protocol is TLSv1.3" \
15402 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
15403 -c "Certificate Verify: Signature algorithm ( 0804 )" \
15404 -c "NamedGroup: ffdhe8192 ( 104 )" \
15405 -c "Verifying peer X.509 certificate... ok" \
15406 -C "received HelloRetryRequest message"
15407
15408requires_config_enabled MBEDTLS_SSL_SRV_C
15409requires_config_enabled MBEDTLS_DEBUG_C
15410requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15412requires_config_enabled MBEDTLS_SSL_CLI_C
15413requires_config_enabled MBEDTLS_DEBUG_C
15414requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15415requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15416run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15417 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15418 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15419 0 \
15420 -s "Protocol is TLSv1.3" \
15421 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15422 -s "received signature algorithm: 0x403" \
15423 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15424 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15425 -c "Protocol is TLSv1.3" \
15426 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15427 -c "Certificate Verify: Signature algorithm ( 0403 )" \
15428 -c "NamedGroup: secp256r1 ( 17 )" \
15429 -c "Verifying peer X.509 certificate... ok" \
15430 -C "received HelloRetryRequest message"
15431
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15432requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15433requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15434requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15435requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15436requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15437requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15438requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15439requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15440run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15441 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15442 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15443 0 \
15444 -s "Protocol is TLSv1.3" \
15445 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15446 -s "received signature algorithm: 0x503" \
15447 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15448 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15449 -c "Protocol is TLSv1.3" \
15450 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15451 -c "Certificate Verify: Signature algorithm ( 0503 )" \
15452 -c "NamedGroup: secp256r1 ( 17 )" \
15453 -c "Verifying peer X.509 certificate... ok" \
15454 -C "received HelloRetryRequest message"
15455
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15456requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15457requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15458requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15459requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15460requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15461requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15462requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15463requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15464run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15465 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15466 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15467 0 \
15468 -s "Protocol is TLSv1.3" \
15469 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15470 -s "received signature algorithm: 0x603" \
15471 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15472 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15473 -c "Protocol is TLSv1.3" \
15474 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15475 -c "Certificate Verify: Signature algorithm ( 0603 )" \
15476 -c "NamedGroup: secp256r1 ( 17 )" \
15477 -c "Verifying peer X.509 certificate... ok" \
15478 -C "received HelloRetryRequest message"
15479
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15480requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15481requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15482requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15483requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15484requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15485requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15486requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15487requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15488requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15489requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15490run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15491 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15492 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15493 0 \
15494 -s "Protocol is TLSv1.3" \
15495 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15496 -s "received signature algorithm: 0x804" \
15497 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15498 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15499 -c "Protocol is TLSv1.3" \
15500 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15501 -c "Certificate Verify: Signature algorithm ( 0804 )" \
15502 -c "NamedGroup: secp256r1 ( 17 )" \
15503 -c "Verifying peer X.509 certificate... ok" \
15504 -C "received HelloRetryRequest message"
15505
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15506requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15507requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15508requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15509requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15510requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15511requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15512requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15513requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15514run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15515 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15516 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15517 0 \
15518 -s "Protocol is TLSv1.3" \
15519 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15520 -s "received signature algorithm: 0x403" \
15521 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15522 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15523 -c "Protocol is TLSv1.3" \
15524 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15525 -c "Certificate Verify: Signature algorithm ( 0403 )" \
15526 -c "NamedGroup: secp384r1 ( 18 )" \
15527 -c "Verifying peer X.509 certificate... ok" \
15528 -C "received HelloRetryRequest message"
15529
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15530requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15531requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15532requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15533requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15534requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15535requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15536requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15537requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15538run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15539 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15540 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15541 0 \
15542 -s "Protocol is TLSv1.3" \
15543 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15544 -s "received signature algorithm: 0x503" \
15545 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15546 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15547 -c "Protocol is TLSv1.3" \
15548 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15549 -c "Certificate Verify: Signature algorithm ( 0503 )" \
15550 -c "NamedGroup: secp384r1 ( 18 )" \
15551 -c "Verifying peer X.509 certificate... ok" \
15552 -C "received HelloRetryRequest message"
15553
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15554requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15555requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15556requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15557requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15558requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15559requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15560requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15561requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15562run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15563 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15564 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15565 0 \
15566 -s "Protocol is TLSv1.3" \
15567 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15568 -s "received signature algorithm: 0x603" \
15569 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15570 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15571 -c "Protocol is TLSv1.3" \
15572 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15573 -c "Certificate Verify: Signature algorithm ( 0603 )" \
15574 -c "NamedGroup: secp384r1 ( 18 )" \
15575 -c "Verifying peer X.509 certificate... ok" \
15576 -C "received HelloRetryRequest message"
15577
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15578requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15579requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15580requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15581requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15582requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15583requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15584requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15585requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15586requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15587requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15588run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15589 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15590 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15591 0 \
15592 -s "Protocol is TLSv1.3" \
15593 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15594 -s "received signature algorithm: 0x804" \
15595 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15596 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15597 -c "Protocol is TLSv1.3" \
15598 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15599 -c "Certificate Verify: Signature algorithm ( 0804 )" \
15600 -c "NamedGroup: secp384r1 ( 18 )" \
15601 -c "Verifying peer X.509 certificate... ok" \
15602 -C "received HelloRetryRequest message"
15603
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15604requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15605requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15606requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15607requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15608requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15609requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15610requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15611requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15612run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15613 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15614 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15615 0 \
15616 -s "Protocol is TLSv1.3" \
15617 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15618 -s "received signature algorithm: 0x403" \
15619 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15620 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15621 -c "Protocol is TLSv1.3" \
15622 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15623 -c "Certificate Verify: Signature algorithm ( 0403 )" \
15624 -c "NamedGroup: secp521r1 ( 19 )" \
15625 -c "Verifying peer X.509 certificate... ok" \
15626 -C "received HelloRetryRequest message"
15627
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15628requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15629requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15630requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15631requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15632requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15633requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15634requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15635requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15636run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15637 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15638 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15639 0 \
15640 -s "Protocol is TLSv1.3" \
15641 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15642 -s "received signature algorithm: 0x503" \
15643 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15644 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15645 -c "Protocol is TLSv1.3" \
15646 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15647 -c "Certificate Verify: Signature algorithm ( 0503 )" \
15648 -c "NamedGroup: secp521r1 ( 19 )" \
15649 -c "Verifying peer X.509 certificate... ok" \
15650 -C "received HelloRetryRequest message"
15651
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15652requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15653requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15654requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15655requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15656requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15657requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15658requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15659requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15660run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15661 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15662 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15663 0 \
15664 -s "Protocol is TLSv1.3" \
15665 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15666 -s "received signature algorithm: 0x603" \
15667 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15668 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15669 -c "Protocol is TLSv1.3" \
15670 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15671 -c "Certificate Verify: Signature algorithm ( 0603 )" \
15672 -c "NamedGroup: secp521r1 ( 19 )" \
15673 -c "Verifying peer X.509 certificate... ok" \
15674 -C "received HelloRetryRequest message"
15675
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15676requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15677requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15679requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15680requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15681requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15682requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15683requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15684requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15685requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15686run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15687 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15688 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15689 0 \
15690 -s "Protocol is TLSv1.3" \
15691 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15692 -s "received signature algorithm: 0x804" \
15693 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15694 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15695 -c "Protocol is TLSv1.3" \
15696 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15697 -c "Certificate Verify: Signature algorithm ( 0804 )" \
15698 -c "NamedGroup: secp521r1 ( 19 )" \
15699 -c "Verifying peer X.509 certificate... ok" \
15700 -C "received HelloRetryRequest message"
15701
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15702requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15703requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15704requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15705requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15706requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15707requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15708requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15709requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15710run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15711 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15712 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15713 0 \
15714 -s "Protocol is TLSv1.3" \
15715 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15716 -s "received signature algorithm: 0x403" \
15717 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15718 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15719 -c "Protocol is TLSv1.3" \
15720 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15721 -c "Certificate Verify: Signature algorithm ( 0403 )" \
15722 -c "NamedGroup: x25519 ( 1d )" \
15723 -c "Verifying peer X.509 certificate... ok" \
15724 -C "received HelloRetryRequest message"
15725
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15726requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15727requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15728requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15729requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15730requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15731requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15732requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15733requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15734run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15735 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15736 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15737 0 \
15738 -s "Protocol is TLSv1.3" \
15739 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15740 -s "received signature algorithm: 0x503" \
15741 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15742 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15743 -c "Protocol is TLSv1.3" \
15744 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15745 -c "Certificate Verify: Signature algorithm ( 0503 )" \
15746 -c "NamedGroup: x25519 ( 1d )" \
15747 -c "Verifying peer X.509 certificate... ok" \
15748 -C "received HelloRetryRequest message"
15749
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15750requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15751requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15752requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15753requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15754requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15755requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15756requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15758run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15759 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15760 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15761 0 \
15762 -s "Protocol is TLSv1.3" \
15763 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15764 -s "received signature algorithm: 0x603" \
15765 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15766 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15767 -c "Protocol is TLSv1.3" \
15768 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15769 -c "Certificate Verify: Signature algorithm ( 0603 )" \
15770 -c "NamedGroup: x25519 ( 1d )" \
15771 -c "Verifying peer X.509 certificate... ok" \
15772 -C "received HelloRetryRequest message"
15773
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15774requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15775requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15776requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15777requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15778requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15779requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15780requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15781requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15782requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15783requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15784run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15785 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15786 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15787 0 \
15788 -s "Protocol is TLSv1.3" \
15789 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15790 -s "received signature algorithm: 0x804" \
15791 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15792 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15793 -c "Protocol is TLSv1.3" \
15794 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15795 -c "Certificate Verify: Signature algorithm ( 0804 )" \
15796 -c "NamedGroup: x25519 ( 1d )" \
15797 -c "Verifying peer X.509 certificate... ok" \
15798 -C "received HelloRetryRequest message"
15799
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15800requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15801requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15802requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15803requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15804requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15805requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15806requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15807requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15808run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15809 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15810 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15811 0 \
15812 -s "Protocol is TLSv1.3" \
15813 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15814 -s "received signature algorithm: 0x403" \
15815 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15816 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15817 -c "Protocol is TLSv1.3" \
15818 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15819 -c "Certificate Verify: Signature algorithm ( 0403 )" \
15820 -c "NamedGroup: x448 ( 1e )" \
15821 -c "Verifying peer X.509 certificate... ok" \
15822 -C "received HelloRetryRequest message"
15823
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15824requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15825requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15826requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15827requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15828requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15829requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15830requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15831requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15832run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15833 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15834 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15835 0 \
15836 -s "Protocol is TLSv1.3" \
15837 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15838 -s "received signature algorithm: 0x503" \
15839 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15840 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15841 -c "Protocol is TLSv1.3" \
15842 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15843 -c "Certificate Verify: Signature algorithm ( 0503 )" \
15844 -c "NamedGroup: x448 ( 1e )" \
15845 -c "Verifying peer X.509 certificate... ok" \
15846 -C "received HelloRetryRequest message"
15847
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15848requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15849requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15850requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15851requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15852requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15853requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15854requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15856run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15857 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15858 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15859 0 \
15860 -s "Protocol is TLSv1.3" \
15861 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15862 -s "received signature algorithm: 0x603" \
15863 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15864 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15865 -c "Protocol is TLSv1.3" \
15866 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15867 -c "Certificate Verify: Signature algorithm ( 0603 )" \
15868 -c "NamedGroup: x448 ( 1e )" \
15869 -c "Verifying peer X.509 certificate... ok" \
15870 -C "received HelloRetryRequest message"
15871
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15872requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15873requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15874requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15875requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15876requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15877requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15878requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15879requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15880requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15881requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15882run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15883 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15884 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15885 0 \
15886 -s "Protocol is TLSv1.3" \
15887 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15888 -s "received signature algorithm: 0x804" \
15889 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15890 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15891 -c "Protocol is TLSv1.3" \
15892 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15893 -c "Certificate Verify: Signature algorithm ( 0804 )" \
15894 -c "NamedGroup: x448 ( 1e )" \
15895 -c "Verifying peer X.509 certificate... ok" \
15896 -C "received HelloRetryRequest message"
15897
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15898requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15899requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15900requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15901requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15902requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15903requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15904requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15905requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]15906run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
15907 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15908 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
15909 0 \
15910 -s "Protocol is TLSv1.3" \
15911 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15912 -s "received signature algorithm: 0x403" \
15913 -s "got named group: ffdhe2048(0100)" \
15914 -s "Certificate verification was skipped" \
15915 -c "Protocol is TLSv1.3" \
15916 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15917 -c "Certificate Verify: Signature algorithm ( 0403 )" \
15918 -c "NamedGroup: ffdhe2048 ( 100 )" \
15919 -c "Verifying peer X.509 certificate... ok" \
15920 -C "received HelloRetryRequest message"
15921
15922requires_config_enabled MBEDTLS_SSL_SRV_C
15923requires_config_enabled MBEDTLS_DEBUG_C
15924requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15925requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15926requires_config_enabled MBEDTLS_SSL_CLI_C
15927requires_config_enabled MBEDTLS_DEBUG_C
15928requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15929requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15930run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
15931 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15932 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
15933 0 \
15934 -s "Protocol is TLSv1.3" \
15935 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15936 -s "received signature algorithm: 0x503" \
15937 -s "got named group: ffdhe2048(0100)" \
15938 -s "Certificate verification was skipped" \
15939 -c "Protocol is TLSv1.3" \
15940 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15941 -c "Certificate Verify: Signature algorithm ( 0503 )" \
15942 -c "NamedGroup: ffdhe2048 ( 100 )" \
15943 -c "Verifying peer X.509 certificate... ok" \
15944 -C "received HelloRetryRequest message"
15945
15946requires_config_enabled MBEDTLS_SSL_SRV_C
15947requires_config_enabled MBEDTLS_DEBUG_C
15948requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15949requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15950requires_config_enabled MBEDTLS_SSL_CLI_C
15951requires_config_enabled MBEDTLS_DEBUG_C
15952requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15953requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15954run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
15955 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15956 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
15957 0 \
15958 -s "Protocol is TLSv1.3" \
15959 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15960 -s "received signature algorithm: 0x603" \
15961 -s "got named group: ffdhe2048(0100)" \
15962 -s "Certificate verification was skipped" \
15963 -c "Protocol is TLSv1.3" \
15964 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15965 -c "Certificate Verify: Signature algorithm ( 0603 )" \
15966 -c "NamedGroup: ffdhe2048 ( 100 )" \
15967 -c "Verifying peer X.509 certificate... ok" \
15968 -C "received HelloRetryRequest message"
15969
15970requires_config_enabled MBEDTLS_SSL_SRV_C
15971requires_config_enabled MBEDTLS_DEBUG_C
15972requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15973requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15974requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15975requires_config_enabled MBEDTLS_SSL_CLI_C
15976requires_config_enabled MBEDTLS_DEBUG_C
15977requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15978requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
15979requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
15980run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
15981 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15982 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
15983 0 \
15984 -s "Protocol is TLSv1.3" \
15985 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
15986 -s "received signature algorithm: 0x804" \
15987 -s "got named group: ffdhe2048(0100)" \
15988 -s "Certificate verification was skipped" \
15989 -c "Protocol is TLSv1.3" \
15990 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
15991 -c "Certificate Verify: Signature algorithm ( 0804 )" \
15992 -c "NamedGroup: ffdhe2048 ( 100 )" \
15993 -c "Verifying peer X.509 certificate... ok" \
15994 -C "received HelloRetryRequest message"
15995
15996requires_config_enabled MBEDTLS_SSL_SRV_C
15997requires_config_enabled MBEDTLS_DEBUG_C
15998requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15999requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16000requires_config_enabled MBEDTLS_SSL_CLI_C
16001requires_config_enabled MBEDTLS_DEBUG_C
16002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16003requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16004run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp256r1_sha256" \
16005 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16006 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
16007 0 \
16008 -s "Protocol is TLSv1.3" \
16009 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16010 -s "received signature algorithm: 0x403" \
16011 -s "got named group: ffdhe3072(0101)" \
16012 -s "Certificate verification was skipped" \
16013 -c "Protocol is TLSv1.3" \
16014 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16015 -c "Certificate Verify: Signature algorithm ( 0403 )" \
16016 -c "NamedGroup: ffdhe3072 ( 101 )" \
16017 -c "Verifying peer X.509 certificate... ok" \
16018 -C "received HelloRetryRequest message"
16019
16020requires_config_enabled MBEDTLS_SSL_SRV_C
16021requires_config_enabled MBEDTLS_DEBUG_C
16022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16023requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16024requires_config_enabled MBEDTLS_SSL_CLI_C
16025requires_config_enabled MBEDTLS_DEBUG_C
16026requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16027requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16028run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp384r1_sha384" \
16029 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16030 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
16031 0 \
16032 -s "Protocol is TLSv1.3" \
16033 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16034 -s "received signature algorithm: 0x503" \
16035 -s "got named group: ffdhe3072(0101)" \
16036 -s "Certificate verification was skipped" \
16037 -c "Protocol is TLSv1.3" \
16038 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16039 -c "Certificate Verify: Signature algorithm ( 0503 )" \
16040 -c "NamedGroup: ffdhe3072 ( 101 )" \
16041 -c "Verifying peer X.509 certificate... ok" \
16042 -C "received HelloRetryRequest message"
16043
16044requires_config_enabled MBEDTLS_SSL_SRV_C
16045requires_config_enabled MBEDTLS_DEBUG_C
16046requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16047requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16048requires_config_enabled MBEDTLS_SSL_CLI_C
16049requires_config_enabled MBEDTLS_DEBUG_C
16050requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16051requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16052run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe3072,ecdsa_secp521r1_sha512" \
16053 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16054 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
16055 0 \
16056 -s "Protocol is TLSv1.3" \
16057 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16058 -s "received signature algorithm: 0x603" \
16059 -s "got named group: ffdhe3072(0101)" \
16060 -s "Certificate verification was skipped" \
16061 -c "Protocol is TLSv1.3" \
16062 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16063 -c "Certificate Verify: Signature algorithm ( 0603 )" \
16064 -c "NamedGroup: ffdhe3072 ( 101 )" \
16065 -c "Verifying peer X.509 certificate... ok" \
16066 -C "received HelloRetryRequest message"
16067
16068requires_config_enabled MBEDTLS_SSL_SRV_C
16069requires_config_enabled MBEDTLS_DEBUG_C
16070requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16071requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16072requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16073requires_config_enabled MBEDTLS_SSL_CLI_C
16074requires_config_enabled MBEDTLS_DEBUG_C
16075requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16076requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16077requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16078run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe3072,rsa_pss_rsae_sha256" \
16079 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16080 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
16081 0 \
16082 -s "Protocol is TLSv1.3" \
16083 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16084 -s "received signature algorithm: 0x804" \
16085 -s "got named group: ffdhe3072(0101)" \
16086 -s "Certificate verification was skipped" \
16087 -c "Protocol is TLSv1.3" \
16088 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16089 -c "Certificate Verify: Signature algorithm ( 0804 )" \
16090 -c "NamedGroup: ffdhe3072 ( 101 )" \
16091 -c "Verifying peer X.509 certificate... ok" \
16092 -C "received HelloRetryRequest message"
16093
16094requires_config_enabled MBEDTLS_SSL_SRV_C
16095requires_config_enabled MBEDTLS_DEBUG_C
16096requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16097requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16098requires_config_enabled MBEDTLS_SSL_CLI_C
16099requires_config_enabled MBEDTLS_DEBUG_C
16100requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16102run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp256r1_sha256" \
16103 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16104 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
16105 0 \
16106 -s "Protocol is TLSv1.3" \
16107 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16108 -s "received signature algorithm: 0x403" \
16109 -s "got named group: ffdhe4096(0102)" \
16110 -s "Certificate verification was skipped" \
16111 -c "Protocol is TLSv1.3" \
16112 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16113 -c "Certificate Verify: Signature algorithm ( 0403 )" \
16114 -c "NamedGroup: ffdhe4096 ( 102 )" \
16115 -c "Verifying peer X.509 certificate... ok" \
16116 -C "received HelloRetryRequest message"
16117
16118requires_config_enabled MBEDTLS_SSL_SRV_C
16119requires_config_enabled MBEDTLS_DEBUG_C
16120requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16122requires_config_enabled MBEDTLS_SSL_CLI_C
16123requires_config_enabled MBEDTLS_DEBUG_C
16124requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16125requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16126run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp384r1_sha384" \
16127 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16128 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
16129 0 \
16130 -s "Protocol is TLSv1.3" \
16131 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16132 -s "received signature algorithm: 0x503" \
16133 -s "got named group: ffdhe4096(0102)" \
16134 -s "Certificate verification was skipped" \
16135 -c "Protocol is TLSv1.3" \
16136 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16137 -c "Certificate Verify: Signature algorithm ( 0503 )" \
16138 -c "NamedGroup: ffdhe4096 ( 102 )" \
16139 -c "Verifying peer X.509 certificate... ok" \
16140 -C "received HelloRetryRequest message"
16141
16142requires_config_enabled MBEDTLS_SSL_SRV_C
16143requires_config_enabled MBEDTLS_DEBUG_C
16144requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16145requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16146requires_config_enabled MBEDTLS_SSL_CLI_C
16147requires_config_enabled MBEDTLS_DEBUG_C
16148requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16149requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16150run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe4096,ecdsa_secp521r1_sha512" \
16151 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16152 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
16153 0 \
16154 -s "Protocol is TLSv1.3" \
16155 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16156 -s "received signature algorithm: 0x603" \
16157 -s "got named group: ffdhe4096(0102)" \
16158 -s "Certificate verification was skipped" \
16159 -c "Protocol is TLSv1.3" \
16160 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16161 -c "Certificate Verify: Signature algorithm ( 0603 )" \
16162 -c "NamedGroup: ffdhe4096 ( 102 )" \
16163 -c "Verifying peer X.509 certificate... ok" \
16164 -C "received HelloRetryRequest message"
16165
16166requires_config_enabled MBEDTLS_SSL_SRV_C
16167requires_config_enabled MBEDTLS_DEBUG_C
16168requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16169requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16170requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16171requires_config_enabled MBEDTLS_SSL_CLI_C
16172requires_config_enabled MBEDTLS_DEBUG_C
16173requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16174requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16175requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16176run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe4096,rsa_pss_rsae_sha256" \
16177 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16178 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
16179 0 \
16180 -s "Protocol is TLSv1.3" \
16181 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16182 -s "received signature algorithm: 0x804" \
16183 -s "got named group: ffdhe4096(0102)" \
16184 -s "Certificate verification was skipped" \
16185 -c "Protocol is TLSv1.3" \
16186 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16187 -c "Certificate Verify: Signature algorithm ( 0804 )" \
16188 -c "NamedGroup: ffdhe4096 ( 102 )" \
16189 -c "Verifying peer X.509 certificate... ok" \
16190 -C "received HelloRetryRequest message"
16191
16192requires_config_enabled MBEDTLS_SSL_SRV_C
16193requires_config_enabled MBEDTLS_DEBUG_C
16194requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16195requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16196requires_config_enabled MBEDTLS_SSL_CLI_C
16197requires_config_enabled MBEDTLS_DEBUG_C
16198requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16199requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16200run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp256r1_sha256" \
16201 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16202 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
16203 0 \
16204 -s "Protocol is TLSv1.3" \
16205 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16206 -s "received signature algorithm: 0x403" \
16207 -s "got named group: ffdhe6144(0103)" \
16208 -s "Certificate verification was skipped" \
16209 -c "Protocol is TLSv1.3" \
16210 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16211 -c "Certificate Verify: Signature algorithm ( 0403 )" \
16212 -c "NamedGroup: ffdhe6144 ( 103 )" \
16213 -c "Verifying peer X.509 certificate... ok" \
16214 -C "received HelloRetryRequest message"
16215
16216requires_config_enabled MBEDTLS_SSL_SRV_C
16217requires_config_enabled MBEDTLS_DEBUG_C
16218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16220requires_config_enabled MBEDTLS_SSL_CLI_C
16221requires_config_enabled MBEDTLS_DEBUG_C
16222requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16223requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16224run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp384r1_sha384" \
16225 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16226 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
16227 0 \
16228 -s "Protocol is TLSv1.3" \
16229 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16230 -s "received signature algorithm: 0x503" \
16231 -s "got named group: ffdhe6144(0103)" \
16232 -s "Certificate verification was skipped" \
16233 -c "Protocol is TLSv1.3" \
16234 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16235 -c "Certificate Verify: Signature algorithm ( 0503 )" \
16236 -c "NamedGroup: ffdhe6144 ( 103 )" \
16237 -c "Verifying peer X.509 certificate... ok" \
16238 -C "received HelloRetryRequest message"
16239
16240requires_config_enabled MBEDTLS_SSL_SRV_C
16241requires_config_enabled MBEDTLS_DEBUG_C
16242requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16243requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16244requires_config_enabled MBEDTLS_SSL_CLI_C
16245requires_config_enabled MBEDTLS_DEBUG_C
16246requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16247requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16248run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe6144,ecdsa_secp521r1_sha512" \
16249 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16250 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
16251 0 \
16252 -s "Protocol is TLSv1.3" \
16253 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16254 -s "received signature algorithm: 0x603" \
16255 -s "got named group: ffdhe6144(0103)" \
16256 -s "Certificate verification was skipped" \
16257 -c "Protocol is TLSv1.3" \
16258 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16259 -c "Certificate Verify: Signature algorithm ( 0603 )" \
16260 -c "NamedGroup: ffdhe6144 ( 103 )" \
16261 -c "Verifying peer X.509 certificate... ok" \
16262 -C "received HelloRetryRequest message"
16263
16264requires_config_enabled MBEDTLS_SSL_SRV_C
16265requires_config_enabled MBEDTLS_DEBUG_C
16266requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16267requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16268requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16269requires_config_enabled MBEDTLS_SSL_CLI_C
16270requires_config_enabled MBEDTLS_DEBUG_C
16271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16272requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16273requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16274run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe6144,rsa_pss_rsae_sha256" \
16275 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16276 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
16277 0 \
16278 -s "Protocol is TLSv1.3" \
16279 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16280 -s "received signature algorithm: 0x804" \
16281 -s "got named group: ffdhe6144(0103)" \
16282 -s "Certificate verification was skipped" \
16283 -c "Protocol is TLSv1.3" \
16284 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16285 -c "Certificate Verify: Signature algorithm ( 0804 )" \
16286 -c "NamedGroup: ffdhe6144 ( 103 )" \
16287 -c "Verifying peer X.509 certificate... ok" \
16288 -C "received HelloRetryRequest message"
16289
16290requires_config_enabled MBEDTLS_SSL_SRV_C
16291requires_config_enabled MBEDTLS_DEBUG_C
16292requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16293requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16294requires_config_enabled MBEDTLS_SSL_CLI_C
16295requires_config_enabled MBEDTLS_DEBUG_C
16296requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16297requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16298run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
16299 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16300 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
16301 0 \
16302 -s "Protocol is TLSv1.3" \
16303 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16304 -s "received signature algorithm: 0x403" \
16305 -s "got named group: ffdhe8192(0104)" \
16306 -s "Certificate verification was skipped" \
16307 -c "Protocol is TLSv1.3" \
16308 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16309 -c "Certificate Verify: Signature algorithm ( 0403 )" \
16310 -c "NamedGroup: ffdhe8192 ( 104 )" \
16311 -c "Verifying peer X.509 certificate... ok" \
16312 -C "received HelloRetryRequest message"
16313
16314requires_config_enabled MBEDTLS_SSL_SRV_C
16315requires_config_enabled MBEDTLS_DEBUG_C
16316requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16317requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16318requires_config_enabled MBEDTLS_SSL_CLI_C
16319requires_config_enabled MBEDTLS_DEBUG_C
16320requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16321requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16322run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
16323 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16324 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
16325 0 \
16326 -s "Protocol is TLSv1.3" \
16327 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16328 -s "received signature algorithm: 0x503" \
16329 -s "got named group: ffdhe8192(0104)" \
16330 -s "Certificate verification was skipped" \
16331 -c "Protocol is TLSv1.3" \
16332 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16333 -c "Certificate Verify: Signature algorithm ( 0503 )" \
16334 -c "NamedGroup: ffdhe8192 ( 104 )" \
16335 -c "Verifying peer X.509 certificate... ok" \
16336 -C "received HelloRetryRequest message"
16337
16338requires_config_enabled MBEDTLS_SSL_SRV_C
16339requires_config_enabled MBEDTLS_DEBUG_C
16340requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16341requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16342requires_config_enabled MBEDTLS_SSL_CLI_C
16343requires_config_enabled MBEDTLS_DEBUG_C
16344requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16345requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16346run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
16347 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16348 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
16349 0 \
16350 -s "Protocol is TLSv1.3" \
16351 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16352 -s "received signature algorithm: 0x603" \
16353 -s "got named group: ffdhe8192(0104)" \
16354 -s "Certificate verification was skipped" \
16355 -c "Protocol is TLSv1.3" \
16356 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16357 -c "Certificate Verify: Signature algorithm ( 0603 )" \
16358 -c "NamedGroup: ffdhe8192 ( 104 )" \
16359 -c "Verifying peer X.509 certificate... ok" \
16360 -C "received HelloRetryRequest message"
16361
16362requires_config_enabled MBEDTLS_SSL_SRV_C
16363requires_config_enabled MBEDTLS_DEBUG_C
16364requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16365requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16366requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16367requires_config_enabled MBEDTLS_SSL_CLI_C
16368requires_config_enabled MBEDTLS_DEBUG_C
16369requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16370requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16371requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16372run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
16373 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16374 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
16375 0 \
16376 -s "Protocol is TLSv1.3" \
16377 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
16378 -s "received signature algorithm: 0x804" \
16379 -s "got named group: ffdhe8192(0104)" \
16380 -s "Certificate verification was skipped" \
16381 -c "Protocol is TLSv1.3" \
16382 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
16383 -c "Certificate Verify: Signature algorithm ( 0804 )" \
16384 -c "NamedGroup: ffdhe8192 ( 104 )" \
16385 -c "Verifying peer X.509 certificate... ok" \
16386 -C "received HelloRetryRequest message"
16387
16388requires_config_enabled MBEDTLS_SSL_SRV_C
16389requires_config_enabled MBEDTLS_DEBUG_C
16390requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16391requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16392requires_config_enabled MBEDTLS_SSL_CLI_C
16393requires_config_enabled MBEDTLS_DEBUG_C
16394requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16395requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16396run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16397 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16398 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16399 0 \
16400 -s "Protocol is TLSv1.3" \
16401 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16402 -s "received signature algorithm: 0x403" \
16403 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16404 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16405 -c "Protocol is TLSv1.3" \
16406 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16407 -c "Certificate Verify: Signature algorithm ( 0403 )" \
16408 -c "NamedGroup: secp256r1 ( 17 )" \
16409 -c "Verifying peer X.509 certificate... ok" \
16410 -C "received HelloRetryRequest message"
16411
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16412requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16413requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16414requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16415requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16416requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16417requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16418requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16419requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16420run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16421 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16422 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16423 0 \
16424 -s "Protocol is TLSv1.3" \
16425 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16426 -s "received signature algorithm: 0x503" \
16427 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16428 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16429 -c "Protocol is TLSv1.3" \
16430 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16431 -c "Certificate Verify: Signature algorithm ( 0503 )" \
16432 -c "NamedGroup: secp256r1 ( 17 )" \
16433 -c "Verifying peer X.509 certificate... ok" \
16434 -C "received HelloRetryRequest message"
16435
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16436requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16437requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16438requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16439requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16440requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16441requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16442requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16443requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16444run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16445 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16446 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16447 0 \
16448 -s "Protocol is TLSv1.3" \
16449 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16450 -s "received signature algorithm: 0x603" \
16451 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16452 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16453 -c "Protocol is TLSv1.3" \
16454 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16455 -c "Certificate Verify: Signature algorithm ( 0603 )" \
16456 -c "NamedGroup: secp256r1 ( 17 )" \
16457 -c "Verifying peer X.509 certificate... ok" \
16458 -C "received HelloRetryRequest message"
16459
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16460requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16461requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16462requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16463requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16464requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16465requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16466requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16467requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16468requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16469requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16470run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16471 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16472 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16473 0 \
16474 -s "Protocol is TLSv1.3" \
16475 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16476 -s "received signature algorithm: 0x804" \
16477 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16478 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16479 -c "Protocol is TLSv1.3" \
16480 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16481 -c "Certificate Verify: Signature algorithm ( 0804 )" \
16482 -c "NamedGroup: secp256r1 ( 17 )" \
16483 -c "Verifying peer X.509 certificate... ok" \
16484 -C "received HelloRetryRequest message"
16485
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16486requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16487requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16488requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16489requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16490requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16491requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16492requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16493requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16494run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16495 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16496 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16497 0 \
16498 -s "Protocol is TLSv1.3" \
16499 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16500 -s "received signature algorithm: 0x403" \
16501 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16502 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16503 -c "Protocol is TLSv1.3" \
16504 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16505 -c "Certificate Verify: Signature algorithm ( 0403 )" \
16506 -c "NamedGroup: secp384r1 ( 18 )" \
16507 -c "Verifying peer X.509 certificate... ok" \
16508 -C "received HelloRetryRequest message"
16509
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16510requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16511requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16512requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16513requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16514requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16515requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16516requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16517requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16518run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16519 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16520 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16521 0 \
16522 -s "Protocol is TLSv1.3" \
16523 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16524 -s "received signature algorithm: 0x503" \
16525 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16526 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16527 -c "Protocol is TLSv1.3" \
16528 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16529 -c "Certificate Verify: Signature algorithm ( 0503 )" \
16530 -c "NamedGroup: secp384r1 ( 18 )" \
16531 -c "Verifying peer X.509 certificate... ok" \
16532 -C "received HelloRetryRequest message"
16533
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16534requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16535requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16536requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16537requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16538requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16539requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16540requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16541requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16542run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16543 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16544 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16545 0 \
16546 -s "Protocol is TLSv1.3" \
16547 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16548 -s "received signature algorithm: 0x603" \
16549 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16550 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16551 -c "Protocol is TLSv1.3" \
16552 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16553 -c "Certificate Verify: Signature algorithm ( 0603 )" \
16554 -c "NamedGroup: secp384r1 ( 18 )" \
16555 -c "Verifying peer X.509 certificate... ok" \
16556 -C "received HelloRetryRequest message"
16557
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16558requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16559requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16560requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16561requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16562requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16563requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16564requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16565requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16566requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16567requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16568run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16569 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16570 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16571 0 \
16572 -s "Protocol is TLSv1.3" \
16573 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16574 -s "received signature algorithm: 0x804" \
16575 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16576 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16577 -c "Protocol is TLSv1.3" \
16578 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16579 -c "Certificate Verify: Signature algorithm ( 0804 )" \
16580 -c "NamedGroup: secp384r1 ( 18 )" \
16581 -c "Verifying peer X.509 certificate... ok" \
16582 -C "received HelloRetryRequest message"
16583
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16584requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16585requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16586requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16587requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16588requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16589requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16590requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16591requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16592run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16593 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16594 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16595 0 \
16596 -s "Protocol is TLSv1.3" \
16597 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16598 -s "received signature algorithm: 0x403" \
16599 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16600 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16601 -c "Protocol is TLSv1.3" \
16602 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16603 -c "Certificate Verify: Signature algorithm ( 0403 )" \
16604 -c "NamedGroup: secp521r1 ( 19 )" \
16605 -c "Verifying peer X.509 certificate... ok" \
16606 -C "received HelloRetryRequest message"
16607
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16608requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16609requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16610requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16611requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16612requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16613requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16614requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16615requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16616run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16617 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16618 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16619 0 \
16620 -s "Protocol is TLSv1.3" \
16621 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16622 -s "received signature algorithm: 0x503" \
16623 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16624 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16625 -c "Protocol is TLSv1.3" \
16626 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16627 -c "Certificate Verify: Signature algorithm ( 0503 )" \
16628 -c "NamedGroup: secp521r1 ( 19 )" \
16629 -c "Verifying peer X.509 certificate... ok" \
16630 -C "received HelloRetryRequest message"
16631
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16632requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16633requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16634requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16635requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16636requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16637requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16638requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16639requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16640run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16641 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16642 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16643 0 \
16644 -s "Protocol is TLSv1.3" \
16645 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16646 -s "received signature algorithm: 0x603" \
16647 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16648 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16649 -c "Protocol is TLSv1.3" \
16650 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16651 -c "Certificate Verify: Signature algorithm ( 0603 )" \
16652 -c "NamedGroup: secp521r1 ( 19 )" \
16653 -c "Verifying peer X.509 certificate... ok" \
16654 -C "received HelloRetryRequest message"
16655
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16656requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16657requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16658requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16659requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16660requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16661requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16662requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16663requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16664requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16665requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16666run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16667 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16668 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16669 0 \
16670 -s "Protocol is TLSv1.3" \
16671 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16672 -s "received signature algorithm: 0x804" \
16673 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16674 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16675 -c "Protocol is TLSv1.3" \
16676 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16677 -c "Certificate Verify: Signature algorithm ( 0804 )" \
16678 -c "NamedGroup: secp521r1 ( 19 )" \
16679 -c "Verifying peer X.509 certificate... ok" \
16680 -C "received HelloRetryRequest message"
16681
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16682requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16683requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16685requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16686requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16687requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16688requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16689requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16690run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16691 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16692 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16693 0 \
16694 -s "Protocol is TLSv1.3" \
16695 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16696 -s "received signature algorithm: 0x403" \
16697 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16698 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16699 -c "Protocol is TLSv1.3" \
16700 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16701 -c "Certificate Verify: Signature algorithm ( 0403 )" \
16702 -c "NamedGroup: x25519 ( 1d )" \
16703 -c "Verifying peer X.509 certificate... ok" \
16704 -C "received HelloRetryRequest message"
16705
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16706requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16707requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16708requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16709requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16710requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16711requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16712requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16713requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16714run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16715 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16716 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16717 0 \
16718 -s "Protocol is TLSv1.3" \
16719 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16720 -s "received signature algorithm: 0x503" \
16721 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16722 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16723 -c "Protocol is TLSv1.3" \
16724 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16725 -c "Certificate Verify: Signature algorithm ( 0503 )" \
16726 -c "NamedGroup: x25519 ( 1d )" \
16727 -c "Verifying peer X.509 certificate... ok" \
16728 -C "received HelloRetryRequest message"
16729
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16730requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16731requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16732requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16733requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16734requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16735requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16736requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16737requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16738run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16739 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16740 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16741 0 \
16742 -s "Protocol is TLSv1.3" \
16743 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16744 -s "received signature algorithm: 0x603" \
16745 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16746 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16747 -c "Protocol is TLSv1.3" \
16748 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16749 -c "Certificate Verify: Signature algorithm ( 0603 )" \
16750 -c "NamedGroup: x25519 ( 1d )" \
16751 -c "Verifying peer X.509 certificate... ok" \
16752 -C "received HelloRetryRequest message"
16753
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16754requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16755requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16756requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16758requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16759requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16760requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16761requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16762requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16763requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16764run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16765 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16766 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16767 0 \
16768 -s "Protocol is TLSv1.3" \
16769 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16770 -s "received signature algorithm: 0x804" \
16771 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16772 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16773 -c "Protocol is TLSv1.3" \
16774 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16775 -c "Certificate Verify: Signature algorithm ( 0804 )" \
16776 -c "NamedGroup: x25519 ( 1d )" \
16777 -c "Verifying peer X.509 certificate... ok" \
16778 -C "received HelloRetryRequest message"
16779
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16780requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16781requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16782requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16783requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16784requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16785requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16786requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16787requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16788run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16789 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16790 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16791 0 \
16792 -s "Protocol is TLSv1.3" \
16793 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16794 -s "received signature algorithm: 0x403" \
16795 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16796 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16797 -c "Protocol is TLSv1.3" \
16798 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16799 -c "Certificate Verify: Signature algorithm ( 0403 )" \
16800 -c "NamedGroup: x448 ( 1e )" \
16801 -c "Verifying peer X.509 certificate... ok" \
16802 -C "received HelloRetryRequest message"
16803
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16804requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16805requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16806requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16807requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16808requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16809requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16810requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16811requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16812run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16813 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16814 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16815 0 \
16816 -s "Protocol is TLSv1.3" \
16817 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16818 -s "received signature algorithm: 0x503" \
16819 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16820 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16821 -c "Protocol is TLSv1.3" \
16822 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16823 -c "Certificate Verify: Signature algorithm ( 0503 )" \
16824 -c "NamedGroup: x448 ( 1e )" \
16825 -c "Verifying peer X.509 certificate... ok" \
16826 -C "received HelloRetryRequest message"
16827
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16828requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16829requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16830requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16831requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16832requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16833requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16834requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16835requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16836run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16837 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16838 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16839 0 \
16840 -s "Protocol is TLSv1.3" \
16841 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16842 -s "received signature algorithm: 0x603" \
16843 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16844 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16845 -c "Protocol is TLSv1.3" \
16846 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16847 -c "Certificate Verify: Signature algorithm ( 0603 )" \
16848 -c "NamedGroup: x448 ( 1e )" \
16849 -c "Verifying peer X.509 certificate... ok" \
16850 -C "received HelloRetryRequest message"
16851
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16852requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16853requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16854requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16856requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16857requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16858requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16859requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16860requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16861requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16862run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]16863 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16864 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16865 0 \
16866 -s "Protocol is TLSv1.3" \
16867 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16868 -s "received signature algorithm: 0x804" \
16869 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]16870 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16871 -c "Protocol is TLSv1.3" \
16872 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16873 -c "Certificate Verify: Signature algorithm ( 0804 )" \
16874 -c "NamedGroup: x448 ( 1e )" \
16875 -c "Verifying peer X.509 certificate... ok" \
16876 -C "received HelloRetryRequest message"
16877
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]16878requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16879requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16880requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16881requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16882requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]16883requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]16884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]16885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]16886run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
16887 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16888 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
16889 0 \
16890 -s "Protocol is TLSv1.3" \
16891 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16892 -s "received signature algorithm: 0x403" \
16893 -s "got named group: ffdhe2048(0100)" \
16894 -s "Certificate verification was skipped" \
16895 -c "Protocol is TLSv1.3" \
16896 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16897 -c "Certificate Verify: Signature algorithm ( 0403 )" \
16898 -c "NamedGroup: ffdhe2048 ( 100 )" \
16899 -c "Verifying peer X.509 certificate... ok" \
16900 -C "received HelloRetryRequest message"
16901
16902requires_config_enabled MBEDTLS_SSL_SRV_C
16903requires_config_enabled MBEDTLS_DEBUG_C
16904requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16905requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16906requires_config_enabled MBEDTLS_SSL_CLI_C
16907requires_config_enabled MBEDTLS_DEBUG_C
16908requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16909requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16910run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
16911 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16912 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
16913 0 \
16914 -s "Protocol is TLSv1.3" \
16915 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16916 -s "received signature algorithm: 0x503" \
16917 -s "got named group: ffdhe2048(0100)" \
16918 -s "Certificate verification was skipped" \
16919 -c "Protocol is TLSv1.3" \
16920 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16921 -c "Certificate Verify: Signature algorithm ( 0503 )" \
16922 -c "NamedGroup: ffdhe2048 ( 100 )" \
16923 -c "Verifying peer X.509 certificate... ok" \
16924 -C "received HelloRetryRequest message"
16925
16926requires_config_enabled MBEDTLS_SSL_SRV_C
16927requires_config_enabled MBEDTLS_DEBUG_C
16928requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16929requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16930requires_config_enabled MBEDTLS_SSL_CLI_C
16931requires_config_enabled MBEDTLS_DEBUG_C
16932requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16933requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16934run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
16935 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16936 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
16937 0 \
16938 -s "Protocol is TLSv1.3" \
16939 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16940 -s "received signature algorithm: 0x603" \
16941 -s "got named group: ffdhe2048(0100)" \
16942 -s "Certificate verification was skipped" \
16943 -c "Protocol is TLSv1.3" \
16944 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16945 -c "Certificate Verify: Signature algorithm ( 0603 )" \
16946 -c "NamedGroup: ffdhe2048 ( 100 )" \
16947 -c "Verifying peer X.509 certificate... ok" \
16948 -C "received HelloRetryRequest message"
16949
16950requires_config_enabled MBEDTLS_SSL_SRV_C
16951requires_config_enabled MBEDTLS_DEBUG_C
16952requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16953requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16954requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16955requires_config_enabled MBEDTLS_SSL_CLI_C
16956requires_config_enabled MBEDTLS_DEBUG_C
16957requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16958requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16959requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
16960run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
16961 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16962 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
16963 0 \
16964 -s "Protocol is TLSv1.3" \
16965 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16966 -s "received signature algorithm: 0x804" \
16967 -s "got named group: ffdhe2048(0100)" \
16968 -s "Certificate verification was skipped" \
16969 -c "Protocol is TLSv1.3" \
16970 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16971 -c "Certificate Verify: Signature algorithm ( 0804 )" \
16972 -c "NamedGroup: ffdhe2048 ( 100 )" \
16973 -c "Verifying peer X.509 certificate... ok" \
16974 -C "received HelloRetryRequest message"
16975
16976requires_config_enabled MBEDTLS_SSL_SRV_C
16977requires_config_enabled MBEDTLS_DEBUG_C
16978requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16979requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16980requires_config_enabled MBEDTLS_SSL_CLI_C
16981requires_config_enabled MBEDTLS_DEBUG_C
16982requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
16983requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
16984run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
16985 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
16986 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
16987 0 \
16988 -s "Protocol is TLSv1.3" \
16989 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
16990 -s "received signature algorithm: 0x403" \
16991 -s "got named group: ffdhe3072(0101)" \
16992 -s "Certificate verification was skipped" \
16993 -c "Protocol is TLSv1.3" \
16994 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
16995 -c "Certificate Verify: Signature algorithm ( 0403 )" \
16996 -c "NamedGroup: ffdhe3072 ( 101 )" \
16997 -c "Verifying peer X.509 certificate... ok" \
16998 -C "received HelloRetryRequest message"
16999
17000requires_config_enabled MBEDTLS_SSL_SRV_C
17001requires_config_enabled MBEDTLS_DEBUG_C
17002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17003requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17004requires_config_enabled MBEDTLS_SSL_CLI_C
17005requires_config_enabled MBEDTLS_DEBUG_C
17006requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17007requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17008run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
17009 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17010 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
17011 0 \
17012 -s "Protocol is TLSv1.3" \
17013 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17014 -s "received signature algorithm: 0x503" \
17015 -s "got named group: ffdhe3072(0101)" \
17016 -s "Certificate verification was skipped" \
17017 -c "Protocol is TLSv1.3" \
17018 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17019 -c "Certificate Verify: Signature algorithm ( 0503 )" \
17020 -c "NamedGroup: ffdhe3072 ( 101 )" \
17021 -c "Verifying peer X.509 certificate... ok" \
17022 -C "received HelloRetryRequest message"
17023
17024requires_config_enabled MBEDTLS_SSL_SRV_C
17025requires_config_enabled MBEDTLS_DEBUG_C
17026requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17027requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17028requires_config_enabled MBEDTLS_SSL_CLI_C
17029requires_config_enabled MBEDTLS_DEBUG_C
17030requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17031requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17032run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
17033 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17034 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
17035 0 \
17036 -s "Protocol is TLSv1.3" \
17037 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17038 -s "received signature algorithm: 0x603" \
17039 -s "got named group: ffdhe3072(0101)" \
17040 -s "Certificate verification was skipped" \
17041 -c "Protocol is TLSv1.3" \
17042 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17043 -c "Certificate Verify: Signature algorithm ( 0603 )" \
17044 -c "NamedGroup: ffdhe3072 ( 101 )" \
17045 -c "Verifying peer X.509 certificate... ok" \
17046 -C "received HelloRetryRequest message"
17047
17048requires_config_enabled MBEDTLS_SSL_SRV_C
17049requires_config_enabled MBEDTLS_DEBUG_C
17050requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17051requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17052requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17053requires_config_enabled MBEDTLS_SSL_CLI_C
17054requires_config_enabled MBEDTLS_DEBUG_C
17055requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17056requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17057requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17058run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
17059 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17060 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
17061 0 \
17062 -s "Protocol is TLSv1.3" \
17063 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17064 -s "received signature algorithm: 0x804" \
17065 -s "got named group: ffdhe3072(0101)" \
17066 -s "Certificate verification was skipped" \
17067 -c "Protocol is TLSv1.3" \
17068 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17069 -c "Certificate Verify: Signature algorithm ( 0804 )" \
17070 -c "NamedGroup: ffdhe3072 ( 101 )" \
17071 -c "Verifying peer X.509 certificate... ok" \
17072 -C "received HelloRetryRequest message"
17073
17074requires_config_enabled MBEDTLS_SSL_SRV_C
17075requires_config_enabled MBEDTLS_DEBUG_C
17076requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17077requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17078requires_config_enabled MBEDTLS_SSL_CLI_C
17079requires_config_enabled MBEDTLS_DEBUG_C
17080requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17081requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17082run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
17083 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17084 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
17085 0 \
17086 -s "Protocol is TLSv1.3" \
17087 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17088 -s "received signature algorithm: 0x403" \
17089 -s "got named group: ffdhe4096(0102)" \
17090 -s "Certificate verification was skipped" \
17091 -c "Protocol is TLSv1.3" \
17092 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17093 -c "Certificate Verify: Signature algorithm ( 0403 )" \
17094 -c "NamedGroup: ffdhe4096 ( 102 )" \
17095 -c "Verifying peer X.509 certificate... ok" \
17096 -C "received HelloRetryRequest message"
17097
17098requires_config_enabled MBEDTLS_SSL_SRV_C
17099requires_config_enabled MBEDTLS_DEBUG_C
17100requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17102requires_config_enabled MBEDTLS_SSL_CLI_C
17103requires_config_enabled MBEDTLS_DEBUG_C
17104requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17105requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17106run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
17107 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17108 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
17109 0 \
17110 -s "Protocol is TLSv1.3" \
17111 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17112 -s "received signature algorithm: 0x503" \
17113 -s "got named group: ffdhe4096(0102)" \
17114 -s "Certificate verification was skipped" \
17115 -c "Protocol is TLSv1.3" \
17116 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17117 -c "Certificate Verify: Signature algorithm ( 0503 )" \
17118 -c "NamedGroup: ffdhe4096 ( 102 )" \
17119 -c "Verifying peer X.509 certificate... ok" \
17120 -C "received HelloRetryRequest message"
17121
17122requires_config_enabled MBEDTLS_SSL_SRV_C
17123requires_config_enabled MBEDTLS_DEBUG_C
17124requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17125requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17126requires_config_enabled MBEDTLS_SSL_CLI_C
17127requires_config_enabled MBEDTLS_DEBUG_C
17128requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17129requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17130run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
17131 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17132 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
17133 0 \
17134 -s "Protocol is TLSv1.3" \
17135 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17136 -s "received signature algorithm: 0x603" \
17137 -s "got named group: ffdhe4096(0102)" \
17138 -s "Certificate verification was skipped" \
17139 -c "Protocol is TLSv1.3" \
17140 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17141 -c "Certificate Verify: Signature algorithm ( 0603 )" \
17142 -c "NamedGroup: ffdhe4096 ( 102 )" \
17143 -c "Verifying peer X.509 certificate... ok" \
17144 -C "received HelloRetryRequest message"
17145
17146requires_config_enabled MBEDTLS_SSL_SRV_C
17147requires_config_enabled MBEDTLS_DEBUG_C
17148requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17149requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17150requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17151requires_config_enabled MBEDTLS_SSL_CLI_C
17152requires_config_enabled MBEDTLS_DEBUG_C
17153requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17154requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17155requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17156run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
17157 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17158 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
17159 0 \
17160 -s "Protocol is TLSv1.3" \
17161 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17162 -s "received signature algorithm: 0x804" \
17163 -s "got named group: ffdhe4096(0102)" \
17164 -s "Certificate verification was skipped" \
17165 -c "Protocol is TLSv1.3" \
17166 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17167 -c "Certificate Verify: Signature algorithm ( 0804 )" \
17168 -c "NamedGroup: ffdhe4096 ( 102 )" \
17169 -c "Verifying peer X.509 certificate... ok" \
17170 -C "received HelloRetryRequest message"
17171
17172requires_config_enabled MBEDTLS_SSL_SRV_C
17173requires_config_enabled MBEDTLS_DEBUG_C
17174requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17175requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17176requires_config_enabled MBEDTLS_SSL_CLI_C
17177requires_config_enabled MBEDTLS_DEBUG_C
17178requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17180run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
17181 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17182 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
17183 0 \
17184 -s "Protocol is TLSv1.3" \
17185 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17186 -s "received signature algorithm: 0x403" \
17187 -s "got named group: ffdhe6144(0103)" \
17188 -s "Certificate verification was skipped" \
17189 -c "Protocol is TLSv1.3" \
17190 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17191 -c "Certificate Verify: Signature algorithm ( 0403 )" \
17192 -c "NamedGroup: ffdhe6144 ( 103 )" \
17193 -c "Verifying peer X.509 certificate... ok" \
17194 -C "received HelloRetryRequest message"
17195
17196requires_config_enabled MBEDTLS_SSL_SRV_C
17197requires_config_enabled MBEDTLS_DEBUG_C
17198requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17199requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17200requires_config_enabled MBEDTLS_SSL_CLI_C
17201requires_config_enabled MBEDTLS_DEBUG_C
17202requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17203requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17204run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
17205 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17206 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
17207 0 \
17208 -s "Protocol is TLSv1.3" \
17209 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17210 -s "received signature algorithm: 0x503" \
17211 -s "got named group: ffdhe6144(0103)" \
17212 -s "Certificate verification was skipped" \
17213 -c "Protocol is TLSv1.3" \
17214 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17215 -c "Certificate Verify: Signature algorithm ( 0503 )" \
17216 -c "NamedGroup: ffdhe6144 ( 103 )" \
17217 -c "Verifying peer X.509 certificate... ok" \
17218 -C "received HelloRetryRequest message"
17219
17220requires_config_enabled MBEDTLS_SSL_SRV_C
17221requires_config_enabled MBEDTLS_DEBUG_C
17222requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17223requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17224requires_config_enabled MBEDTLS_SSL_CLI_C
17225requires_config_enabled MBEDTLS_DEBUG_C
17226requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17227requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17228run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
17229 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17230 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
17231 0 \
17232 -s "Protocol is TLSv1.3" \
17233 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17234 -s "received signature algorithm: 0x603" \
17235 -s "got named group: ffdhe6144(0103)" \
17236 -s "Certificate verification was skipped" \
17237 -c "Protocol is TLSv1.3" \
17238 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17239 -c "Certificate Verify: Signature algorithm ( 0603 )" \
17240 -c "NamedGroup: ffdhe6144 ( 103 )" \
17241 -c "Verifying peer X.509 certificate... ok" \
17242 -C "received HelloRetryRequest message"
17243
17244requires_config_enabled MBEDTLS_SSL_SRV_C
17245requires_config_enabled MBEDTLS_DEBUG_C
17246requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17247requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17248requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17249requires_config_enabled MBEDTLS_SSL_CLI_C
17250requires_config_enabled MBEDTLS_DEBUG_C
17251requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17252requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17253requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17254run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
17255 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17256 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
17257 0 \
17258 -s "Protocol is TLSv1.3" \
17259 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17260 -s "received signature algorithm: 0x804" \
17261 -s "got named group: ffdhe6144(0103)" \
17262 -s "Certificate verification was skipped" \
17263 -c "Protocol is TLSv1.3" \
17264 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17265 -c "Certificate Verify: Signature algorithm ( 0804 )" \
17266 -c "NamedGroup: ffdhe6144 ( 103 )" \
17267 -c "Verifying peer X.509 certificate... ok" \
17268 -C "received HelloRetryRequest message"
17269
17270requires_config_enabled MBEDTLS_SSL_SRV_C
17271requires_config_enabled MBEDTLS_DEBUG_C
17272requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17273requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17274requires_config_enabled MBEDTLS_SSL_CLI_C
17275requires_config_enabled MBEDTLS_DEBUG_C
17276requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17277requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17278run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
17279 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17280 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
17281 0 \
17282 -s "Protocol is TLSv1.3" \
17283 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17284 -s "received signature algorithm: 0x403" \
17285 -s "got named group: ffdhe8192(0104)" \
17286 -s "Certificate verification was skipped" \
17287 -c "Protocol is TLSv1.3" \
17288 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17289 -c "Certificate Verify: Signature algorithm ( 0403 )" \
17290 -c "NamedGroup: ffdhe8192 ( 104 )" \
17291 -c "Verifying peer X.509 certificate... ok" \
17292 -C "received HelloRetryRequest message"
17293
17294requires_config_enabled MBEDTLS_SSL_SRV_C
17295requires_config_enabled MBEDTLS_DEBUG_C
17296requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17297requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17298requires_config_enabled MBEDTLS_SSL_CLI_C
17299requires_config_enabled MBEDTLS_DEBUG_C
17300requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17301requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17302run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
17303 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17304 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
17305 0 \
17306 -s "Protocol is TLSv1.3" \
17307 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17308 -s "received signature algorithm: 0x503" \
17309 -s "got named group: ffdhe8192(0104)" \
17310 -s "Certificate verification was skipped" \
17311 -c "Protocol is TLSv1.3" \
17312 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17313 -c "Certificate Verify: Signature algorithm ( 0503 )" \
17314 -c "NamedGroup: ffdhe8192 ( 104 )" \
17315 -c "Verifying peer X.509 certificate... ok" \
17316 -C "received HelloRetryRequest message"
17317
17318requires_config_enabled MBEDTLS_SSL_SRV_C
17319requires_config_enabled MBEDTLS_DEBUG_C
17320requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17321requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17322requires_config_enabled MBEDTLS_SSL_CLI_C
17323requires_config_enabled MBEDTLS_DEBUG_C
17324requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17326run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
17327 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17328 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
17329 0 \
17330 -s "Protocol is TLSv1.3" \
17331 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17332 -s "received signature algorithm: 0x603" \
17333 -s "got named group: ffdhe8192(0104)" \
17334 -s "Certificate verification was skipped" \
17335 -c "Protocol is TLSv1.3" \
17336 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17337 -c "Certificate Verify: Signature algorithm ( 0603 )" \
17338 -c "NamedGroup: ffdhe8192 ( 104 )" \
17339 -c "Verifying peer X.509 certificate... ok" \
17340 -C "received HelloRetryRequest message"
17341
17342requires_config_enabled MBEDTLS_SSL_SRV_C
17343requires_config_enabled MBEDTLS_DEBUG_C
17344requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17345requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17346requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17347requires_config_enabled MBEDTLS_SSL_CLI_C
17348requires_config_enabled MBEDTLS_DEBUG_C
17349requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17350requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17351requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17352run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
17353 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17354 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
17355 0 \
17356 -s "Protocol is TLSv1.3" \
17357 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
17358 -s "received signature algorithm: 0x804" \
17359 -s "got named group: ffdhe8192(0104)" \
17360 -s "Certificate verification was skipped" \
17361 -c "Protocol is TLSv1.3" \
17362 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
17363 -c "Certificate Verify: Signature algorithm ( 0804 )" \
17364 -c "NamedGroup: ffdhe8192 ( 104 )" \
17365 -c "Verifying peer X.509 certificate... ok" \
17366 -C "received HelloRetryRequest message"
17367
17368requires_config_enabled MBEDTLS_SSL_SRV_C
17369requires_config_enabled MBEDTLS_DEBUG_C
17370requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17371requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17372requires_config_enabled MBEDTLS_SSL_CLI_C
17373requires_config_enabled MBEDTLS_DEBUG_C
17374requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17375requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17376run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17377 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17378 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17379 0 \
17380 -s "Protocol is TLSv1.3" \
17381 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17382 -s "received signature algorithm: 0x403" \
17383 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17384 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17385 -c "Protocol is TLSv1.3" \
17386 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17387 -c "Certificate Verify: Signature algorithm ( 0403 )" \
17388 -c "NamedGroup: secp256r1 ( 17 )" \
17389 -c "Verifying peer X.509 certificate... ok" \
17390 -C "received HelloRetryRequest message"
17391
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17392requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17393requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17394requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17395requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17396requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17397requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17398requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17399requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17400run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17401 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17402 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17403 0 \
17404 -s "Protocol is TLSv1.3" \
17405 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17406 -s "received signature algorithm: 0x503" \
17407 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17408 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17409 -c "Protocol is TLSv1.3" \
17410 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17411 -c "Certificate Verify: Signature algorithm ( 0503 )" \
17412 -c "NamedGroup: secp256r1 ( 17 )" \
17413 -c "Verifying peer X.509 certificate... ok" \
17414 -C "received HelloRetryRequest message"
17415
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17416requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17417requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17418requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17419requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17420requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17421requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17422requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17423requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17424run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17425 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17426 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17427 0 \
17428 -s "Protocol is TLSv1.3" \
17429 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17430 -s "received signature algorithm: 0x603" \
17431 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17432 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17433 -c "Protocol is TLSv1.3" \
17434 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17435 -c "Certificate Verify: Signature algorithm ( 0603 )" \
17436 -c "NamedGroup: secp256r1 ( 17 )" \
17437 -c "Verifying peer X.509 certificate... ok" \
17438 -C "received HelloRetryRequest message"
17439
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17440requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17441requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17442requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17443requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17444requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17445requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17446requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17447requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17448requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17449requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17450run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17451 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17452 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17453 0 \
17454 -s "Protocol is TLSv1.3" \
17455 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17456 -s "received signature algorithm: 0x804" \
17457 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17458 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17459 -c "Protocol is TLSv1.3" \
17460 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17461 -c "Certificate Verify: Signature algorithm ( 0804 )" \
17462 -c "NamedGroup: secp256r1 ( 17 )" \
17463 -c "Verifying peer X.509 certificate... ok" \
17464 -C "received HelloRetryRequest message"
17465
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17466requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17467requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17468requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17469requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17470requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17471requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17472requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17473requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17474run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17475 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17476 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17477 0 \
17478 -s "Protocol is TLSv1.3" \
17479 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17480 -s "received signature algorithm: 0x403" \
17481 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17482 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17483 -c "Protocol is TLSv1.3" \
17484 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17485 -c "Certificate Verify: Signature algorithm ( 0403 )" \
17486 -c "NamedGroup: secp384r1 ( 18 )" \
17487 -c "Verifying peer X.509 certificate... ok" \
17488 -C "received HelloRetryRequest message"
17489
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17490requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17491requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17492requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17493requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17494requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17495requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17496requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17497requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17498run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17499 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17500 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17501 0 \
17502 -s "Protocol is TLSv1.3" \
17503 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17504 -s "received signature algorithm: 0x503" \
17505 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17506 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17507 -c "Protocol is TLSv1.3" \
17508 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17509 -c "Certificate Verify: Signature algorithm ( 0503 )" \
17510 -c "NamedGroup: secp384r1 ( 18 )" \
17511 -c "Verifying peer X.509 certificate... ok" \
17512 -C "received HelloRetryRequest message"
17513
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17514requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17515requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17516requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17517requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17518requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17519requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17520requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17521requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17522run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17523 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17524 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17525 0 \
17526 -s "Protocol is TLSv1.3" \
17527 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17528 -s "received signature algorithm: 0x603" \
17529 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17530 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17531 -c "Protocol is TLSv1.3" \
17532 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17533 -c "Certificate Verify: Signature algorithm ( 0603 )" \
17534 -c "NamedGroup: secp384r1 ( 18 )" \
17535 -c "Verifying peer X.509 certificate... ok" \
17536 -C "received HelloRetryRequest message"
17537
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17538requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17539requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17540requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17541requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17542requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17543requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17544requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17545requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17546requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17547requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17548run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17549 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17550 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17551 0 \
17552 -s "Protocol is TLSv1.3" \
17553 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17554 -s "received signature algorithm: 0x804" \
17555 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17556 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17557 -c "Protocol is TLSv1.3" \
17558 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17559 -c "Certificate Verify: Signature algorithm ( 0804 )" \
17560 -c "NamedGroup: secp384r1 ( 18 )" \
17561 -c "Verifying peer X.509 certificate... ok" \
17562 -C "received HelloRetryRequest message"
17563
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17564requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17565requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17566requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17567requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17568requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17569requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17572run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17573 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17574 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17575 0 \
17576 -s "Protocol is TLSv1.3" \
17577 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17578 -s "received signature algorithm: 0x403" \
17579 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17580 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17581 -c "Protocol is TLSv1.3" \
17582 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17583 -c "Certificate Verify: Signature algorithm ( 0403 )" \
17584 -c "NamedGroup: secp521r1 ( 19 )" \
17585 -c "Verifying peer X.509 certificate... ok" \
17586 -C "received HelloRetryRequest message"
17587
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17588requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17589requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17590requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17591requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17592requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17593requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17594requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17595requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17596run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17597 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17598 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17599 0 \
17600 -s "Protocol is TLSv1.3" \
17601 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17602 -s "received signature algorithm: 0x503" \
17603 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17604 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17605 -c "Protocol is TLSv1.3" \
17606 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17607 -c "Certificate Verify: Signature algorithm ( 0503 )" \
17608 -c "NamedGroup: secp521r1 ( 19 )" \
17609 -c "Verifying peer X.509 certificate... ok" \
17610 -C "received HelloRetryRequest message"
17611
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17612requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17613requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17614requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17615requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17616requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17617requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17620run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17621 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17622 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17623 0 \
17624 -s "Protocol is TLSv1.3" \
17625 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17626 -s "received signature algorithm: 0x603" \
17627 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17628 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17629 -c "Protocol is TLSv1.3" \
17630 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17631 -c "Certificate Verify: Signature algorithm ( 0603 )" \
17632 -c "NamedGroup: secp521r1 ( 19 )" \
17633 -c "Verifying peer X.509 certificate... ok" \
17634 -C "received HelloRetryRequest message"
17635
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17636requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17637requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17638requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17639requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17640requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17641requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17642requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17643requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17644requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17645requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17646run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17647 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17648 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17649 0 \
17650 -s "Protocol is TLSv1.3" \
17651 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17652 -s "received signature algorithm: 0x804" \
17653 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17654 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17655 -c "Protocol is TLSv1.3" \
17656 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17657 -c "Certificate Verify: Signature algorithm ( 0804 )" \
17658 -c "NamedGroup: secp521r1 ( 19 )" \
17659 -c "Verifying peer X.509 certificate... ok" \
17660 -C "received HelloRetryRequest message"
17661
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17662requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17663requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17664requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17665requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17666requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17667requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17668requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17670run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17671 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17672 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17673 0 \
17674 -s "Protocol is TLSv1.3" \
17675 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17676 -s "received signature algorithm: 0x403" \
17677 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17678 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17679 -c "Protocol is TLSv1.3" \
17680 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17681 -c "Certificate Verify: Signature algorithm ( 0403 )" \
17682 -c "NamedGroup: x25519 ( 1d )" \
17683 -c "Verifying peer X.509 certificate... ok" \
17684 -C "received HelloRetryRequest message"
17685
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17686requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17687requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17688requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17689requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17690requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17691requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17692requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17693requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17694run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17695 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17696 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17697 0 \
17698 -s "Protocol is TLSv1.3" \
17699 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17700 -s "received signature algorithm: 0x503" \
17701 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17702 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17703 -c "Protocol is TLSv1.3" \
17704 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17705 -c "Certificate Verify: Signature algorithm ( 0503 )" \
17706 -c "NamedGroup: x25519 ( 1d )" \
17707 -c "Verifying peer X.509 certificate... ok" \
17708 -C "received HelloRetryRequest message"
17709
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17710requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17711requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17712requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17713requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17714requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17715requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17716requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17718run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17719 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17720 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17721 0 \
17722 -s "Protocol is TLSv1.3" \
17723 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17724 -s "received signature algorithm: 0x603" \
17725 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17726 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17727 -c "Protocol is TLSv1.3" \
17728 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17729 -c "Certificate Verify: Signature algorithm ( 0603 )" \
17730 -c "NamedGroup: x25519 ( 1d )" \
17731 -c "Verifying peer X.509 certificate... ok" \
17732 -C "received HelloRetryRequest message"
17733
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17734requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17735requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17736requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17737requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17738requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17739requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17740requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17741requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17742requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17743requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17744run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17745 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17746 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17747 0 \
17748 -s "Protocol is TLSv1.3" \
17749 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17750 -s "received signature algorithm: 0x804" \
17751 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17752 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17753 -c "Protocol is TLSv1.3" \
17754 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17755 -c "Certificate Verify: Signature algorithm ( 0804 )" \
17756 -c "NamedGroup: x25519 ( 1d )" \
17757 -c "Verifying peer X.509 certificate... ok" \
17758 -C "received HelloRetryRequest message"
17759
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17760requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17761requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17762requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17763requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17764requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17765requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17766requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17767requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17768run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17769 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17770 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17771 0 \
17772 -s "Protocol is TLSv1.3" \
17773 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17774 -s "received signature algorithm: 0x403" \
17775 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17776 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17777 -c "Protocol is TLSv1.3" \
17778 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17779 -c "Certificate Verify: Signature algorithm ( 0403 )" \
17780 -c "NamedGroup: x448 ( 1e )" \
17781 -c "Verifying peer X.509 certificate... ok" \
17782 -C "received HelloRetryRequest message"
17783
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17784requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17785requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17786requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17787requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17788requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17789requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17790requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17791requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17792run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17793 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17794 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17795 0 \
17796 -s "Protocol is TLSv1.3" \
17797 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17798 -s "received signature algorithm: 0x503" \
17799 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17800 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17801 -c "Protocol is TLSv1.3" \
17802 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17803 -c "Certificate Verify: Signature algorithm ( 0503 )" \
17804 -c "NamedGroup: x448 ( 1e )" \
17805 -c "Verifying peer X.509 certificate... ok" \
17806 -C "received HelloRetryRequest message"
17807
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17808requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17809requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17810requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17811requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17812requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17813requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17814requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17815requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17816run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17817 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17818 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17819 0 \
17820 -s "Protocol is TLSv1.3" \
17821 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17822 -s "received signature algorithm: 0x603" \
17823 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17824 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17825 -c "Protocol is TLSv1.3" \
17826 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17827 -c "Certificate Verify: Signature algorithm ( 0603 )" \
17828 -c "NamedGroup: x448 ( 1e )" \
17829 -c "Verifying peer X.509 certificate... ok" \
17830 -C "received HelloRetryRequest message"
17831
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17832requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17833requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17834requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17835requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17836requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17837requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17838requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17839requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17840requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17841requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17842run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17843 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17844 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17845 0 \
17846 -s "Protocol is TLSv1.3" \
17847 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17848 -s "received signature algorithm: 0x804" \
17849 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]17850 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17851 -c "Protocol is TLSv1.3" \
17852 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17853 -c "Certificate Verify: Signature algorithm ( 0804 )" \
17854 -c "NamedGroup: x448 ( 1e )" \
17855 -c "Verifying peer X.509 certificate... ok" \
17856 -C "received HelloRetryRequest message"
17857
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]17858requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17859requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17860requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17861requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17862requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]17863requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]17864requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]17865requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]17866run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
17867 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17868 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
17869 0 \
17870 -s "Protocol is TLSv1.3" \
17871 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17872 -s "received signature algorithm: 0x403" \
17873 -s "got named group: ffdhe2048(0100)" \
17874 -s "Certificate verification was skipped" \
17875 -c "Protocol is TLSv1.3" \
17876 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17877 -c "Certificate Verify: Signature algorithm ( 0403 )" \
17878 -c "NamedGroup: ffdhe2048 ( 100 )" \
17879 -c "Verifying peer X.509 certificate... ok" \
17880 -C "received HelloRetryRequest message"
17881
17882requires_config_enabled MBEDTLS_SSL_SRV_C
17883requires_config_enabled MBEDTLS_DEBUG_C
17884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17886requires_config_enabled MBEDTLS_SSL_CLI_C
17887requires_config_enabled MBEDTLS_DEBUG_C
17888requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17889requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17890run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
17891 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17892 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
17893 0 \
17894 -s "Protocol is TLSv1.3" \
17895 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17896 -s "received signature algorithm: 0x503" \
17897 -s "got named group: ffdhe2048(0100)" \
17898 -s "Certificate verification was skipped" \
17899 -c "Protocol is TLSv1.3" \
17900 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17901 -c "Certificate Verify: Signature algorithm ( 0503 )" \
17902 -c "NamedGroup: ffdhe2048 ( 100 )" \
17903 -c "Verifying peer X.509 certificate... ok" \
17904 -C "received HelloRetryRequest message"
17905
17906requires_config_enabled MBEDTLS_SSL_SRV_C
17907requires_config_enabled MBEDTLS_DEBUG_C
17908requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17909requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17910requires_config_enabled MBEDTLS_SSL_CLI_C
17911requires_config_enabled MBEDTLS_DEBUG_C
17912requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17913requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17914run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
17915 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17916 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
17917 0 \
17918 -s "Protocol is TLSv1.3" \
17919 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17920 -s "received signature algorithm: 0x603" \
17921 -s "got named group: ffdhe2048(0100)" \
17922 -s "Certificate verification was skipped" \
17923 -c "Protocol is TLSv1.3" \
17924 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17925 -c "Certificate Verify: Signature algorithm ( 0603 )" \
17926 -c "NamedGroup: ffdhe2048 ( 100 )" \
17927 -c "Verifying peer X.509 certificate... ok" \
17928 -C "received HelloRetryRequest message"
17929
17930requires_config_enabled MBEDTLS_SSL_SRV_C
17931requires_config_enabled MBEDTLS_DEBUG_C
17932requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17933requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17934requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17935requires_config_enabled MBEDTLS_SSL_CLI_C
17936requires_config_enabled MBEDTLS_DEBUG_C
17937requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17938requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17939requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
17940run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
17941 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17942 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
17943 0 \
17944 -s "Protocol is TLSv1.3" \
17945 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17946 -s "received signature algorithm: 0x804" \
17947 -s "got named group: ffdhe2048(0100)" \
17948 -s "Certificate verification was skipped" \
17949 -c "Protocol is TLSv1.3" \
17950 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17951 -c "Certificate Verify: Signature algorithm ( 0804 )" \
17952 -c "NamedGroup: ffdhe2048 ( 100 )" \
17953 -c "Verifying peer X.509 certificate... ok" \
17954 -C "received HelloRetryRequest message"
17955
17956requires_config_enabled MBEDTLS_SSL_SRV_C
17957requires_config_enabled MBEDTLS_DEBUG_C
17958requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17959requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17960requires_config_enabled MBEDTLS_SSL_CLI_C
17961requires_config_enabled MBEDTLS_DEBUG_C
17962requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17963requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17964run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
17965 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17966 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
17967 0 \
17968 -s "Protocol is TLSv1.3" \
17969 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17970 -s "received signature algorithm: 0x403" \
17971 -s "got named group: ffdhe3072(0101)" \
17972 -s "Certificate verification was skipped" \
17973 -c "Protocol is TLSv1.3" \
17974 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17975 -c "Certificate Verify: Signature algorithm ( 0403 )" \
17976 -c "NamedGroup: ffdhe3072 ( 101 )" \
17977 -c "Verifying peer X.509 certificate... ok" \
17978 -C "received HelloRetryRequest message"
17979
17980requires_config_enabled MBEDTLS_SSL_SRV_C
17981requires_config_enabled MBEDTLS_DEBUG_C
17982requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17983requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17984requires_config_enabled MBEDTLS_SSL_CLI_C
17985requires_config_enabled MBEDTLS_DEBUG_C
17986requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
17987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
17988run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
17989 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
17990 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
17991 0 \
17992 -s "Protocol is TLSv1.3" \
17993 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
17994 -s "received signature algorithm: 0x503" \
17995 -s "got named group: ffdhe3072(0101)" \
17996 -s "Certificate verification was skipped" \
17997 -c "Protocol is TLSv1.3" \
17998 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
17999 -c "Certificate Verify: Signature algorithm ( 0503 )" \
18000 -c "NamedGroup: ffdhe3072 ( 101 )" \
18001 -c "Verifying peer X.509 certificate... ok" \
18002 -C "received HelloRetryRequest message"
18003
18004requires_config_enabled MBEDTLS_SSL_SRV_C
18005requires_config_enabled MBEDTLS_DEBUG_C
18006requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18007requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18008requires_config_enabled MBEDTLS_SSL_CLI_C
18009requires_config_enabled MBEDTLS_DEBUG_C
18010requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18011requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18012run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
18013 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18014 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
18015 0 \
18016 -s "Protocol is TLSv1.3" \
18017 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18018 -s "received signature algorithm: 0x603" \
18019 -s "got named group: ffdhe3072(0101)" \
18020 -s "Certificate verification was skipped" \
18021 -c "Protocol is TLSv1.3" \
18022 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18023 -c "Certificate Verify: Signature algorithm ( 0603 )" \
18024 -c "NamedGroup: ffdhe3072 ( 101 )" \
18025 -c "Verifying peer X.509 certificate... ok" \
18026 -C "received HelloRetryRequest message"
18027
18028requires_config_enabled MBEDTLS_SSL_SRV_C
18029requires_config_enabled MBEDTLS_DEBUG_C
18030requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18031requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18032requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18033requires_config_enabled MBEDTLS_SSL_CLI_C
18034requires_config_enabled MBEDTLS_DEBUG_C
18035requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18036requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18037requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18038run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
18039 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18040 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
18041 0 \
18042 -s "Protocol is TLSv1.3" \
18043 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18044 -s "received signature algorithm: 0x804" \
18045 -s "got named group: ffdhe3072(0101)" \
18046 -s "Certificate verification was skipped" \
18047 -c "Protocol is TLSv1.3" \
18048 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18049 -c "Certificate Verify: Signature algorithm ( 0804 )" \
18050 -c "NamedGroup: ffdhe3072 ( 101 )" \
18051 -c "Verifying peer X.509 certificate... ok" \
18052 -C "received HelloRetryRequest message"
18053
18054requires_config_enabled MBEDTLS_SSL_SRV_C
18055requires_config_enabled MBEDTLS_DEBUG_C
18056requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18057requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18058requires_config_enabled MBEDTLS_SSL_CLI_C
18059requires_config_enabled MBEDTLS_DEBUG_C
18060requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18061requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18062run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
18063 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18064 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
18065 0 \
18066 -s "Protocol is TLSv1.3" \
18067 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18068 -s "received signature algorithm: 0x403" \
18069 -s "got named group: ffdhe4096(0102)" \
18070 -s "Certificate verification was skipped" \
18071 -c "Protocol is TLSv1.3" \
18072 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18073 -c "Certificate Verify: Signature algorithm ( 0403 )" \
18074 -c "NamedGroup: ffdhe4096 ( 102 )" \
18075 -c "Verifying peer X.509 certificate... ok" \
18076 -C "received HelloRetryRequest message"
18077
18078requires_config_enabled MBEDTLS_SSL_SRV_C
18079requires_config_enabled MBEDTLS_DEBUG_C
18080requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18081requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18082requires_config_enabled MBEDTLS_SSL_CLI_C
18083requires_config_enabled MBEDTLS_DEBUG_C
18084requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18085requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18086run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
18087 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18088 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
18089 0 \
18090 -s "Protocol is TLSv1.3" \
18091 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18092 -s "received signature algorithm: 0x503" \
18093 -s "got named group: ffdhe4096(0102)" \
18094 -s "Certificate verification was skipped" \
18095 -c "Protocol is TLSv1.3" \
18096 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18097 -c "Certificate Verify: Signature algorithm ( 0503 )" \
18098 -c "NamedGroup: ffdhe4096 ( 102 )" \
18099 -c "Verifying peer X.509 certificate... ok" \
18100 -C "received HelloRetryRequest message"
18101
18102requires_config_enabled MBEDTLS_SSL_SRV_C
18103requires_config_enabled MBEDTLS_DEBUG_C
18104requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18105requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18106requires_config_enabled MBEDTLS_SSL_CLI_C
18107requires_config_enabled MBEDTLS_DEBUG_C
18108requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18109requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18110run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
18111 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18112 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
18113 0 \
18114 -s "Protocol is TLSv1.3" \
18115 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18116 -s "received signature algorithm: 0x603" \
18117 -s "got named group: ffdhe4096(0102)" \
18118 -s "Certificate verification was skipped" \
18119 -c "Protocol is TLSv1.3" \
18120 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18121 -c "Certificate Verify: Signature algorithm ( 0603 )" \
18122 -c "NamedGroup: ffdhe4096 ( 102 )" \
18123 -c "Verifying peer X.509 certificate... ok" \
18124 -C "received HelloRetryRequest message"
18125
18126requires_config_enabled MBEDTLS_SSL_SRV_C
18127requires_config_enabled MBEDTLS_DEBUG_C
18128requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18129requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18130requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18131requires_config_enabled MBEDTLS_SSL_CLI_C
18132requires_config_enabled MBEDTLS_DEBUG_C
18133requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18134requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18135requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18136run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
18137 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18138 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
18139 0 \
18140 -s "Protocol is TLSv1.3" \
18141 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18142 -s "received signature algorithm: 0x804" \
18143 -s "got named group: ffdhe4096(0102)" \
18144 -s "Certificate verification was skipped" \
18145 -c "Protocol is TLSv1.3" \
18146 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18147 -c "Certificate Verify: Signature algorithm ( 0804 )" \
18148 -c "NamedGroup: ffdhe4096 ( 102 )" \
18149 -c "Verifying peer X.509 certificate... ok" \
18150 -C "received HelloRetryRequest message"
18151
18152requires_config_enabled MBEDTLS_SSL_SRV_C
18153requires_config_enabled MBEDTLS_DEBUG_C
18154requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18155requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18156requires_config_enabled MBEDTLS_SSL_CLI_C
18157requires_config_enabled MBEDTLS_DEBUG_C
18158requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18159requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18160run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
18161 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18162 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
18163 0 \
18164 -s "Protocol is TLSv1.3" \
18165 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18166 -s "received signature algorithm: 0x403" \
18167 -s "got named group: ffdhe6144(0103)" \
18168 -s "Certificate verification was skipped" \
18169 -c "Protocol is TLSv1.3" \
18170 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18171 -c "Certificate Verify: Signature algorithm ( 0403 )" \
18172 -c "NamedGroup: ffdhe6144 ( 103 )" \
18173 -c "Verifying peer X.509 certificate... ok" \
18174 -C "received HelloRetryRequest message"
18175
18176requires_config_enabled MBEDTLS_SSL_SRV_C
18177requires_config_enabled MBEDTLS_DEBUG_C
18178requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18180requires_config_enabled MBEDTLS_SSL_CLI_C
18181requires_config_enabled MBEDTLS_DEBUG_C
18182requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18183requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18184run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
18185 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18186 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
18187 0 \
18188 -s "Protocol is TLSv1.3" \
18189 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18190 -s "received signature algorithm: 0x503" \
18191 -s "got named group: ffdhe6144(0103)" \
18192 -s "Certificate verification was skipped" \
18193 -c "Protocol is TLSv1.3" \
18194 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18195 -c "Certificate Verify: Signature algorithm ( 0503 )" \
18196 -c "NamedGroup: ffdhe6144 ( 103 )" \
18197 -c "Verifying peer X.509 certificate... ok" \
18198 -C "received HelloRetryRequest message"
18199
18200requires_config_enabled MBEDTLS_SSL_SRV_C
18201requires_config_enabled MBEDTLS_DEBUG_C
18202requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18203requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18204requires_config_enabled MBEDTLS_SSL_CLI_C
18205requires_config_enabled MBEDTLS_DEBUG_C
18206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18207requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18208run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
18209 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18210 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
18211 0 \
18212 -s "Protocol is TLSv1.3" \
18213 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18214 -s "received signature algorithm: 0x603" \
18215 -s "got named group: ffdhe6144(0103)" \
18216 -s "Certificate verification was skipped" \
18217 -c "Protocol is TLSv1.3" \
18218 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18219 -c "Certificate Verify: Signature algorithm ( 0603 )" \
18220 -c "NamedGroup: ffdhe6144 ( 103 )" \
18221 -c "Verifying peer X.509 certificate... ok" \
18222 -C "received HelloRetryRequest message"
18223
18224requires_config_enabled MBEDTLS_SSL_SRV_C
18225requires_config_enabled MBEDTLS_DEBUG_C
18226requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18227requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18228requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18229requires_config_enabled MBEDTLS_SSL_CLI_C
18230requires_config_enabled MBEDTLS_DEBUG_C
18231requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18232requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18233requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18234run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
18235 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18236 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
18237 0 \
18238 -s "Protocol is TLSv1.3" \
18239 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18240 -s "received signature algorithm: 0x804" \
18241 -s "got named group: ffdhe6144(0103)" \
18242 -s "Certificate verification was skipped" \
18243 -c "Protocol is TLSv1.3" \
18244 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18245 -c "Certificate Verify: Signature algorithm ( 0804 )" \
18246 -c "NamedGroup: ffdhe6144 ( 103 )" \
18247 -c "Verifying peer X.509 certificate... ok" \
18248 -C "received HelloRetryRequest message"
18249
18250requires_config_enabled MBEDTLS_SSL_SRV_C
18251requires_config_enabled MBEDTLS_DEBUG_C
18252requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18253requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18254requires_config_enabled MBEDTLS_SSL_CLI_C
18255requires_config_enabled MBEDTLS_DEBUG_C
18256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18258run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
18259 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18260 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
18261 0 \
18262 -s "Protocol is TLSv1.3" \
18263 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18264 -s "received signature algorithm: 0x403" \
18265 -s "got named group: ffdhe8192(0104)" \
18266 -s "Certificate verification was skipped" \
18267 -c "Protocol is TLSv1.3" \
18268 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18269 -c "Certificate Verify: Signature algorithm ( 0403 )" \
18270 -c "NamedGroup: ffdhe8192 ( 104 )" \
18271 -c "Verifying peer X.509 certificate... ok" \
18272 -C "received HelloRetryRequest message"
18273
18274requires_config_enabled MBEDTLS_SSL_SRV_C
18275requires_config_enabled MBEDTLS_DEBUG_C
18276requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18277requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18278requires_config_enabled MBEDTLS_SSL_CLI_C
18279requires_config_enabled MBEDTLS_DEBUG_C
18280requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18281requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18282run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
18283 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18284 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
18285 0 \
18286 -s "Protocol is TLSv1.3" \
18287 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18288 -s "received signature algorithm: 0x503" \
18289 -s "got named group: ffdhe8192(0104)" \
18290 -s "Certificate verification was skipped" \
18291 -c "Protocol is TLSv1.3" \
18292 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18293 -c "Certificate Verify: Signature algorithm ( 0503 )" \
18294 -c "NamedGroup: ffdhe8192 ( 104 )" \
18295 -c "Verifying peer X.509 certificate... ok" \
18296 -C "received HelloRetryRequest message"
18297
18298requires_config_enabled MBEDTLS_SSL_SRV_C
18299requires_config_enabled MBEDTLS_DEBUG_C
18300requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18301requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18302requires_config_enabled MBEDTLS_SSL_CLI_C
18303requires_config_enabled MBEDTLS_DEBUG_C
18304requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18305requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18306run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
18307 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18308 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
18309 0 \
18310 -s "Protocol is TLSv1.3" \
18311 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18312 -s "received signature algorithm: 0x603" \
18313 -s "got named group: ffdhe8192(0104)" \
18314 -s "Certificate verification was skipped" \
18315 -c "Protocol is TLSv1.3" \
18316 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18317 -c "Certificate Verify: Signature algorithm ( 0603 )" \
18318 -c "NamedGroup: ffdhe8192 ( 104 )" \
18319 -c "Verifying peer X.509 certificate... ok" \
18320 -C "received HelloRetryRequest message"
18321
18322requires_config_enabled MBEDTLS_SSL_SRV_C
18323requires_config_enabled MBEDTLS_DEBUG_C
18324requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18326requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18327requires_config_enabled MBEDTLS_SSL_CLI_C
18328requires_config_enabled MBEDTLS_DEBUG_C
18329requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18330requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18331requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18332run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
18333 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18334 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
18335 0 \
18336 -s "Protocol is TLSv1.3" \
18337 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
18338 -s "received signature algorithm: 0x804" \
18339 -s "got named group: ffdhe8192(0104)" \
18340 -s "Certificate verification was skipped" \
18341 -c "Protocol is TLSv1.3" \
18342 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
18343 -c "Certificate Verify: Signature algorithm ( 0804 )" \
18344 -c "NamedGroup: ffdhe8192 ( 104 )" \
18345 -c "Verifying peer X.509 certificate... ok" \
18346 -C "received HelloRetryRequest message"
18347
18348requires_config_enabled MBEDTLS_SSL_SRV_C
18349requires_config_enabled MBEDTLS_DEBUG_C
18350requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18351requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18352requires_config_enabled MBEDTLS_SSL_CLI_C
18353requires_config_enabled MBEDTLS_DEBUG_C
18354requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18355requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18356run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18357 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18358 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18359 0 \
18360 -s "Protocol is TLSv1.3" \
18361 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18362 -s "received signature algorithm: 0x403" \
18363 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18364 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18365 -c "Protocol is TLSv1.3" \
18366 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18367 -c "Certificate Verify: Signature algorithm ( 0403 )" \
18368 -c "NamedGroup: secp256r1 ( 17 )" \
18369 -c "Verifying peer X.509 certificate... ok" \
18370 -C "received HelloRetryRequest message"
18371
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18372requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18373requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18374requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18375requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18376requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18377requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18378requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18379requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18380run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18381 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18382 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18383 0 \
18384 -s "Protocol is TLSv1.3" \
18385 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18386 -s "received signature algorithm: 0x503" \
18387 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18388 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18389 -c "Protocol is TLSv1.3" \
18390 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18391 -c "Certificate Verify: Signature algorithm ( 0503 )" \
18392 -c "NamedGroup: secp256r1 ( 17 )" \
18393 -c "Verifying peer X.509 certificate... ok" \
18394 -C "received HelloRetryRequest message"
18395
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18396requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18397requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18398requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18399requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18400requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18401requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18402requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18403requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18404run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18405 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18406 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18407 0 \
18408 -s "Protocol is TLSv1.3" \
18409 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18410 -s "received signature algorithm: 0x603" \
18411 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18412 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18413 -c "Protocol is TLSv1.3" \
18414 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18415 -c "Certificate Verify: Signature algorithm ( 0603 )" \
18416 -c "NamedGroup: secp256r1 ( 17 )" \
18417 -c "Verifying peer X.509 certificate... ok" \
18418 -C "received HelloRetryRequest message"
18419
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18420requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18421requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18422requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18423requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18424requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18425requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18426requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18427requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18428requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18429requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18430run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18431 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18432 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18433 0 \
18434 -s "Protocol is TLSv1.3" \
18435 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18436 -s "received signature algorithm: 0x804" \
18437 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18438 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18439 -c "Protocol is TLSv1.3" \
18440 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18441 -c "Certificate Verify: Signature algorithm ( 0804 )" \
18442 -c "NamedGroup: secp256r1 ( 17 )" \
18443 -c "Verifying peer X.509 certificate... ok" \
18444 -C "received HelloRetryRequest message"
18445
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18446requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18447requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18448requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18449requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18450requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18451requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18452requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18453requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18454run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18455 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18456 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18457 0 \
18458 -s "Protocol is TLSv1.3" \
18459 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18460 -s "received signature algorithm: 0x403" \
18461 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18462 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18463 -c "Protocol is TLSv1.3" \
18464 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18465 -c "Certificate Verify: Signature algorithm ( 0403 )" \
18466 -c "NamedGroup: secp384r1 ( 18 )" \
18467 -c "Verifying peer X.509 certificate... ok" \
18468 -C "received HelloRetryRequest message"
18469
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18470requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18471requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18472requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18473requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18474requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18475requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18476requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18477requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18478run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18479 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18480 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18481 0 \
18482 -s "Protocol is TLSv1.3" \
18483 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18484 -s "received signature algorithm: 0x503" \
18485 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18486 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18487 -c "Protocol is TLSv1.3" \
18488 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18489 -c "Certificate Verify: Signature algorithm ( 0503 )" \
18490 -c "NamedGroup: secp384r1 ( 18 )" \
18491 -c "Verifying peer X.509 certificate... ok" \
18492 -C "received HelloRetryRequest message"
18493
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18494requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18495requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18496requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18497requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18498requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18499requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18500requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18501requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18502run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18503 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18504 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18505 0 \
18506 -s "Protocol is TLSv1.3" \
18507 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18508 -s "received signature algorithm: 0x603" \
18509 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18510 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18511 -c "Protocol is TLSv1.3" \
18512 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18513 -c "Certificate Verify: Signature algorithm ( 0603 )" \
18514 -c "NamedGroup: secp384r1 ( 18 )" \
18515 -c "Verifying peer X.509 certificate... ok" \
18516 -C "received HelloRetryRequest message"
18517
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18518requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18519requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18520requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18521requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18522requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18523requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18524requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18525requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18526requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18527requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18528run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18529 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18530 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18531 0 \
18532 -s "Protocol is TLSv1.3" \
18533 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18534 -s "received signature algorithm: 0x804" \
18535 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18536 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18537 -c "Protocol is TLSv1.3" \
18538 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18539 -c "Certificate Verify: Signature algorithm ( 0804 )" \
18540 -c "NamedGroup: secp384r1 ( 18 )" \
18541 -c "Verifying peer X.509 certificate... ok" \
18542 -C "received HelloRetryRequest message"
18543
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18544requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18545requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18546requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18547requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18548requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18549requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18550requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18551requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18552run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18553 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18554 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18555 0 \
18556 -s "Protocol is TLSv1.3" \
18557 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18558 -s "received signature algorithm: 0x403" \
18559 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18560 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18561 -c "Protocol is TLSv1.3" \
18562 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18563 -c "Certificate Verify: Signature algorithm ( 0403 )" \
18564 -c "NamedGroup: secp521r1 ( 19 )" \
18565 -c "Verifying peer X.509 certificate... ok" \
18566 -C "received HelloRetryRequest message"
18567
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18568requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18569requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18572requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18573requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18574requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18575requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18576run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18577 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18578 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18579 0 \
18580 -s "Protocol is TLSv1.3" \
18581 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18582 -s "received signature algorithm: 0x503" \
18583 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18584 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18585 -c "Protocol is TLSv1.3" \
18586 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18587 -c "Certificate Verify: Signature algorithm ( 0503 )" \
18588 -c "NamedGroup: secp521r1 ( 19 )" \
18589 -c "Verifying peer X.509 certificate... ok" \
18590 -C "received HelloRetryRequest message"
18591
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18592requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18593requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18594requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18595requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18596requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18597requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18598requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18599requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18600run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18601 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18602 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18603 0 \
18604 -s "Protocol is TLSv1.3" \
18605 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18606 -s "received signature algorithm: 0x603" \
18607 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18608 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18609 -c "Protocol is TLSv1.3" \
18610 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18611 -c "Certificate Verify: Signature algorithm ( 0603 )" \
18612 -c "NamedGroup: secp521r1 ( 19 )" \
18613 -c "Verifying peer X.509 certificate... ok" \
18614 -C "received HelloRetryRequest message"
18615
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18616requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18617requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18620requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18621requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18622requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18624requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18625requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18626run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18627 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18628 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18629 0 \
18630 -s "Protocol is TLSv1.3" \
18631 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18632 -s "received signature algorithm: 0x804" \
18633 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18634 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18635 -c "Protocol is TLSv1.3" \
18636 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18637 -c "Certificate Verify: Signature algorithm ( 0804 )" \
18638 -c "NamedGroup: secp521r1 ( 19 )" \
18639 -c "Verifying peer X.509 certificate... ok" \
18640 -C "received HelloRetryRequest message"
18641
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18642requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18643requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18644requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18645requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18646requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18647requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18648requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18649requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18650run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18651 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18652 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18653 0 \
18654 -s "Protocol is TLSv1.3" \
18655 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18656 -s "received signature algorithm: 0x403" \
18657 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18658 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18659 -c "Protocol is TLSv1.3" \
18660 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18661 -c "Certificate Verify: Signature algorithm ( 0403 )" \
18662 -c "NamedGroup: x25519 ( 1d )" \
18663 -c "Verifying peer X.509 certificate... ok" \
18664 -C "received HelloRetryRequest message"
18665
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18666requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18667requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18668requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18670requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18671requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18672requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18673requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18674run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18675 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18676 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18677 0 \
18678 -s "Protocol is TLSv1.3" \
18679 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18680 -s "received signature algorithm: 0x503" \
18681 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18682 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18683 -c "Protocol is TLSv1.3" \
18684 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18685 -c "Certificate Verify: Signature algorithm ( 0503 )" \
18686 -c "NamedGroup: x25519 ( 1d )" \
18687 -c "Verifying peer X.509 certificate... ok" \
18688 -C "received HelloRetryRequest message"
18689
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18690requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18691requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18692requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18693requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18694requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18695requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18696requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18697requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18698run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18699 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18700 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18701 0 \
18702 -s "Protocol is TLSv1.3" \
18703 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18704 -s "received signature algorithm: 0x603" \
18705 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18706 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18707 -c "Protocol is TLSv1.3" \
18708 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18709 -c "Certificate Verify: Signature algorithm ( 0603 )" \
18710 -c "NamedGroup: x25519 ( 1d )" \
18711 -c "Verifying peer X.509 certificate... ok" \
18712 -C "received HelloRetryRequest message"
18713
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18714requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18715requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18716requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18718requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18719requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18720requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18721requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18722requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18723requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18724run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18725 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18726 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18727 0 \
18728 -s "Protocol is TLSv1.3" \
18729 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18730 -s "received signature algorithm: 0x804" \
18731 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18732 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18733 -c "Protocol is TLSv1.3" \
18734 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18735 -c "Certificate Verify: Signature algorithm ( 0804 )" \
18736 -c "NamedGroup: x25519 ( 1d )" \
18737 -c "Verifying peer X.509 certificate... ok" \
18738 -C "received HelloRetryRequest message"
18739
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18740requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18741requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18742requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18743requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18744requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18745requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18746requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18747requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18748run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18749 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18750 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18751 0 \
18752 -s "Protocol is TLSv1.3" \
18753 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18754 -s "received signature algorithm: 0x403" \
18755 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18756 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18757 -c "Protocol is TLSv1.3" \
18758 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18759 -c "Certificate Verify: Signature algorithm ( 0403 )" \
18760 -c "NamedGroup: x448 ( 1e )" \
18761 -c "Verifying peer X.509 certificate... ok" \
18762 -C "received HelloRetryRequest message"
18763
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18764requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18765requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18766requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18767requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18768requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18769requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18770requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18771requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18772run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18773 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18774 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18775 0 \
18776 -s "Protocol is TLSv1.3" \
18777 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18778 -s "received signature algorithm: 0x503" \
18779 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18780 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18781 -c "Protocol is TLSv1.3" \
18782 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18783 -c "Certificate Verify: Signature algorithm ( 0503 )" \
18784 -c "NamedGroup: x448 ( 1e )" \
18785 -c "Verifying peer X.509 certificate... ok" \
18786 -C "received HelloRetryRequest message"
18787
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18788requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18789requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18790requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18791requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18792requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18793requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18794requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18795requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18796run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18797 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18798 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18799 0 \
18800 -s "Protocol is TLSv1.3" \
18801 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18802 -s "received signature algorithm: 0x603" \
18803 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18804 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18805 -c "Protocol is TLSv1.3" \
18806 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18807 -c "Certificate Verify: Signature algorithm ( 0603 )" \
18808 -c "NamedGroup: x448 ( 1e )" \
18809 -c "Verifying peer X.509 certificate... ok" \
18810 -C "received HelloRetryRequest message"
18811
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18812requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18813requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18814requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18815requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18816requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18817requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18818requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18819requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18820requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18821requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18822run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]18823 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18824 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18825 0 \
18826 -s "Protocol is TLSv1.3" \
18827 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18828 -s "received signature algorithm: 0x804" \
18829 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]18830 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]18831 -c "Protocol is TLSv1.3" \
18832 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18833 -c "Certificate Verify: Signature algorithm ( 0804 )" \
18834 -c "NamedGroup: x448 ( 1e )" \
18835 -c "Verifying peer X.509 certificate... ok" \
18836 -C "received HelloRetryRequest message"
18837
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18838requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]18839requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]18840requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]18841requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]18842requires_config_enabled MBEDTLS_SSL_CLI_C
18843requires_config_enabled MBEDTLS_DEBUG_C
18844requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18845requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18846run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
18847 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18848 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
18849 0 \
18850 -s "Protocol is TLSv1.3" \
18851 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18852 -s "received signature algorithm: 0x403" \
18853 -s "got named group: ffdhe2048(0100)" \
18854 -s "Certificate verification was skipped" \
18855 -c "Protocol is TLSv1.3" \
18856 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18857 -c "Certificate Verify: Signature algorithm ( 0403 )" \
18858 -c "NamedGroup: ffdhe2048 ( 100 )" \
18859 -c "Verifying peer X.509 certificate... ok" \
18860 -C "received HelloRetryRequest message"
18861
18862requires_config_enabled MBEDTLS_SSL_SRV_C
18863requires_config_enabled MBEDTLS_DEBUG_C
18864requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18865requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18866requires_config_enabled MBEDTLS_SSL_CLI_C
18867requires_config_enabled MBEDTLS_DEBUG_C
18868requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18869requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18870run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
18871 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18872 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
18873 0 \
18874 -s "Protocol is TLSv1.3" \
18875 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18876 -s "received signature algorithm: 0x503" \
18877 -s "got named group: ffdhe2048(0100)" \
18878 -s "Certificate verification was skipped" \
18879 -c "Protocol is TLSv1.3" \
18880 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18881 -c "Certificate Verify: Signature algorithm ( 0503 )" \
18882 -c "NamedGroup: ffdhe2048 ( 100 )" \
18883 -c "Verifying peer X.509 certificate... ok" \
18884 -C "received HelloRetryRequest message"
18885
18886requires_config_enabled MBEDTLS_SSL_SRV_C
18887requires_config_enabled MBEDTLS_DEBUG_C
18888requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18889requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18890requires_config_enabled MBEDTLS_SSL_CLI_C
18891requires_config_enabled MBEDTLS_DEBUG_C
18892requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18893requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18894run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
18895 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18896 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
18897 0 \
18898 -s "Protocol is TLSv1.3" \
18899 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18900 -s "received signature algorithm: 0x603" \
18901 -s "got named group: ffdhe2048(0100)" \
18902 -s "Certificate verification was skipped" \
18903 -c "Protocol is TLSv1.3" \
18904 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18905 -c "Certificate Verify: Signature algorithm ( 0603 )" \
18906 -c "NamedGroup: ffdhe2048 ( 100 )" \
18907 -c "Verifying peer X.509 certificate... ok" \
18908 -C "received HelloRetryRequest message"
18909
18910requires_config_enabled MBEDTLS_SSL_SRV_C
18911requires_config_enabled MBEDTLS_DEBUG_C
18912requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18913requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18914requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18915requires_config_enabled MBEDTLS_SSL_CLI_C
18916requires_config_enabled MBEDTLS_DEBUG_C
18917requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18918requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18919requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
18920run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
18921 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18922 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
18923 0 \
18924 -s "Protocol is TLSv1.3" \
18925 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18926 -s "received signature algorithm: 0x804" \
18927 -s "got named group: ffdhe2048(0100)" \
18928 -s "Certificate verification was skipped" \
18929 -c "Protocol is TLSv1.3" \
18930 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18931 -c "Certificate Verify: Signature algorithm ( 0804 )" \
18932 -c "NamedGroup: ffdhe2048 ( 100 )" \
18933 -c "Verifying peer X.509 certificate... ok" \
18934 -C "received HelloRetryRequest message"
18935
18936requires_config_enabled MBEDTLS_SSL_SRV_C
18937requires_config_enabled MBEDTLS_DEBUG_C
18938requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18939requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18940requires_config_enabled MBEDTLS_SSL_CLI_C
18941requires_config_enabled MBEDTLS_DEBUG_C
18942requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18943requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18944run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp256r1_sha256" \
18945 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18946 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072" \
18947 0 \
18948 -s "Protocol is TLSv1.3" \
18949 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18950 -s "received signature algorithm: 0x403" \
18951 -s "got named group: ffdhe3072(0101)" \
18952 -s "Certificate verification was skipped" \
18953 -c "Protocol is TLSv1.3" \
18954 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18955 -c "Certificate Verify: Signature algorithm ( 0403 )" \
18956 -c "NamedGroup: ffdhe3072 ( 101 )" \
18957 -c "Verifying peer X.509 certificate... ok" \
18958 -C "received HelloRetryRequest message"
18959
18960requires_config_enabled MBEDTLS_SSL_SRV_C
18961requires_config_enabled MBEDTLS_DEBUG_C
18962requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18963requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18964requires_config_enabled MBEDTLS_SSL_CLI_C
18965requires_config_enabled MBEDTLS_DEBUG_C
18966requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18967requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18968run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp384r1_sha384" \
18969 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18970 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe3072" \
18971 0 \
18972 -s "Protocol is TLSv1.3" \
18973 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18974 -s "received signature algorithm: 0x503" \
18975 -s "got named group: ffdhe3072(0101)" \
18976 -s "Certificate verification was skipped" \
18977 -c "Protocol is TLSv1.3" \
18978 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
18979 -c "Certificate Verify: Signature algorithm ( 0503 )" \
18980 -c "NamedGroup: ffdhe3072 ( 101 )" \
18981 -c "Verifying peer X.509 certificate... ok" \
18982 -C "received HelloRetryRequest message"
18983
18984requires_config_enabled MBEDTLS_SSL_SRV_C
18985requires_config_enabled MBEDTLS_DEBUG_C
18986requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18988requires_config_enabled MBEDTLS_SSL_CLI_C
18989requires_config_enabled MBEDTLS_DEBUG_C
18990requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
18991requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
18992run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe3072,ecdsa_secp521r1_sha512" \
18993 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
18994 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe3072" \
18995 0 \
18996 -s "Protocol is TLSv1.3" \
18997 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
18998 -s "received signature algorithm: 0x603" \
18999 -s "got named group: ffdhe3072(0101)" \
19000 -s "Certificate verification was skipped" \
19001 -c "Protocol is TLSv1.3" \
19002 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19003 -c "Certificate Verify: Signature algorithm ( 0603 )" \
19004 -c "NamedGroup: ffdhe3072 ( 101 )" \
19005 -c "Verifying peer X.509 certificate... ok" \
19006 -C "received HelloRetryRequest message"
19007
19008requires_config_enabled MBEDTLS_SSL_SRV_C
19009requires_config_enabled MBEDTLS_DEBUG_C
19010requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19011requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19012requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
19013requires_config_enabled MBEDTLS_SSL_CLI_C
19014requires_config_enabled MBEDTLS_DEBUG_C
19015requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19016requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19017requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
19018run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
19019 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19020 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe3072" \
19021 0 \
19022 -s "Protocol is TLSv1.3" \
19023 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
19024 -s "received signature algorithm: 0x804" \
19025 -s "got named group: ffdhe3072(0101)" \
19026 -s "Certificate verification was skipped" \
19027 -c "Protocol is TLSv1.3" \
19028 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19029 -c "Certificate Verify: Signature algorithm ( 0804 )" \
19030 -c "NamedGroup: ffdhe3072 ( 101 )" \
19031 -c "Verifying peer X.509 certificate... ok" \
19032 -C "received HelloRetryRequest message"
19033
19034requires_config_enabled MBEDTLS_SSL_SRV_C
19035requires_config_enabled MBEDTLS_DEBUG_C
19036requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19037requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19038requires_config_enabled MBEDTLS_SSL_CLI_C
19039requires_config_enabled MBEDTLS_DEBUG_C
19040requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19041requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19042run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp256r1_sha256" \
19043 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19044 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096" \
19045 0 \
19046 -s "Protocol is TLSv1.3" \
19047 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
19048 -s "received signature algorithm: 0x403" \
19049 -s "got named group: ffdhe4096(0102)" \
19050 -s "Certificate verification was skipped" \
19051 -c "Protocol is TLSv1.3" \
19052 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19053 -c "Certificate Verify: Signature algorithm ( 0403 )" \
19054 -c "NamedGroup: ffdhe4096 ( 102 )" \
19055 -c "Verifying peer X.509 certificate... ok" \
19056 -C "received HelloRetryRequest message"
19057
19058requires_config_enabled MBEDTLS_SSL_SRV_C
19059requires_config_enabled MBEDTLS_DEBUG_C
19060requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19061requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19062requires_config_enabled MBEDTLS_SSL_CLI_C
19063requires_config_enabled MBEDTLS_DEBUG_C
19064requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19065requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19066run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp384r1_sha384" \
19067 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19068 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe4096" \
19069 0 \
19070 -s "Protocol is TLSv1.3" \
19071 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
19072 -s "received signature algorithm: 0x503" \
19073 -s "got named group: ffdhe4096(0102)" \
19074 -s "Certificate verification was skipped" \
19075 -c "Protocol is TLSv1.3" \
19076 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19077 -c "Certificate Verify: Signature algorithm ( 0503 )" \
19078 -c "NamedGroup: ffdhe4096 ( 102 )" \
19079 -c "Verifying peer X.509 certificate... ok" \
19080 -C "received HelloRetryRequest message"
19081
19082requires_config_enabled MBEDTLS_SSL_SRV_C
19083requires_config_enabled MBEDTLS_DEBUG_C
19084requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19085requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19086requires_config_enabled MBEDTLS_SSL_CLI_C
19087requires_config_enabled MBEDTLS_DEBUG_C
19088requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19089requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19090run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe4096,ecdsa_secp521r1_sha512" \
19091 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19092 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe4096" \
19093 0 \
19094 -s "Protocol is TLSv1.3" \
19095 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
19096 -s "received signature algorithm: 0x603" \
19097 -s "got named group: ffdhe4096(0102)" \
19098 -s "Certificate verification was skipped" \
19099 -c "Protocol is TLSv1.3" \
19100 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19101 -c "Certificate Verify: Signature algorithm ( 0603 )" \
19102 -c "NamedGroup: ffdhe4096 ( 102 )" \
19103 -c "Verifying peer X.509 certificate... ok" \
19104 -C "received HelloRetryRequest message"
19105
19106requires_config_enabled MBEDTLS_SSL_SRV_C
19107requires_config_enabled MBEDTLS_DEBUG_C
19108requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19109requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19110requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
19111requires_config_enabled MBEDTLS_SSL_CLI_C
19112requires_config_enabled MBEDTLS_DEBUG_C
19113requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19114requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19115requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
19116run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
19117 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19118 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe4096" \
19119 0 \
19120 -s "Protocol is TLSv1.3" \
19121 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
19122 -s "received signature algorithm: 0x804" \
19123 -s "got named group: ffdhe4096(0102)" \
19124 -s "Certificate verification was skipped" \
19125 -c "Protocol is TLSv1.3" \
19126 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19127 -c "Certificate Verify: Signature algorithm ( 0804 )" \
19128 -c "NamedGroup: ffdhe4096 ( 102 )" \
19129 -c "Verifying peer X.509 certificate... ok" \
19130 -C "received HelloRetryRequest message"
19131
19132requires_config_enabled MBEDTLS_SSL_SRV_C
19133requires_config_enabled MBEDTLS_DEBUG_C
19134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19136requires_config_enabled MBEDTLS_SSL_CLI_C
19137requires_config_enabled MBEDTLS_DEBUG_C
19138requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19139requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19140run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp256r1_sha256" \
19141 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19142 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144" \
19143 0 \
19144 -s "Protocol is TLSv1.3" \
19145 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
19146 -s "received signature algorithm: 0x403" \
19147 -s "got named group: ffdhe6144(0103)" \
19148 -s "Certificate verification was skipped" \
19149 -c "Protocol is TLSv1.3" \
19150 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19151 -c "Certificate Verify: Signature algorithm ( 0403 )" \
19152 -c "NamedGroup: ffdhe6144 ( 103 )" \
19153 -c "Verifying peer X.509 certificate... ok" \
19154 -C "received HelloRetryRequest message"
19155
19156requires_config_enabled MBEDTLS_SSL_SRV_C
19157requires_config_enabled MBEDTLS_DEBUG_C
19158requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19159requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19160requires_config_enabled MBEDTLS_SSL_CLI_C
19161requires_config_enabled MBEDTLS_DEBUG_C
19162requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19163requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19164run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp384r1_sha384" \
19165 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19166 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe6144" \
19167 0 \
19168 -s "Protocol is TLSv1.3" \
19169 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
19170 -s "received signature algorithm: 0x503" \
19171 -s "got named group: ffdhe6144(0103)" \
19172 -s "Certificate verification was skipped" \
19173 -c "Protocol is TLSv1.3" \
19174 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19175 -c "Certificate Verify: Signature algorithm ( 0503 )" \
19176 -c "NamedGroup: ffdhe6144 ( 103 )" \
19177 -c "Verifying peer X.509 certificate... ok" \
19178 -C "received HelloRetryRequest message"
19179
19180requires_config_enabled MBEDTLS_SSL_SRV_C
19181requires_config_enabled MBEDTLS_DEBUG_C
19182requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19183requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19184requires_config_enabled MBEDTLS_SSL_CLI_C
19185requires_config_enabled MBEDTLS_DEBUG_C
19186requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19188run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe6144,ecdsa_secp521r1_sha512" \
19189 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19190 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe6144" \
19191 0 \
19192 -s "Protocol is TLSv1.3" \
19193 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
19194 -s "received signature algorithm: 0x603" \
19195 -s "got named group: ffdhe6144(0103)" \
19196 -s "Certificate verification was skipped" \
19197 -c "Protocol is TLSv1.3" \
19198 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19199 -c "Certificate Verify: Signature algorithm ( 0603 )" \
19200 -c "NamedGroup: ffdhe6144 ( 103 )" \
19201 -c "Verifying peer X.509 certificate... ok" \
19202 -C "received HelloRetryRequest message"
19203
19204requires_config_enabled MBEDTLS_SSL_SRV_C
19205requires_config_enabled MBEDTLS_DEBUG_C
19206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19207requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19208requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
19209requires_config_enabled MBEDTLS_SSL_CLI_C
19210requires_config_enabled MBEDTLS_DEBUG_C
19211requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19212requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19213requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
19214run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
19215 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19216 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe6144" \
19217 0 \
19218 -s "Protocol is TLSv1.3" \
19219 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
19220 -s "received signature algorithm: 0x804" \
19221 -s "got named group: ffdhe6144(0103)" \
19222 -s "Certificate verification was skipped" \
19223 -c "Protocol is TLSv1.3" \
19224 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19225 -c "Certificate Verify: Signature algorithm ( 0804 )" \
19226 -c "NamedGroup: ffdhe6144 ( 103 )" \
19227 -c "Verifying peer X.509 certificate... ok" \
19228 -C "received HelloRetryRequest message"
19229
19230requires_config_enabled MBEDTLS_SSL_SRV_C
19231requires_config_enabled MBEDTLS_DEBUG_C
19232requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19233requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19234requires_config_enabled MBEDTLS_SSL_CLI_C
19235requires_config_enabled MBEDTLS_DEBUG_C
19236requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19237requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19238run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
19239 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19240 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
19241 0 \
19242 -s "Protocol is TLSv1.3" \
19243 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
19244 -s "received signature algorithm: 0x403" \
19245 -s "got named group: ffdhe8192(0104)" \
19246 -s "Certificate verification was skipped" \
19247 -c "Protocol is TLSv1.3" \
19248 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19249 -c "Certificate Verify: Signature algorithm ( 0403 )" \
19250 -c "NamedGroup: ffdhe8192 ( 104 )" \
19251 -c "Verifying peer X.509 certificate... ok" \
19252 -C "received HelloRetryRequest message"
19253
19254requires_config_enabled MBEDTLS_SSL_SRV_C
19255requires_config_enabled MBEDTLS_DEBUG_C
19256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19258requires_config_enabled MBEDTLS_SSL_CLI_C
19259requires_config_enabled MBEDTLS_DEBUG_C
19260requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19261requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19262run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
19263 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19264 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
19265 0 \
19266 -s "Protocol is TLSv1.3" \
19267 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
19268 -s "received signature algorithm: 0x503" \
19269 -s "got named group: ffdhe8192(0104)" \
19270 -s "Certificate verification was skipped" \
19271 -c "Protocol is TLSv1.3" \
19272 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19273 -c "Certificate Verify: Signature algorithm ( 0503 )" \
19274 -c "NamedGroup: ffdhe8192 ( 104 )" \
19275 -c "Verifying peer X.509 certificate... ok" \
19276 -C "received HelloRetryRequest message"
19277
19278requires_config_enabled MBEDTLS_SSL_SRV_C
19279requires_config_enabled MBEDTLS_DEBUG_C
19280requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19281requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19282requires_config_enabled MBEDTLS_SSL_CLI_C
19283requires_config_enabled MBEDTLS_DEBUG_C
19284requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19286run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
19287 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19288 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
19289 0 \
19290 -s "Protocol is TLSv1.3" \
19291 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
19292 -s "received signature algorithm: 0x603" \
19293 -s "got named group: ffdhe8192(0104)" \
19294 -s "Certificate verification was skipped" \
19295 -c "Protocol is TLSv1.3" \
19296 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19297 -c "Certificate Verify: Signature algorithm ( 0603 )" \
19298 -c "NamedGroup: ffdhe8192 ( 104 )" \
19299 -c "Verifying peer X.509 certificate... ok" \
19300 -C "received HelloRetryRequest message"
19301
19302requires_config_enabled MBEDTLS_SSL_SRV_C
19303requires_config_enabled MBEDTLS_DEBUG_C
19304requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19305requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19306requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
19307requires_config_enabled MBEDTLS_SSL_CLI_C
19308requires_config_enabled MBEDTLS_DEBUG_C
19309requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19310requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19311requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
19312run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
19313 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19314 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
19315 0 \
19316 -s "Protocol is TLSv1.3" \
19317 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
19318 -s "received signature algorithm: 0x804" \
19319 -s "got named group: ffdhe8192(0104)" \
19320 -s "Certificate verification was skipped" \
19321 -c "Protocol is TLSv1.3" \
19322 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
19323 -c "Certificate Verify: Signature algorithm ( 0804 )" \
19324 -c "NamedGroup: ffdhe8192 ( 104 )" \
19325 -c "Verifying peer X.509 certificate... ok" \
19326 -C "received HelloRetryRequest message"
19327
19328requires_config_enabled MBEDTLS_SSL_SRV_C
19329requires_config_enabled MBEDTLS_DEBUG_C
19330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19331requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19332requires_openssl_tls1_3
19333run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19334 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19335 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19336 0 \
19337 -s "Protocol is TLSv1.3" \
19338 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19339 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19340 -s "HRR selected_group: secp384r1"
19341
19342requires_config_enabled MBEDTLS_SSL_SRV_C
19343requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19344requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19345requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19346requires_openssl_tls1_3
19347run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19348 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19349 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19350 0 \
19351 -s "Protocol is TLSv1.3" \
19352 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19353 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19354 -s "HRR selected_group: secp521r1"
19355
19356requires_config_enabled MBEDTLS_SSL_SRV_C
19357requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19358requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19360requires_openssl_tls1_3
19361run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19362 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19363 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19364 0 \
19365 -s "Protocol is TLSv1.3" \
19366 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19367 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19368 -s "HRR selected_group: x25519"
19369
19370requires_config_enabled MBEDTLS_SSL_SRV_C
19371requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19372requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19373requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19374requires_openssl_tls1_3
19375run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19376 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19377 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19378 0 \
19379 -s "Protocol is TLSv1.3" \
19380 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19381 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19382 -s "HRR selected_group: x448"
19383
19384requires_config_enabled MBEDTLS_SSL_SRV_C
19385requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19386requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19387requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19388requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]19389requires_openssl_3_x
19390run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe2048" \
19391 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19392 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:ffdhe2048 -msg -tls1_3" \
19393 0 \
19394 -s "Protocol is TLSv1.3" \
19395 -s "got named group: ffdhe2048(0100)" \
19396 -s "Certificate verification was skipped" \
19397 -s "HRR selected_group: ffdhe2048"
19398
19399requires_config_enabled MBEDTLS_SSL_SRV_C
19400requires_config_enabled MBEDTLS_DEBUG_C
19401requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19402requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19403requires_openssl_tls1_3
19404requires_openssl_3_x
19405run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe3072" \
19406 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19407 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:ffdhe3072 -msg -tls1_3" \
19408 0 \
19409 -s "Protocol is TLSv1.3" \
19410 -s "got named group: ffdhe3072(0101)" \
19411 -s "Certificate verification was skipped" \
19412 -s "HRR selected_group: ffdhe3072"
19413
19414requires_config_enabled MBEDTLS_SSL_SRV_C
19415requires_config_enabled MBEDTLS_DEBUG_C
19416requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19417requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19418requires_openssl_tls1_3
19419requires_openssl_3_x
19420run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe4096" \
19421 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19422 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:ffdhe4096 -msg -tls1_3" \
19423 0 \
19424 -s "Protocol is TLSv1.3" \
19425 -s "got named group: ffdhe4096(0102)" \
19426 -s "Certificate verification was skipped" \
19427 -s "HRR selected_group: ffdhe4096"
19428
19429requires_config_enabled MBEDTLS_SSL_SRV_C
19430requires_config_enabled MBEDTLS_DEBUG_C
19431requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19432requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19433requires_openssl_tls1_3
19434requires_openssl_3_x
19435run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe6144" \
19436 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19437 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:ffdhe6144 -msg -tls1_3" \
19438 0 \
19439 -s "Protocol is TLSv1.3" \
19440 -s "got named group: ffdhe6144(0103)" \
19441 -s "Certificate verification was skipped" \
19442 -s "HRR selected_group: ffdhe6144"
19443
19444requires_config_enabled MBEDTLS_SSL_SRV_C
19445requires_config_enabled MBEDTLS_DEBUG_C
19446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19447requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19448requires_openssl_tls1_3
19449requires_openssl_3_x
19450run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe8192" \
19451 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19452 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:ffdhe8192 -msg -tls1_3" \
19453 0 \
19454 -s "Protocol is TLSv1.3" \
19455 -s "got named group: ffdhe8192(0104)" \
19456 -s "Certificate verification was skipped" \
19457 -s "HRR selected_group: ffdhe8192"
19458
19459requires_config_enabled MBEDTLS_SSL_SRV_C
19460requires_config_enabled MBEDTLS_DEBUG_C
19461requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19462requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19463requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19464run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19465 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19466 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19467 0 \
19468 -s "Protocol is TLSv1.3" \
19469 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19470 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19471 -s "HRR selected_group: secp256r1"
19472
19473requires_config_enabled MBEDTLS_SSL_SRV_C
19474requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19475requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19476requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19477requires_openssl_tls1_3
19478run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19479 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19480 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19481 0 \
19482 -s "Protocol is TLSv1.3" \
19483 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19484 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19485 -s "HRR selected_group: secp521r1"
19486
19487requires_config_enabled MBEDTLS_SSL_SRV_C
19488requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19489requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19490requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19491requires_openssl_tls1_3
19492run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19493 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19494 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19495 0 \
19496 -s "Protocol is TLSv1.3" \
19497 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19498 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19499 -s "HRR selected_group: x25519"
19500
19501requires_config_enabled MBEDTLS_SSL_SRV_C
19502requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19503requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19504requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19505requires_openssl_tls1_3
19506run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19507 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19508 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19509 0 \
19510 -s "Protocol is TLSv1.3" \
19511 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19512 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19513 -s "HRR selected_group: x448"
19514
19515requires_config_enabled MBEDTLS_SSL_SRV_C
19516requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19517requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19518requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19519requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]19520requires_openssl_3_x
19521run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe2048" \
19522 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19523 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:ffdhe2048 -msg -tls1_3" \
19524 0 \
19525 -s "Protocol is TLSv1.3" \
19526 -s "got named group: ffdhe2048(0100)" \
19527 -s "Certificate verification was skipped" \
19528 -s "HRR selected_group: ffdhe2048"
19529
19530requires_config_enabled MBEDTLS_SSL_SRV_C
19531requires_config_enabled MBEDTLS_DEBUG_C
19532requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19533requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19534requires_openssl_tls1_3
19535requires_openssl_3_x
19536run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe3072" \
19537 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19538 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:ffdhe3072 -msg -tls1_3" \
19539 0 \
19540 -s "Protocol is TLSv1.3" \
19541 -s "got named group: ffdhe3072(0101)" \
19542 -s "Certificate verification was skipped" \
19543 -s "HRR selected_group: ffdhe3072"
19544
19545requires_config_enabled MBEDTLS_SSL_SRV_C
19546requires_config_enabled MBEDTLS_DEBUG_C
19547requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19548requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19549requires_openssl_tls1_3
19550requires_openssl_3_x
19551run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe4096" \
19552 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19553 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:ffdhe4096 -msg -tls1_3" \
19554 0 \
19555 -s "Protocol is TLSv1.3" \
19556 -s "got named group: ffdhe4096(0102)" \
19557 -s "Certificate verification was skipped" \
19558 -s "HRR selected_group: ffdhe4096"
19559
19560requires_config_enabled MBEDTLS_SSL_SRV_C
19561requires_config_enabled MBEDTLS_DEBUG_C
19562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19564requires_openssl_tls1_3
19565requires_openssl_3_x
19566run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe6144" \
19567 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19568 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:ffdhe6144 -msg -tls1_3" \
19569 0 \
19570 -s "Protocol is TLSv1.3" \
19571 -s "got named group: ffdhe6144(0103)" \
19572 -s "Certificate verification was skipped" \
19573 -s "HRR selected_group: ffdhe6144"
19574
19575requires_config_enabled MBEDTLS_SSL_SRV_C
19576requires_config_enabled MBEDTLS_DEBUG_C
19577requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19578requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19579requires_openssl_tls1_3
19580requires_openssl_3_x
19581run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe8192" \
19582 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19583 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:ffdhe8192 -msg -tls1_3" \
19584 0 \
19585 -s "Protocol is TLSv1.3" \
19586 -s "got named group: ffdhe8192(0104)" \
19587 -s "Certificate verification was skipped" \
19588 -s "HRR selected_group: ffdhe8192"
19589
19590requires_config_enabled MBEDTLS_SSL_SRV_C
19591requires_config_enabled MBEDTLS_DEBUG_C
19592requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19593requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19594requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19595run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19596 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19597 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19598 0 \
19599 -s "Protocol is TLSv1.3" \
19600 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19601 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19602 -s "HRR selected_group: secp256r1"
19603
19604requires_config_enabled MBEDTLS_SSL_SRV_C
19605requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19606requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19607requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19608requires_openssl_tls1_3
19609run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19610 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19611 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19612 0 \
19613 -s "Protocol is TLSv1.3" \
19614 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19615 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19616 -s "HRR selected_group: secp384r1"
19617
19618requires_config_enabled MBEDTLS_SSL_SRV_C
19619requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19620requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19621requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19622requires_openssl_tls1_3
19623run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19624 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19625 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19626 0 \
19627 -s "Protocol is TLSv1.3" \
19628 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19629 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19630 -s "HRR selected_group: x25519"
19631
19632requires_config_enabled MBEDTLS_SSL_SRV_C
19633requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19634requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19635requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19636requires_openssl_tls1_3
19637run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19638 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19639 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19640 0 \
19641 -s "Protocol is TLSv1.3" \
19642 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19643 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19644 -s "HRR selected_group: x448"
19645
19646requires_config_enabled MBEDTLS_SSL_SRV_C
19647requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19648requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19649requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19650requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]19651requires_openssl_3_x
19652run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe2048" \
19653 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19654 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:ffdhe2048 -msg -tls1_3" \
19655 0 \
19656 -s "Protocol is TLSv1.3" \
19657 -s "got named group: ffdhe2048(0100)" \
19658 -s "Certificate verification was skipped" \
19659 -s "HRR selected_group: ffdhe2048"
19660
19661requires_config_enabled MBEDTLS_SSL_SRV_C
19662requires_config_enabled MBEDTLS_DEBUG_C
19663requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19664requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19665requires_openssl_tls1_3
19666requires_openssl_3_x
19667run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe3072" \
19668 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19669 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:ffdhe3072 -msg -tls1_3" \
19670 0 \
19671 -s "Protocol is TLSv1.3" \
19672 -s "got named group: ffdhe3072(0101)" \
19673 -s "Certificate verification was skipped" \
19674 -s "HRR selected_group: ffdhe3072"
19675
19676requires_config_enabled MBEDTLS_SSL_SRV_C
19677requires_config_enabled MBEDTLS_DEBUG_C
19678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19679requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19680requires_openssl_tls1_3
19681requires_openssl_3_x
19682run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe4096" \
19683 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19684 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:ffdhe4096 -msg -tls1_3" \
19685 0 \
19686 -s "Protocol is TLSv1.3" \
19687 -s "got named group: ffdhe4096(0102)" \
19688 -s "Certificate verification was skipped" \
19689 -s "HRR selected_group: ffdhe4096"
19690
19691requires_config_enabled MBEDTLS_SSL_SRV_C
19692requires_config_enabled MBEDTLS_DEBUG_C
19693requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19694requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19695requires_openssl_tls1_3
19696requires_openssl_3_x
19697run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe6144" \
19698 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19699 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:ffdhe6144 -msg -tls1_3" \
19700 0 \
19701 -s "Protocol is TLSv1.3" \
19702 -s "got named group: ffdhe6144(0103)" \
19703 -s "Certificate verification was skipped" \
19704 -s "HRR selected_group: ffdhe6144"
19705
19706requires_config_enabled MBEDTLS_SSL_SRV_C
19707requires_config_enabled MBEDTLS_DEBUG_C
19708requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19709requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19710requires_openssl_tls1_3
19711requires_openssl_3_x
19712run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe8192" \
19713 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19714 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:ffdhe8192 -msg -tls1_3" \
19715 0 \
19716 -s "Protocol is TLSv1.3" \
19717 -s "got named group: ffdhe8192(0104)" \
19718 -s "Certificate verification was skipped" \
19719 -s "HRR selected_group: ffdhe8192"
19720
19721requires_config_enabled MBEDTLS_SSL_SRV_C
19722requires_config_enabled MBEDTLS_DEBUG_C
19723requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19724requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19725requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19726run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19727 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19728 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19729 0 \
19730 -s "Protocol is TLSv1.3" \
19731 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19732 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19733 -s "HRR selected_group: secp256r1"
19734
19735requires_config_enabled MBEDTLS_SSL_SRV_C
19736requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19737requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19738requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19739requires_openssl_tls1_3
19740run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19741 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19742 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19743 0 \
19744 -s "Protocol is TLSv1.3" \
19745 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19746 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19747 -s "HRR selected_group: secp384r1"
19748
19749requires_config_enabled MBEDTLS_SSL_SRV_C
19750requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19751requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19752requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19753requires_openssl_tls1_3
19754run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19755 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19756 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19757 0 \
19758 -s "Protocol is TLSv1.3" \
19759 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19760 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19761 -s "HRR selected_group: secp521r1"
19762
19763requires_config_enabled MBEDTLS_SSL_SRV_C
19764requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19765requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19766requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19767requires_openssl_tls1_3
19768run_test "TLS 1.3 O->m: HRR x25519 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19769 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19770 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19771 0 \
19772 -s "Protocol is TLSv1.3" \
19773 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19774 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19775 -s "HRR selected_group: x448"
19776
19777requires_config_enabled MBEDTLS_SSL_SRV_C
19778requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19779requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19780requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19781requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]19782requires_openssl_3_x
19783run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe2048" \
19784 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19785 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:ffdhe2048 -msg -tls1_3" \
19786 0 \
19787 -s "Protocol is TLSv1.3" \
19788 -s "got named group: ffdhe2048(0100)" \
19789 -s "Certificate verification was skipped" \
19790 -s "HRR selected_group: ffdhe2048"
19791
19792requires_config_enabled MBEDTLS_SSL_SRV_C
19793requires_config_enabled MBEDTLS_DEBUG_C
19794requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19795requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19796requires_openssl_tls1_3
19797requires_openssl_3_x
19798run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe3072" \
19799 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19800 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:ffdhe3072 -msg -tls1_3" \
19801 0 \
19802 -s "Protocol is TLSv1.3" \
19803 -s "got named group: ffdhe3072(0101)" \
19804 -s "Certificate verification was skipped" \
19805 -s "HRR selected_group: ffdhe3072"
19806
19807requires_config_enabled MBEDTLS_SSL_SRV_C
19808requires_config_enabled MBEDTLS_DEBUG_C
19809requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19810requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19811requires_openssl_tls1_3
19812requires_openssl_3_x
19813run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe4096" \
19814 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19815 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:ffdhe4096 -msg -tls1_3" \
19816 0 \
19817 -s "Protocol is TLSv1.3" \
19818 -s "got named group: ffdhe4096(0102)" \
19819 -s "Certificate verification was skipped" \
19820 -s "HRR selected_group: ffdhe4096"
19821
19822requires_config_enabled MBEDTLS_SSL_SRV_C
19823requires_config_enabled MBEDTLS_DEBUG_C
19824requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19825requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19826requires_openssl_tls1_3
19827requires_openssl_3_x
19828run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe6144" \
19829 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19830 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:ffdhe6144 -msg -tls1_3" \
19831 0 \
19832 -s "Protocol is TLSv1.3" \
19833 -s "got named group: ffdhe6144(0103)" \
19834 -s "Certificate verification was skipped" \
19835 -s "HRR selected_group: ffdhe6144"
19836
19837requires_config_enabled MBEDTLS_SSL_SRV_C
19838requires_config_enabled MBEDTLS_DEBUG_C
19839requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19840requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19841requires_openssl_tls1_3
19842requires_openssl_3_x
19843run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe8192" \
19844 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19845 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:ffdhe8192 -msg -tls1_3" \
19846 0 \
19847 -s "Protocol is TLSv1.3" \
19848 -s "got named group: ffdhe8192(0104)" \
19849 -s "Certificate verification was skipped" \
19850 -s "HRR selected_group: ffdhe8192"
19851
19852requires_config_enabled MBEDTLS_SSL_SRV_C
19853requires_config_enabled MBEDTLS_DEBUG_C
19854requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19856requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19857run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19858 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19859 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19860 0 \
19861 -s "Protocol is TLSv1.3" \
19862 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19863 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19864 -s "HRR selected_group: secp256r1"
19865
19866requires_config_enabled MBEDTLS_SSL_SRV_C
19867requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19868requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19869requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19870requires_openssl_tls1_3
19871run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19872 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19873 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19874 0 \
19875 -s "Protocol is TLSv1.3" \
19876 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19877 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19878 -s "HRR selected_group: secp384r1"
19879
19880requires_config_enabled MBEDTLS_SSL_SRV_C
19881requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19882requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19883requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19884requires_openssl_tls1_3
19885run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19886 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19887 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19888 0 \
19889 -s "Protocol is TLSv1.3" \
19890 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19891 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19892 -s "HRR selected_group: secp521r1"
19893
19894requires_config_enabled MBEDTLS_SSL_SRV_C
19895requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19897requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19898requires_openssl_tls1_3
19899run_test "TLS 1.3 O->m: HRR x448 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]19900 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]19901 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19902 0 \
19903 -s "Protocol is TLSv1.3" \
19904 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]19905 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19906 -s "HRR selected_group: x25519"
19907
19908requires_config_enabled MBEDTLS_SSL_SRV_C
19909requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]19910requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]19912requires_openssl_tls1_3
19913requires_openssl_3_x
19914run_test "TLS 1.3 O->m: HRR x448 -> ffdhe2048" \
19915 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19916 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:ffdhe2048 -msg -tls1_3" \
19917 0 \
19918 -s "Protocol is TLSv1.3" \
19919 -s "got named group: ffdhe2048(0100)" \
19920 -s "Certificate verification was skipped" \
19921 -s "HRR selected_group: ffdhe2048"
19922
19923requires_config_enabled MBEDTLS_SSL_SRV_C
19924requires_config_enabled MBEDTLS_DEBUG_C
19925requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19926requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19927requires_openssl_tls1_3
19928requires_openssl_3_x
19929run_test "TLS 1.3 O->m: HRR x448 -> ffdhe3072" \
19930 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19931 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:ffdhe3072 -msg -tls1_3" \
19932 0 \
19933 -s "Protocol is TLSv1.3" \
19934 -s "got named group: ffdhe3072(0101)" \
19935 -s "Certificate verification was skipped" \
19936 -s "HRR selected_group: ffdhe3072"
19937
19938requires_config_enabled MBEDTLS_SSL_SRV_C
19939requires_config_enabled MBEDTLS_DEBUG_C
19940requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19941requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19942requires_openssl_tls1_3
19943requires_openssl_3_x
19944run_test "TLS 1.3 O->m: HRR x448 -> ffdhe4096" \
19945 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19946 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:ffdhe4096 -msg -tls1_3" \
19947 0 \
19948 -s "Protocol is TLSv1.3" \
19949 -s "got named group: ffdhe4096(0102)" \
19950 -s "Certificate verification was skipped" \
19951 -s "HRR selected_group: ffdhe4096"
19952
19953requires_config_enabled MBEDTLS_SSL_SRV_C
19954requires_config_enabled MBEDTLS_DEBUG_C
19955requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19956requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19957requires_openssl_tls1_3
19958requires_openssl_3_x
19959run_test "TLS 1.3 O->m: HRR x448 -> ffdhe6144" \
19960 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19961 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:ffdhe6144 -msg -tls1_3" \
19962 0 \
19963 -s "Protocol is TLSv1.3" \
19964 -s "got named group: ffdhe6144(0103)" \
19965 -s "Certificate verification was skipped" \
19966 -s "HRR selected_group: ffdhe6144"
19967
19968requires_config_enabled MBEDTLS_SSL_SRV_C
19969requires_config_enabled MBEDTLS_DEBUG_C
19970requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19971requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19972requires_openssl_tls1_3
19973requires_openssl_3_x
19974run_test "TLS 1.3 O->m: HRR x448 -> ffdhe8192" \
19975 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19976 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:ffdhe8192 -msg -tls1_3" \
19977 0 \
19978 -s "Protocol is TLSv1.3" \
19979 -s "got named group: ffdhe8192(0104)" \
19980 -s "Certificate verification was skipped" \
19981 -s "HRR selected_group: ffdhe8192"
19982
19983requires_config_enabled MBEDTLS_SSL_SRV_C
19984requires_config_enabled MBEDTLS_DEBUG_C
19985requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
19986requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
19987requires_openssl_tls1_3
19988requires_openssl_3_x
19989run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp256r1" \
19990 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
19991 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:P-256 -msg -tls1_3" \
19992 0 \
19993 -s "Protocol is TLSv1.3" \
19994 -s "got named group: secp256r1(0017)" \
19995 -s "Certificate verification was skipped" \
19996 -s "HRR selected_group: secp256r1"
19997
19998requires_config_enabled MBEDTLS_SSL_SRV_C
19999requires_config_enabled MBEDTLS_DEBUG_C
20000requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20001requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20002requires_openssl_tls1_3
20003requires_openssl_3_x
20004run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp384r1" \
20005 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20006 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:P-384 -msg -tls1_3" \
20007 0 \
20008 -s "Protocol is TLSv1.3" \
20009 -s "got named group: secp384r1(0018)" \
20010 -s "Certificate verification was skipped" \
20011 -s "HRR selected_group: secp384r1"
20012
20013requires_config_enabled MBEDTLS_SSL_SRV_C
20014requires_config_enabled MBEDTLS_DEBUG_C
20015requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20016requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20017requires_openssl_tls1_3
20018requires_openssl_3_x
20019run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp521r1" \
20020 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20021 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:P-521 -msg -tls1_3" \
20022 0 \
20023 -s "Protocol is TLSv1.3" \
20024 -s "got named group: secp521r1(0019)" \
20025 -s "Certificate verification was skipped" \
20026 -s "HRR selected_group: secp521r1"
20027
20028requires_config_enabled MBEDTLS_SSL_SRV_C
20029requires_config_enabled MBEDTLS_DEBUG_C
20030requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20031requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20032requires_openssl_tls1_3
20033requires_openssl_3_x
20034run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x25519" \
20035 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20036 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:X25519 -msg -tls1_3" \
20037 0 \
20038 -s "Protocol is TLSv1.3" \
20039 -s "got named group: x25519(001d)" \
20040 -s "Certificate verification was skipped" \
20041 -s "HRR selected_group: x25519"
20042
20043requires_config_enabled MBEDTLS_SSL_SRV_C
20044requires_config_enabled MBEDTLS_DEBUG_C
20045requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20046requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20047requires_openssl_tls1_3
20048requires_openssl_3_x
20049run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x448" \
20050 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20051 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:X448 -msg -tls1_3" \
20052 0 \
20053 -s "Protocol is TLSv1.3" \
20054 -s "got named group: x448(001e)" \
20055 -s "Certificate verification was skipped" \
20056 -s "HRR selected_group: x448"
20057
20058requires_config_enabled MBEDTLS_SSL_SRV_C
20059requires_config_enabled MBEDTLS_DEBUG_C
20060requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20061requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20062requires_openssl_tls1_3
20063requires_openssl_3_x
20064run_test "TLS 1.3 O->m: HRR ffdhe2048 -> ffdhe3072" \
20065 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20066 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:ffdhe3072 -msg -tls1_3" \
20067 0 \
20068 -s "Protocol is TLSv1.3" \
20069 -s "got named group: ffdhe3072(0101)" \
20070 -s "Certificate verification was skipped" \
20071 -s "HRR selected_group: ffdhe3072"
20072
20073requires_config_enabled MBEDTLS_SSL_SRV_C
20074requires_config_enabled MBEDTLS_DEBUG_C
20075requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20076requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20077requires_openssl_tls1_3
20078requires_openssl_3_x
20079run_test "TLS 1.3 O->m: HRR ffdhe2048 -> ffdhe4096" \
20080 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20081 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:ffdhe4096 -msg -tls1_3" \
20082 0 \
20083 -s "Protocol is TLSv1.3" \
20084 -s "got named group: ffdhe4096(0102)" \
20085 -s "Certificate verification was skipped" \
20086 -s "HRR selected_group: ffdhe4096"
20087
20088requires_config_enabled MBEDTLS_SSL_SRV_C
20089requires_config_enabled MBEDTLS_DEBUG_C
20090requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20091requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20092requires_openssl_tls1_3
20093requires_openssl_3_x
20094run_test "TLS 1.3 O->m: HRR ffdhe2048 -> ffdhe6144" \
20095 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20096 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:ffdhe6144 -msg -tls1_3" \
20097 0 \
20098 -s "Protocol is TLSv1.3" \
20099 -s "got named group: ffdhe6144(0103)" \
20100 -s "Certificate verification was skipped" \
20101 -s "HRR selected_group: ffdhe6144"
20102
20103requires_config_enabled MBEDTLS_SSL_SRV_C
20104requires_config_enabled MBEDTLS_DEBUG_C
20105requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20106requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20107requires_openssl_tls1_3
20108requires_openssl_3_x
20109run_test "TLS 1.3 O->m: HRR ffdhe2048 -> ffdhe8192" \
20110 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20111 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:ffdhe8192 -msg -tls1_3" \
20112 0 \
20113 -s "Protocol is TLSv1.3" \
20114 -s "got named group: ffdhe8192(0104)" \
20115 -s "Certificate verification was skipped" \
20116 -s "HRR selected_group: ffdhe8192"
20117
20118requires_config_enabled MBEDTLS_SSL_SRV_C
20119requires_config_enabled MBEDTLS_DEBUG_C
20120requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20122requires_openssl_tls1_3
20123requires_openssl_3_x
20124run_test "TLS 1.3 O->m: HRR ffdhe3072 -> secp256r1" \
20125 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20126 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe3072:P-256 -msg -tls1_3" \
20127 0 \
20128 -s "Protocol is TLSv1.3" \
20129 -s "got named group: secp256r1(0017)" \
20130 -s "Certificate verification was skipped" \
20131 -s "HRR selected_group: secp256r1"
20132
20133requires_config_enabled MBEDTLS_SSL_SRV_C
20134requires_config_enabled MBEDTLS_DEBUG_C
20135requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20136requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20137requires_openssl_tls1_3
20138requires_openssl_3_x
20139run_test "TLS 1.3 O->m: HRR ffdhe3072 -> secp384r1" \
20140 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20141 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe3072:P-384 -msg -tls1_3" \
20142 0 \
20143 -s "Protocol is TLSv1.3" \
20144 -s "got named group: secp384r1(0018)" \
20145 -s "Certificate verification was skipped" \
20146 -s "HRR selected_group: secp384r1"
20147
20148requires_config_enabled MBEDTLS_SSL_SRV_C
20149requires_config_enabled MBEDTLS_DEBUG_C
20150requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20151requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20152requires_openssl_tls1_3
20153requires_openssl_3_x
20154run_test "TLS 1.3 O->m: HRR ffdhe3072 -> secp521r1" \
20155 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20156 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe3072:P-521 -msg -tls1_3" \
20157 0 \
20158 -s "Protocol is TLSv1.3" \
20159 -s "got named group: secp521r1(0019)" \
20160 -s "Certificate verification was skipped" \
20161 -s "HRR selected_group: secp521r1"
20162
20163requires_config_enabled MBEDTLS_SSL_SRV_C
20164requires_config_enabled MBEDTLS_DEBUG_C
20165requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20166requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20167requires_openssl_tls1_3
20168requires_openssl_3_x
20169run_test "TLS 1.3 O->m: HRR ffdhe3072 -> x25519" \
20170 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20171 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe3072:X25519 -msg -tls1_3" \
20172 0 \
20173 -s "Protocol is TLSv1.3" \
20174 -s "got named group: x25519(001d)" \
20175 -s "Certificate verification was skipped" \
20176 -s "HRR selected_group: x25519"
20177
20178requires_config_enabled MBEDTLS_SSL_SRV_C
20179requires_config_enabled MBEDTLS_DEBUG_C
20180requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20181requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20182requires_openssl_tls1_3
20183requires_openssl_3_x
20184run_test "TLS 1.3 O->m: HRR ffdhe3072 -> x448" \
20185 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20186 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe3072:X448 -msg -tls1_3" \
20187 0 \
20188 -s "Protocol is TLSv1.3" \
20189 -s "got named group: x448(001e)" \
20190 -s "Certificate verification was skipped" \
20191 -s "HRR selected_group: x448"
20192
20193requires_config_enabled MBEDTLS_SSL_SRV_C
20194requires_config_enabled MBEDTLS_DEBUG_C
20195requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20196requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20197requires_openssl_tls1_3
20198requires_openssl_3_x
20199run_test "TLS 1.3 O->m: HRR ffdhe3072 -> ffdhe2048" \
20200 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20201 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe3072:ffdhe2048 -msg -tls1_3" \
20202 0 \
20203 -s "Protocol is TLSv1.3" \
20204 -s "got named group: ffdhe2048(0100)" \
20205 -s "Certificate verification was skipped" \
20206 -s "HRR selected_group: ffdhe2048"
20207
20208requires_config_enabled MBEDTLS_SSL_SRV_C
20209requires_config_enabled MBEDTLS_DEBUG_C
20210requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20211requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20212requires_openssl_tls1_3
20213requires_openssl_3_x
20214run_test "TLS 1.3 O->m: HRR ffdhe3072 -> ffdhe4096" \
20215 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20216 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe3072:ffdhe4096 -msg -tls1_3" \
20217 0 \
20218 -s "Protocol is TLSv1.3" \
20219 -s "got named group: ffdhe4096(0102)" \
20220 -s "Certificate verification was skipped" \
20221 -s "HRR selected_group: ffdhe4096"
20222
20223requires_config_enabled MBEDTLS_SSL_SRV_C
20224requires_config_enabled MBEDTLS_DEBUG_C
20225requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20226requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20227requires_openssl_tls1_3
20228requires_openssl_3_x
20229run_test "TLS 1.3 O->m: HRR ffdhe3072 -> ffdhe6144" \
20230 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20231 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe3072:ffdhe6144 -msg -tls1_3" \
20232 0 \
20233 -s "Protocol is TLSv1.3" \
20234 -s "got named group: ffdhe6144(0103)" \
20235 -s "Certificate verification was skipped" \
20236 -s "HRR selected_group: ffdhe6144"
20237
20238requires_config_enabled MBEDTLS_SSL_SRV_C
20239requires_config_enabled MBEDTLS_DEBUG_C
20240requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20241requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20242requires_openssl_tls1_3
20243requires_openssl_3_x
20244run_test "TLS 1.3 O->m: HRR ffdhe3072 -> ffdhe8192" \
20245 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20246 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe3072:ffdhe8192 -msg -tls1_3" \
20247 0 \
20248 -s "Protocol is TLSv1.3" \
20249 -s "got named group: ffdhe8192(0104)" \
20250 -s "Certificate verification was skipped" \
20251 -s "HRR selected_group: ffdhe8192"
20252
20253requires_config_enabled MBEDTLS_SSL_SRV_C
20254requires_config_enabled MBEDTLS_DEBUG_C
20255requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20257requires_openssl_tls1_3
20258requires_openssl_3_x
20259run_test "TLS 1.3 O->m: HRR ffdhe4096 -> secp256r1" \
20260 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20261 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe4096:P-256 -msg -tls1_3" \
20262 0 \
20263 -s "Protocol is TLSv1.3" \
20264 -s "got named group: secp256r1(0017)" \
20265 -s "Certificate verification was skipped" \
20266 -s "HRR selected_group: secp256r1"
20267
20268requires_config_enabled MBEDTLS_SSL_SRV_C
20269requires_config_enabled MBEDTLS_DEBUG_C
20270requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20271requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20272requires_openssl_tls1_3
20273requires_openssl_3_x
20274run_test "TLS 1.3 O->m: HRR ffdhe4096 -> secp384r1" \
20275 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20276 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe4096:P-384 -msg -tls1_3" \
20277 0 \
20278 -s "Protocol is TLSv1.3" \
20279 -s "got named group: secp384r1(0018)" \
20280 -s "Certificate verification was skipped" \
20281 -s "HRR selected_group: secp384r1"
20282
20283requires_config_enabled MBEDTLS_SSL_SRV_C
20284requires_config_enabled MBEDTLS_DEBUG_C
20285requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20286requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20287requires_openssl_tls1_3
20288requires_openssl_3_x
20289run_test "TLS 1.3 O->m: HRR ffdhe4096 -> secp521r1" \
20290 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20291 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe4096:P-521 -msg -tls1_3" \
20292 0 \
20293 -s "Protocol is TLSv1.3" \
20294 -s "got named group: secp521r1(0019)" \
20295 -s "Certificate verification was skipped" \
20296 -s "HRR selected_group: secp521r1"
20297
20298requires_config_enabled MBEDTLS_SSL_SRV_C
20299requires_config_enabled MBEDTLS_DEBUG_C
20300requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20301requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20302requires_openssl_tls1_3
20303requires_openssl_3_x
20304run_test "TLS 1.3 O->m: HRR ffdhe4096 -> x25519" \
20305 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20306 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe4096:X25519 -msg -tls1_3" \
20307 0 \
20308 -s "Protocol is TLSv1.3" \
20309 -s "got named group: x25519(001d)" \
20310 -s "Certificate verification was skipped" \
20311 -s "HRR selected_group: x25519"
20312
20313requires_config_enabled MBEDTLS_SSL_SRV_C
20314requires_config_enabled MBEDTLS_DEBUG_C
20315requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20316requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20317requires_openssl_tls1_3
20318requires_openssl_3_x
20319run_test "TLS 1.3 O->m: HRR ffdhe4096 -> x448" \
20320 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20321 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe4096:X448 -msg -tls1_3" \
20322 0 \
20323 -s "Protocol is TLSv1.3" \
20324 -s "got named group: x448(001e)" \
20325 -s "Certificate verification was skipped" \
20326 -s "HRR selected_group: x448"
20327
20328requires_config_enabled MBEDTLS_SSL_SRV_C
20329requires_config_enabled MBEDTLS_DEBUG_C
20330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20331requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20332requires_openssl_tls1_3
20333requires_openssl_3_x
20334run_test "TLS 1.3 O->m: HRR ffdhe4096 -> ffdhe2048" \
20335 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20336 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe4096:ffdhe2048 -msg -tls1_3" \
20337 0 \
20338 -s "Protocol is TLSv1.3" \
20339 -s "got named group: ffdhe2048(0100)" \
20340 -s "Certificate verification was skipped" \
20341 -s "HRR selected_group: ffdhe2048"
20342
20343requires_config_enabled MBEDTLS_SSL_SRV_C
20344requires_config_enabled MBEDTLS_DEBUG_C
20345requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20346requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20347requires_openssl_tls1_3
20348requires_openssl_3_x
20349run_test "TLS 1.3 O->m: HRR ffdhe4096 -> ffdhe3072" \
20350 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20351 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe4096:ffdhe3072 -msg -tls1_3" \
20352 0 \
20353 -s "Protocol is TLSv1.3" \
20354 -s "got named group: ffdhe3072(0101)" \
20355 -s "Certificate verification was skipped" \
20356 -s "HRR selected_group: ffdhe3072"
20357
20358requires_config_enabled MBEDTLS_SSL_SRV_C
20359requires_config_enabled MBEDTLS_DEBUG_C
20360requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20361requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20362requires_openssl_tls1_3
20363requires_openssl_3_x
20364run_test "TLS 1.3 O->m: HRR ffdhe4096 -> ffdhe6144" \
20365 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20366 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe4096:ffdhe6144 -msg -tls1_3" \
20367 0 \
20368 -s "Protocol is TLSv1.3" \
20369 -s "got named group: ffdhe6144(0103)" \
20370 -s "Certificate verification was skipped" \
20371 -s "HRR selected_group: ffdhe6144"
20372
20373requires_config_enabled MBEDTLS_SSL_SRV_C
20374requires_config_enabled MBEDTLS_DEBUG_C
20375requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20376requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20377requires_openssl_tls1_3
20378requires_openssl_3_x
20379run_test "TLS 1.3 O->m: HRR ffdhe4096 -> ffdhe8192" \
20380 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20381 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe4096:ffdhe8192 -msg -tls1_3" \
20382 0 \
20383 -s "Protocol is TLSv1.3" \
20384 -s "got named group: ffdhe8192(0104)" \
20385 -s "Certificate verification was skipped" \
20386 -s "HRR selected_group: ffdhe8192"
20387
20388requires_config_enabled MBEDTLS_SSL_SRV_C
20389requires_config_enabled MBEDTLS_DEBUG_C
20390requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20391requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20392requires_openssl_tls1_3
20393requires_openssl_3_x
20394run_test "TLS 1.3 O->m: HRR ffdhe6144 -> secp256r1" \
20395 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20396 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe6144:P-256 -msg -tls1_3" \
20397 0 \
20398 -s "Protocol is TLSv1.3" \
20399 -s "got named group: secp256r1(0017)" \
20400 -s "Certificate verification was skipped" \
20401 -s "HRR selected_group: secp256r1"
20402
20403requires_config_enabled MBEDTLS_SSL_SRV_C
20404requires_config_enabled MBEDTLS_DEBUG_C
20405requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20406requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20407requires_openssl_tls1_3
20408requires_openssl_3_x
20409run_test "TLS 1.3 O->m: HRR ffdhe6144 -> secp384r1" \
20410 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20411 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe6144:P-384 -msg -tls1_3" \
20412 0 \
20413 -s "Protocol is TLSv1.3" \
20414 -s "got named group: secp384r1(0018)" \
20415 -s "Certificate verification was skipped" \
20416 -s "HRR selected_group: secp384r1"
20417
20418requires_config_enabled MBEDTLS_SSL_SRV_C
20419requires_config_enabled MBEDTLS_DEBUG_C
20420requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20421requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20422requires_openssl_tls1_3
20423requires_openssl_3_x
20424run_test "TLS 1.3 O->m: HRR ffdhe6144 -> secp521r1" \
20425 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20426 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe6144:P-521 -msg -tls1_3" \
20427 0 \
20428 -s "Protocol is TLSv1.3" \
20429 -s "got named group: secp521r1(0019)" \
20430 -s "Certificate verification was skipped" \
20431 -s "HRR selected_group: secp521r1"
20432
20433requires_config_enabled MBEDTLS_SSL_SRV_C
20434requires_config_enabled MBEDTLS_DEBUG_C
20435requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20436requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20437requires_openssl_tls1_3
20438requires_openssl_3_x
20439run_test "TLS 1.3 O->m: HRR ffdhe6144 -> x25519" \
20440 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20441 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe6144:X25519 -msg -tls1_3" \
20442 0 \
20443 -s "Protocol is TLSv1.3" \
20444 -s "got named group: x25519(001d)" \
20445 -s "Certificate verification was skipped" \
20446 -s "HRR selected_group: x25519"
20447
20448requires_config_enabled MBEDTLS_SSL_SRV_C
20449requires_config_enabled MBEDTLS_DEBUG_C
20450requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20451requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20452requires_openssl_tls1_3
20453requires_openssl_3_x
20454run_test "TLS 1.3 O->m: HRR ffdhe6144 -> x448" \
20455 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20456 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe6144:X448 -msg -tls1_3" \
20457 0 \
20458 -s "Protocol is TLSv1.3" \
20459 -s "got named group: x448(001e)" \
20460 -s "Certificate verification was skipped" \
20461 -s "HRR selected_group: x448"
20462
20463requires_config_enabled MBEDTLS_SSL_SRV_C
20464requires_config_enabled MBEDTLS_DEBUG_C
20465requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20466requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20467requires_openssl_tls1_3
20468requires_openssl_3_x
20469run_test "TLS 1.3 O->m: HRR ffdhe6144 -> ffdhe2048" \
20470 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20471 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe6144:ffdhe2048 -msg -tls1_3" \
20472 0 \
20473 -s "Protocol is TLSv1.3" \
20474 -s "got named group: ffdhe2048(0100)" \
20475 -s "Certificate verification was skipped" \
20476 -s "HRR selected_group: ffdhe2048"
20477
20478requires_config_enabled MBEDTLS_SSL_SRV_C
20479requires_config_enabled MBEDTLS_DEBUG_C
20480requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20481requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20482requires_openssl_tls1_3
20483requires_openssl_3_x
20484run_test "TLS 1.3 O->m: HRR ffdhe6144 -> ffdhe3072" \
20485 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20486 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe6144:ffdhe3072 -msg -tls1_3" \
20487 0 \
20488 -s "Protocol is TLSv1.3" \
20489 -s "got named group: ffdhe3072(0101)" \
20490 -s "Certificate verification was skipped" \
20491 -s "HRR selected_group: ffdhe3072"
20492
20493requires_config_enabled MBEDTLS_SSL_SRV_C
20494requires_config_enabled MBEDTLS_DEBUG_C
20495requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20496requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20497requires_openssl_tls1_3
20498requires_openssl_3_x
20499run_test "TLS 1.3 O->m: HRR ffdhe6144 -> ffdhe4096" \
20500 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20501 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe6144:ffdhe4096 -msg -tls1_3" \
20502 0 \
20503 -s "Protocol is TLSv1.3" \
20504 -s "got named group: ffdhe4096(0102)" \
20505 -s "Certificate verification was skipped" \
20506 -s "HRR selected_group: ffdhe4096"
20507
20508requires_config_enabled MBEDTLS_SSL_SRV_C
20509requires_config_enabled MBEDTLS_DEBUG_C
20510requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20511requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20512requires_openssl_tls1_3
20513requires_openssl_3_x
20514run_test "TLS 1.3 O->m: HRR ffdhe6144 -> ffdhe8192" \
20515 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20516 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe6144:ffdhe8192 -msg -tls1_3" \
20517 0 \
20518 -s "Protocol is TLSv1.3" \
20519 -s "got named group: ffdhe8192(0104)" \
20520 -s "Certificate verification was skipped" \
20521 -s "HRR selected_group: ffdhe8192"
20522
20523requires_config_enabled MBEDTLS_SSL_SRV_C
20524requires_config_enabled MBEDTLS_DEBUG_C
20525requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20526requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20527requires_openssl_tls1_3
20528requires_openssl_3_x
20529run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp256r1" \
20530 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20531 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-256 -msg -tls1_3" \
20532 0 \
20533 -s "Protocol is TLSv1.3" \
20534 -s "got named group: secp256r1(0017)" \
20535 -s "Certificate verification was skipped" \
20536 -s "HRR selected_group: secp256r1"
20537
20538requires_config_enabled MBEDTLS_SSL_SRV_C
20539requires_config_enabled MBEDTLS_DEBUG_C
20540requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20541requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20542requires_openssl_tls1_3
20543requires_openssl_3_x
20544run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp384r1" \
20545 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20546 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-384 -msg -tls1_3" \
20547 0 \
20548 -s "Protocol is TLSv1.3" \
20549 -s "got named group: secp384r1(0018)" \
20550 -s "Certificate verification was skipped" \
20551 -s "HRR selected_group: secp384r1"
20552
20553requires_config_enabled MBEDTLS_SSL_SRV_C
20554requires_config_enabled MBEDTLS_DEBUG_C
20555requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20556requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20557requires_openssl_tls1_3
20558requires_openssl_3_x
20559run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp521r1" \
20560 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20561 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-521 -msg -tls1_3" \
20562 0 \
20563 -s "Protocol is TLSv1.3" \
20564 -s "got named group: secp521r1(0019)" \
20565 -s "Certificate verification was skipped" \
20566 -s "HRR selected_group: secp521r1"
20567
20568requires_config_enabled MBEDTLS_SSL_SRV_C
20569requires_config_enabled MBEDTLS_DEBUG_C
20570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20572requires_openssl_tls1_3
20573requires_openssl_3_x
20574run_test "TLS 1.3 O->m: HRR ffdhe8192 -> x25519" \
20575 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20576 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:X25519 -msg -tls1_3" \
20577 0 \
20578 -s "Protocol is TLSv1.3" \
20579 -s "got named group: x25519(001d)" \
20580 -s "Certificate verification was skipped" \
20581 -s "HRR selected_group: x25519"
20582
20583requires_config_enabled MBEDTLS_SSL_SRV_C
20584requires_config_enabled MBEDTLS_DEBUG_C
20585requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20586requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20587requires_openssl_tls1_3
20588requires_openssl_3_x
20589run_test "TLS 1.3 O->m: HRR ffdhe8192 -> x448" \
20590 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20591 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:X448 -msg -tls1_3" \
20592 0 \
20593 -s "Protocol is TLSv1.3" \
20594 -s "got named group: x448(001e)" \
20595 -s "Certificate verification was skipped" \
20596 -s "HRR selected_group: x448"
20597
20598requires_config_enabled MBEDTLS_SSL_SRV_C
20599requires_config_enabled MBEDTLS_DEBUG_C
20600requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20601requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20602requires_openssl_tls1_3
20603requires_openssl_3_x
20604run_test "TLS 1.3 O->m: HRR ffdhe8192 -> ffdhe2048" \
20605 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20606 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:ffdhe2048 -msg -tls1_3" \
20607 0 \
20608 -s "Protocol is TLSv1.3" \
20609 -s "got named group: ffdhe2048(0100)" \
20610 -s "Certificate verification was skipped" \
20611 -s "HRR selected_group: ffdhe2048"
20612
20613requires_config_enabled MBEDTLS_SSL_SRV_C
20614requires_config_enabled MBEDTLS_DEBUG_C
20615requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20616requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20617requires_openssl_tls1_3
20618requires_openssl_3_x
20619run_test "TLS 1.3 O->m: HRR ffdhe8192 -> ffdhe3072" \
20620 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20621 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:ffdhe3072 -msg -tls1_3" \
20622 0 \
20623 -s "Protocol is TLSv1.3" \
20624 -s "got named group: ffdhe3072(0101)" \
20625 -s "Certificate verification was skipped" \
20626 -s "HRR selected_group: ffdhe3072"
20627
20628requires_config_enabled MBEDTLS_SSL_SRV_C
20629requires_config_enabled MBEDTLS_DEBUG_C
20630requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20631requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20632requires_openssl_tls1_3
20633requires_openssl_3_x
20634run_test "TLS 1.3 O->m: HRR ffdhe8192 -> ffdhe4096" \
20635 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20636 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:ffdhe4096 -msg -tls1_3" \
20637 0 \
20638 -s "Protocol is TLSv1.3" \
20639 -s "got named group: ffdhe4096(0102)" \
20640 -s "Certificate verification was skipped" \
20641 -s "HRR selected_group: ffdhe4096"
20642
20643requires_config_enabled MBEDTLS_SSL_SRV_C
20644requires_config_enabled MBEDTLS_DEBUG_C
20645requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20646requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20647requires_openssl_tls1_3
20648requires_openssl_3_x
20649run_test "TLS 1.3 O->m: HRR ffdhe8192 -> ffdhe6144" \
20650 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20651 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:ffdhe6144 -msg -tls1_3" \
20652 0 \
20653 -s "Protocol is TLSv1.3" \
20654 -s "got named group: ffdhe6144(0103)" \
20655 -s "Certificate verification was skipped" \
20656 -s "HRR selected_group: ffdhe6144"
20657
20658requires_config_enabled MBEDTLS_SSL_SRV_C
20659requires_config_enabled MBEDTLS_DEBUG_C
20660requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20661requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20662requires_gnutls_tls1_3
20663requires_gnutls_next_no_ticket
20664requires_gnutls_next_disable_tls13_compat
20665run_test "TLS 1.3 G->m: HRR secp256r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]20666 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]20667 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20668 0 \
20669 -s "Protocol is TLSv1.3" \
20670 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]20671 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20672 -s "HRR selected_group: secp384r1"
20673
20674requires_config_enabled MBEDTLS_SSL_SRV_C
20675requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]20676requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20677requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20678requires_gnutls_tls1_3
20679requires_gnutls_next_no_ticket
20680requires_gnutls_next_disable_tls13_compat
20681run_test "TLS 1.3 G->m: HRR secp256r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]20682 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]20683 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20684 0 \
20685 -s "Protocol is TLSv1.3" \
20686 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]20687 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20688 -s "HRR selected_group: secp521r1"
20689
20690requires_config_enabled MBEDTLS_SSL_SRV_C
20691requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]20692requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20693requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20694requires_gnutls_tls1_3
20695requires_gnutls_next_no_ticket
20696requires_gnutls_next_disable_tls13_compat
20697run_test "TLS 1.3 G->m: HRR secp256r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]20698 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]20699 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20700 0 \
20701 -s "Protocol is TLSv1.3" \
20702 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]20703 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20704 -s "HRR selected_group: x25519"
20705
20706requires_config_enabled MBEDTLS_SSL_SRV_C
20707requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]20708requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20709requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20710requires_gnutls_tls1_3
20711requires_gnutls_next_no_ticket
20712requires_gnutls_next_disable_tls13_compat
20713run_test "TLS 1.3 G->m: HRR secp256r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]20714 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]20715 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20716 0 \
20717 -s "Protocol is TLSv1.3" \
20718 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]20719 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20720 -s "HRR selected_group: x448"
20721
20722requires_config_enabled MBEDTLS_SSL_SRV_C
20723requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]20724requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20725requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20726requires_gnutls_tls1_3
20727requires_gnutls_next_no_ticket
20728requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]20729run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe2048" \
20730 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20731 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
20732 0 \
20733 -s "Protocol is TLSv1.3" \
20734 -s "got named group: ffdhe2048(0100)" \
20735 -s "Certificate verification was skipped" \
20736 -s "HRR selected_group: ffdhe2048"
20737
20738requires_config_enabled MBEDTLS_SSL_SRV_C
20739requires_config_enabled MBEDTLS_DEBUG_C
20740requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20741requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20742requires_gnutls_tls1_3
20743requires_gnutls_next_no_ticket
20744requires_gnutls_next_disable_tls13_compat
20745run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe3072" \
20746 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20747 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
20748 0 \
20749 -s "Protocol is TLSv1.3" \
20750 -s "got named group: ffdhe3072(0101)" \
20751 -s "Certificate verification was skipped" \
20752 -s "HRR selected_group: ffdhe3072"
20753
20754requires_config_enabled MBEDTLS_SSL_SRV_C
20755requires_config_enabled MBEDTLS_DEBUG_C
20756requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20758requires_gnutls_tls1_3
20759requires_gnutls_next_no_ticket
20760requires_gnutls_next_disable_tls13_compat
20761run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe4096" \
20762 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20763 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
20764 0 \
20765 -s "Protocol is TLSv1.3" \
20766 -s "got named group: ffdhe4096(0102)" \
20767 -s "Certificate verification was skipped" \
20768 -s "HRR selected_group: ffdhe4096"
20769
20770requires_config_enabled MBEDTLS_SSL_SRV_C
20771requires_config_enabled MBEDTLS_DEBUG_C
20772requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20773requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20774requires_gnutls_tls1_3
20775requires_gnutls_next_no_ticket
20776requires_gnutls_next_disable_tls13_compat
20777run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe6144" \
20778 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20779 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
20780 0 \
20781 -s "Protocol is TLSv1.3" \
20782 -s "got named group: ffdhe6144(0103)" \
20783 -s "Certificate verification was skipped" \
20784 -s "HRR selected_group: ffdhe6144"
20785
20786requires_config_enabled MBEDTLS_SSL_SRV_C
20787requires_config_enabled MBEDTLS_DEBUG_C
20788requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20789requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20790requires_gnutls_tls1_3
20791requires_gnutls_next_no_ticket
20792requires_gnutls_next_disable_tls13_compat
20793run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe8192" \
20794 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20795 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
20796 0 \
20797 -s "Protocol is TLSv1.3" \
20798 -s "got named group: ffdhe8192(0104)" \
20799 -s "Certificate verification was skipped" \
20800 -s "HRR selected_group: ffdhe8192"
20801
20802requires_config_enabled MBEDTLS_SSL_SRV_C
20803requires_config_enabled MBEDTLS_DEBUG_C
20804requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20805requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20806requires_gnutls_tls1_3
20807requires_gnutls_next_no_ticket
20808requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20809run_test "TLS 1.3 G->m: HRR secp384r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]20810 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]20811 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20812 0 \
20813 -s "Protocol is TLSv1.3" \
20814 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]20815 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20816 -s "HRR selected_group: secp256r1"
20817
20818requires_config_enabled MBEDTLS_SSL_SRV_C
20819requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]20820requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20822requires_gnutls_tls1_3
20823requires_gnutls_next_no_ticket
20824requires_gnutls_next_disable_tls13_compat
20825run_test "TLS 1.3 G->m: HRR secp384r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]20826 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]20827 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20828 0 \
20829 -s "Protocol is TLSv1.3" \
20830 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]20831 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20832 -s "HRR selected_group: secp521r1"
20833
20834requires_config_enabled MBEDTLS_SSL_SRV_C
20835requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]20836requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20837requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20838requires_gnutls_tls1_3
20839requires_gnutls_next_no_ticket
20840requires_gnutls_next_disable_tls13_compat
20841run_test "TLS 1.3 G->m: HRR secp384r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]20842 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]20843 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20844 0 \
20845 -s "Protocol is TLSv1.3" \
20846 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]20847 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20848 -s "HRR selected_group: x25519"
20849
20850requires_config_enabled MBEDTLS_SSL_SRV_C
20851requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]20852requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20853requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20854requires_gnutls_tls1_3
20855requires_gnutls_next_no_ticket
20856requires_gnutls_next_disable_tls13_compat
20857run_test "TLS 1.3 G->m: HRR secp384r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]20858 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]20859 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20860 0 \
20861 -s "Protocol is TLSv1.3" \
20862 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]20863 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20864 -s "HRR selected_group: x448"
20865
20866requires_config_enabled MBEDTLS_SSL_SRV_C
20867requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]20868requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20869requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20870requires_gnutls_tls1_3
20871requires_gnutls_next_no_ticket
20872requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]20873run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe2048" \
20874 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20875 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
20876 0 \
20877 -s "Protocol is TLSv1.3" \
20878 -s "got named group: ffdhe2048(0100)" \
20879 -s "Certificate verification was skipped" \
20880 -s "HRR selected_group: ffdhe2048"
20881
20882requires_config_enabled MBEDTLS_SSL_SRV_C
20883requires_config_enabled MBEDTLS_DEBUG_C
20884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20886requires_gnutls_tls1_3
20887requires_gnutls_next_no_ticket
20888requires_gnutls_next_disable_tls13_compat
20889run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe3072" \
20890 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20891 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
20892 0 \
20893 -s "Protocol is TLSv1.3" \
20894 -s "got named group: ffdhe3072(0101)" \
20895 -s "Certificate verification was skipped" \
20896 -s "HRR selected_group: ffdhe3072"
20897
20898requires_config_enabled MBEDTLS_SSL_SRV_C
20899requires_config_enabled MBEDTLS_DEBUG_C
20900requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20901requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20902requires_gnutls_tls1_3
20903requires_gnutls_next_no_ticket
20904requires_gnutls_next_disable_tls13_compat
20905run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe4096" \
20906 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20907 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
20908 0 \
20909 -s "Protocol is TLSv1.3" \
20910 -s "got named group: ffdhe4096(0102)" \
20911 -s "Certificate verification was skipped" \
20912 -s "HRR selected_group: ffdhe4096"
20913
20914requires_config_enabled MBEDTLS_SSL_SRV_C
20915requires_config_enabled MBEDTLS_DEBUG_C
20916requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20917requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20918requires_gnutls_tls1_3
20919requires_gnutls_next_no_ticket
20920requires_gnutls_next_disable_tls13_compat
20921run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe6144" \
20922 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20923 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
20924 0 \
20925 -s "Protocol is TLSv1.3" \
20926 -s "got named group: ffdhe6144(0103)" \
20927 -s "Certificate verification was skipped" \
20928 -s "HRR selected_group: ffdhe6144"
20929
20930requires_config_enabled MBEDTLS_SSL_SRV_C
20931requires_config_enabled MBEDTLS_DEBUG_C
20932requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20933requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20934requires_gnutls_tls1_3
20935requires_gnutls_next_no_ticket
20936requires_gnutls_next_disable_tls13_compat
20937run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe8192" \
20938 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
20939 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
20940 0 \
20941 -s "Protocol is TLSv1.3" \
20942 -s "got named group: ffdhe8192(0104)" \
20943 -s "Certificate verification was skipped" \
20944 -s "HRR selected_group: ffdhe8192"
20945
20946requires_config_enabled MBEDTLS_SSL_SRV_C
20947requires_config_enabled MBEDTLS_DEBUG_C
20948requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
20949requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20950requires_gnutls_tls1_3
20951requires_gnutls_next_no_ticket
20952requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20953run_test "TLS 1.3 G->m: HRR secp521r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]20954 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]20955 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20956 0 \
20957 -s "Protocol is TLSv1.3" \
20958 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]20959 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20960 -s "HRR selected_group: secp256r1"
20961
20962requires_config_enabled MBEDTLS_SSL_SRV_C
20963requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]20964requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20965requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20966requires_gnutls_tls1_3
20967requires_gnutls_next_no_ticket
20968requires_gnutls_next_disable_tls13_compat
20969run_test "TLS 1.3 G->m: HRR secp521r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]20970 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]20971 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20972 0 \
20973 -s "Protocol is TLSv1.3" \
20974 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]20975 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20976 -s "HRR selected_group: secp384r1"
20977
20978requires_config_enabled MBEDTLS_SSL_SRV_C
20979requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]20980requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20981requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20982requires_gnutls_tls1_3
20983requires_gnutls_next_no_ticket
20984requires_gnutls_next_disable_tls13_compat
20985run_test "TLS 1.3 G->m: HRR secp521r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]20986 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]20987 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20988 0 \
20989 -s "Protocol is TLSv1.3" \
20990 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]20991 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20992 -s "HRR selected_group: x25519"
20993
20994requires_config_enabled MBEDTLS_SSL_SRV_C
20995requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]20996requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]20997requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
20998requires_gnutls_tls1_3
20999requires_gnutls_next_no_ticket
21000requires_gnutls_next_disable_tls13_compat
21001run_test "TLS 1.3 G->m: HRR secp521r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]21002 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]21003 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21004 0 \
21005 -s "Protocol is TLSv1.3" \
21006 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]21007 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21008 -s "HRR selected_group: x448"
21009
21010requires_config_enabled MBEDTLS_SSL_SRV_C
21011requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]21012requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21013requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21014requires_gnutls_tls1_3
21015requires_gnutls_next_no_ticket
21016requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]21017run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe2048" \
21018 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21019 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
21020 0 \
21021 -s "Protocol is TLSv1.3" \
21022 -s "got named group: ffdhe2048(0100)" \
21023 -s "Certificate verification was skipped" \
21024 -s "HRR selected_group: ffdhe2048"
21025
21026requires_config_enabled MBEDTLS_SSL_SRV_C
21027requires_config_enabled MBEDTLS_DEBUG_C
21028requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21029requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21030requires_gnutls_tls1_3
21031requires_gnutls_next_no_ticket
21032requires_gnutls_next_disable_tls13_compat
21033run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe3072" \
21034 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21035 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
21036 0 \
21037 -s "Protocol is TLSv1.3" \
21038 -s "got named group: ffdhe3072(0101)" \
21039 -s "Certificate verification was skipped" \
21040 -s "HRR selected_group: ffdhe3072"
21041
21042requires_config_enabled MBEDTLS_SSL_SRV_C
21043requires_config_enabled MBEDTLS_DEBUG_C
21044requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21045requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21046requires_gnutls_tls1_3
21047requires_gnutls_next_no_ticket
21048requires_gnutls_next_disable_tls13_compat
21049run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe4096" \
21050 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21051 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
21052 0 \
21053 -s "Protocol is TLSv1.3" \
21054 -s "got named group: ffdhe4096(0102)" \
21055 -s "Certificate verification was skipped" \
21056 -s "HRR selected_group: ffdhe4096"
21057
21058requires_config_enabled MBEDTLS_SSL_SRV_C
21059requires_config_enabled MBEDTLS_DEBUG_C
21060requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21061requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21062requires_gnutls_tls1_3
21063requires_gnutls_next_no_ticket
21064requires_gnutls_next_disable_tls13_compat
21065run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe6144" \
21066 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21067 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
21068 0 \
21069 -s "Protocol is TLSv1.3" \
21070 -s "got named group: ffdhe6144(0103)" \
21071 -s "Certificate verification was skipped" \
21072 -s "HRR selected_group: ffdhe6144"
21073
21074requires_config_enabled MBEDTLS_SSL_SRV_C
21075requires_config_enabled MBEDTLS_DEBUG_C
21076requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21077requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21078requires_gnutls_tls1_3
21079requires_gnutls_next_no_ticket
21080requires_gnutls_next_disable_tls13_compat
21081run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe8192" \
21082 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21083 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
21084 0 \
21085 -s "Protocol is TLSv1.3" \
21086 -s "got named group: ffdhe8192(0104)" \
21087 -s "Certificate verification was skipped" \
21088 -s "HRR selected_group: ffdhe8192"
21089
21090requires_config_enabled MBEDTLS_SSL_SRV_C
21091requires_config_enabled MBEDTLS_DEBUG_C
21092requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21093requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21094requires_gnutls_tls1_3
21095requires_gnutls_next_no_ticket
21096requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21097run_test "TLS 1.3 G->m: HRR x25519 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]21098 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]21099 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21100 0 \
21101 -s "Protocol is TLSv1.3" \
21102 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]21103 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21104 -s "HRR selected_group: secp256r1"
21105
21106requires_config_enabled MBEDTLS_SSL_SRV_C
21107requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]21108requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21109requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21110requires_gnutls_tls1_3
21111requires_gnutls_next_no_ticket
21112requires_gnutls_next_disable_tls13_compat
21113run_test "TLS 1.3 G->m: HRR x25519 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]21114 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]21115 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21116 0 \
21117 -s "Protocol is TLSv1.3" \
21118 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]21119 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21120 -s "HRR selected_group: secp384r1"
21121
21122requires_config_enabled MBEDTLS_SSL_SRV_C
21123requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]21124requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21125requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21126requires_gnutls_tls1_3
21127requires_gnutls_next_no_ticket
21128requires_gnutls_next_disable_tls13_compat
21129run_test "TLS 1.3 G->m: HRR x25519 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]21130 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]21131 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21132 0 \
21133 -s "Protocol is TLSv1.3" \
21134 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]21135 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21136 -s "HRR selected_group: secp521r1"
21137
21138requires_config_enabled MBEDTLS_SSL_SRV_C
21139requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]21140requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21142requires_gnutls_tls1_3
21143requires_gnutls_next_no_ticket
21144requires_gnutls_next_disable_tls13_compat
21145run_test "TLS 1.3 G->m: HRR x25519 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]21146 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]21147 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21148 0 \
21149 -s "Protocol is TLSv1.3" \
21150 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]21151 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21152 -s "HRR selected_group: x448"
21153
21154requires_config_enabled MBEDTLS_SSL_SRV_C
21155requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]21156requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21157requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21158requires_gnutls_tls1_3
21159requires_gnutls_next_no_ticket
21160requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]21161run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe2048" \
21162 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21163 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
21164 0 \
21165 -s "Protocol is TLSv1.3" \
21166 -s "got named group: ffdhe2048(0100)" \
21167 -s "Certificate verification was skipped" \
21168 -s "HRR selected_group: ffdhe2048"
21169
21170requires_config_enabled MBEDTLS_SSL_SRV_C
21171requires_config_enabled MBEDTLS_DEBUG_C
21172requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21173requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21174requires_gnutls_tls1_3
21175requires_gnutls_next_no_ticket
21176requires_gnutls_next_disable_tls13_compat
21177run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe3072" \
21178 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21179 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
21180 0 \
21181 -s "Protocol is TLSv1.3" \
21182 -s "got named group: ffdhe3072(0101)" \
21183 -s "Certificate verification was skipped" \
21184 -s "HRR selected_group: ffdhe3072"
21185
21186requires_config_enabled MBEDTLS_SSL_SRV_C
21187requires_config_enabled MBEDTLS_DEBUG_C
21188requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21189requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21190requires_gnutls_tls1_3
21191requires_gnutls_next_no_ticket
21192requires_gnutls_next_disable_tls13_compat
21193run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe4096" \
21194 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21195 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
21196 0 \
21197 -s "Protocol is TLSv1.3" \
21198 -s "got named group: ffdhe4096(0102)" \
21199 -s "Certificate verification was skipped" \
21200 -s "HRR selected_group: ffdhe4096"
21201
21202requires_config_enabled MBEDTLS_SSL_SRV_C
21203requires_config_enabled MBEDTLS_DEBUG_C
21204requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21205requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21206requires_gnutls_tls1_3
21207requires_gnutls_next_no_ticket
21208requires_gnutls_next_disable_tls13_compat
21209run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe6144" \
21210 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21211 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
21212 0 \
21213 -s "Protocol is TLSv1.3" \
21214 -s "got named group: ffdhe6144(0103)" \
21215 -s "Certificate verification was skipped" \
21216 -s "HRR selected_group: ffdhe6144"
21217
21218requires_config_enabled MBEDTLS_SSL_SRV_C
21219requires_config_enabled MBEDTLS_DEBUG_C
21220requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21222requires_gnutls_tls1_3
21223requires_gnutls_next_no_ticket
21224requires_gnutls_next_disable_tls13_compat
21225run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe8192" \
21226 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21227 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
21228 0 \
21229 -s "Protocol is TLSv1.3" \
21230 -s "got named group: ffdhe8192(0104)" \
21231 -s "Certificate verification was skipped" \
21232 -s "HRR selected_group: ffdhe8192"
21233
21234requires_config_enabled MBEDTLS_SSL_SRV_C
21235requires_config_enabled MBEDTLS_DEBUG_C
21236requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21237requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21238requires_gnutls_tls1_3
21239requires_gnutls_next_no_ticket
21240requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21241run_test "TLS 1.3 G->m: HRR x448 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]21242 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]21243 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21244 0 \
21245 -s "Protocol is TLSv1.3" \
21246 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]21247 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21248 -s "HRR selected_group: secp256r1"
21249
21250requires_config_enabled MBEDTLS_SSL_SRV_C
21251requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]21252requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21253requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21254requires_gnutls_tls1_3
21255requires_gnutls_next_no_ticket
21256requires_gnutls_next_disable_tls13_compat
21257run_test "TLS 1.3 G->m: HRR x448 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]21258 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]21259 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21260 0 \
21261 -s "Protocol is TLSv1.3" \
21262 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]21263 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21264 -s "HRR selected_group: secp384r1"
21265
21266requires_config_enabled MBEDTLS_SSL_SRV_C
21267requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]21268requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21269requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21270requires_gnutls_tls1_3
21271requires_gnutls_next_no_ticket
21272requires_gnutls_next_disable_tls13_compat
21273run_test "TLS 1.3 G->m: HRR x448 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]21274 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]21275 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21276 0 \
21277 -s "Protocol is TLSv1.3" \
21278 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]21279 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21280 -s "HRR selected_group: secp521r1"
21281
21282requires_config_enabled MBEDTLS_SSL_SRV_C
21283requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]21284requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21286requires_gnutls_tls1_3
21287requires_gnutls_next_no_ticket
21288requires_gnutls_next_disable_tls13_compat
21289run_test "TLS 1.3 G->m: HRR x448 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]21290 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]21291 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21292 0 \
21293 -s "Protocol is TLSv1.3" \
21294 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]21295 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]21296 -s "HRR selected_group: x25519"
21297
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]21298requires_config_enabled MBEDTLS_SSL_SRV_C
21299requires_config_enabled MBEDTLS_DEBUG_C
21300requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21301requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21302requires_gnutls_tls1_3
21303requires_gnutls_next_no_ticket
21304requires_gnutls_next_disable_tls13_compat
21305run_test "TLS 1.3 G->m: HRR x448 -> ffdhe2048" \
21306 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21307 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
21308 0 \
21309 -s "Protocol is TLSv1.3" \
21310 -s "got named group: ffdhe2048(0100)" \
21311 -s "Certificate verification was skipped" \
21312 -s "HRR selected_group: ffdhe2048"
21313
21314requires_config_enabled MBEDTLS_SSL_SRV_C
21315requires_config_enabled MBEDTLS_DEBUG_C
21316requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21317requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21318requires_gnutls_tls1_3
21319requires_gnutls_next_no_ticket
21320requires_gnutls_next_disable_tls13_compat
21321run_test "TLS 1.3 G->m: HRR x448 -> ffdhe3072" \
21322 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21323 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
21324 0 \
21325 -s "Protocol is TLSv1.3" \
21326 -s "got named group: ffdhe3072(0101)" \
21327 -s "Certificate verification was skipped" \
21328 -s "HRR selected_group: ffdhe3072"
21329
21330requires_config_enabled MBEDTLS_SSL_SRV_C
21331requires_config_enabled MBEDTLS_DEBUG_C
21332requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21333requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21334requires_gnutls_tls1_3
21335requires_gnutls_next_no_ticket
21336requires_gnutls_next_disable_tls13_compat
21337run_test "TLS 1.3 G->m: HRR x448 -> ffdhe4096" \
21338 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21339 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
21340 0 \
21341 -s "Protocol is TLSv1.3" \
21342 -s "got named group: ffdhe4096(0102)" \
21343 -s "Certificate verification was skipped" \
21344 -s "HRR selected_group: ffdhe4096"
21345
21346requires_config_enabled MBEDTLS_SSL_SRV_C
21347requires_config_enabled MBEDTLS_DEBUG_C
21348requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21349requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21350requires_gnutls_tls1_3
21351requires_gnutls_next_no_ticket
21352requires_gnutls_next_disable_tls13_compat
21353run_test "TLS 1.3 G->m: HRR x448 -> ffdhe6144" \
21354 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21355 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
21356 0 \
21357 -s "Protocol is TLSv1.3" \
21358 -s "got named group: ffdhe6144(0103)" \
21359 -s "Certificate verification was skipped" \
21360 -s "HRR selected_group: ffdhe6144"
21361
21362requires_config_enabled MBEDTLS_SSL_SRV_C
21363requires_config_enabled MBEDTLS_DEBUG_C
21364requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21365requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21366requires_gnutls_tls1_3
21367requires_gnutls_next_no_ticket
21368requires_gnutls_next_disable_tls13_compat
21369run_test "TLS 1.3 G->m: HRR x448 -> ffdhe8192" \
21370 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21371 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
21372 0 \
21373 -s "Protocol is TLSv1.3" \
21374 -s "got named group: ffdhe8192(0104)" \
21375 -s "Certificate verification was skipped" \
21376 -s "HRR selected_group: ffdhe8192"
21377
21378requires_config_enabled MBEDTLS_SSL_SRV_C
21379requires_config_enabled MBEDTLS_DEBUG_C
21380requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21381requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21382requires_gnutls_tls1_3
21383requires_gnutls_next_no_ticket
21384requires_gnutls_next_disable_tls13_compat
21385run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp256r1" \
21386 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21387 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
21388 0 \
21389 -s "Protocol is TLSv1.3" \
21390 -s "got named group: secp256r1(0017)" \
21391 -s "Certificate verification was skipped" \
21392 -s "HRR selected_group: secp256r1"
21393
21394requires_config_enabled MBEDTLS_SSL_SRV_C
21395requires_config_enabled MBEDTLS_DEBUG_C
21396requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21397requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21398requires_gnutls_tls1_3
21399requires_gnutls_next_no_ticket
21400requires_gnutls_next_disable_tls13_compat
21401run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp384r1" \
21402 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21403 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
21404 0 \
21405 -s "Protocol is TLSv1.3" \
21406 -s "got named group: secp384r1(0018)" \
21407 -s "Certificate verification was skipped" \
21408 -s "HRR selected_group: secp384r1"
21409
21410requires_config_enabled MBEDTLS_SSL_SRV_C
21411requires_config_enabled MBEDTLS_DEBUG_C
21412requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21413requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21414requires_gnutls_tls1_3
21415requires_gnutls_next_no_ticket
21416requires_gnutls_next_disable_tls13_compat
21417run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp521r1" \
21418 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21419 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
21420 0 \
21421 -s "Protocol is TLSv1.3" \
21422 -s "got named group: secp521r1(0019)" \
21423 -s "Certificate verification was skipped" \
21424 -s "HRR selected_group: secp521r1"
21425
21426requires_config_enabled MBEDTLS_SSL_SRV_C
21427requires_config_enabled MBEDTLS_DEBUG_C
21428requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21429requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21430requires_gnutls_tls1_3
21431requires_gnutls_next_no_ticket
21432requires_gnutls_next_disable_tls13_compat
21433run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x25519" \
21434 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21435 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
21436 0 \
21437 -s "Protocol is TLSv1.3" \
21438 -s "got named group: x25519(001d)" \
21439 -s "Certificate verification was skipped" \
21440 -s "HRR selected_group: x25519"
21441
21442requires_config_enabled MBEDTLS_SSL_SRV_C
21443requires_config_enabled MBEDTLS_DEBUG_C
21444requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21445requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21446requires_gnutls_tls1_3
21447requires_gnutls_next_no_ticket
21448requires_gnutls_next_disable_tls13_compat
21449run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x448" \
21450 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21451 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
21452 0 \
21453 -s "Protocol is TLSv1.3" \
21454 -s "got named group: x448(001e)" \
21455 -s "Certificate verification was skipped" \
21456 -s "HRR selected_group: x448"
21457
21458requires_config_enabled MBEDTLS_SSL_SRV_C
21459requires_config_enabled MBEDTLS_DEBUG_C
21460requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21461requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21462requires_gnutls_tls1_3
21463requires_gnutls_next_no_ticket
21464requires_gnutls_next_disable_tls13_compat
21465run_test "TLS 1.3 G->m: HRR ffdhe2048 -> ffdhe3072" \
21466 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21467 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
21468 0 \
21469 -s "Protocol is TLSv1.3" \
21470 -s "got named group: ffdhe3072(0101)" \
21471 -s "Certificate verification was skipped" \
21472 -s "HRR selected_group: ffdhe3072"
21473
21474requires_config_enabled MBEDTLS_SSL_SRV_C
21475requires_config_enabled MBEDTLS_DEBUG_C
21476requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21477requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21478requires_gnutls_tls1_3
21479requires_gnutls_next_no_ticket
21480requires_gnutls_next_disable_tls13_compat
21481run_test "TLS 1.3 G->m: HRR ffdhe2048 -> ffdhe4096" \
21482 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21483 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
21484 0 \
21485 -s "Protocol is TLSv1.3" \
21486 -s "got named group: ffdhe4096(0102)" \
21487 -s "Certificate verification was skipped" \
21488 -s "HRR selected_group: ffdhe4096"
21489
21490requires_config_enabled MBEDTLS_SSL_SRV_C
21491requires_config_enabled MBEDTLS_DEBUG_C
21492requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21493requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21494requires_gnutls_tls1_3
21495requires_gnutls_next_no_ticket
21496requires_gnutls_next_disable_tls13_compat
21497run_test "TLS 1.3 G->m: HRR ffdhe2048 -> ffdhe6144" \
21498 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21499 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
21500 0 \
21501 -s "Protocol is TLSv1.3" \
21502 -s "got named group: ffdhe6144(0103)" \
21503 -s "Certificate verification was skipped" \
21504 -s "HRR selected_group: ffdhe6144"
21505
21506requires_config_enabled MBEDTLS_SSL_SRV_C
21507requires_config_enabled MBEDTLS_DEBUG_C
21508requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21509requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21510requires_gnutls_tls1_3
21511requires_gnutls_next_no_ticket
21512requires_gnutls_next_disable_tls13_compat
21513run_test "TLS 1.3 G->m: HRR ffdhe2048 -> ffdhe8192" \
21514 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21515 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
21516 0 \
21517 -s "Protocol is TLSv1.3" \
21518 -s "got named group: ffdhe8192(0104)" \
21519 -s "Certificate verification was skipped" \
21520 -s "HRR selected_group: ffdhe8192"
21521
21522requires_config_enabled MBEDTLS_SSL_SRV_C
21523requires_config_enabled MBEDTLS_DEBUG_C
21524requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21525requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21526requires_gnutls_tls1_3
21527requires_gnutls_next_no_ticket
21528requires_gnutls_next_disable_tls13_compat
21529run_test "TLS 1.3 G->m: HRR ffdhe3072 -> secp256r1" \
21530 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21531 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
21532 0 \
21533 -s "Protocol is TLSv1.3" \
21534 -s "got named group: secp256r1(0017)" \
21535 -s "Certificate verification was skipped" \
21536 -s "HRR selected_group: secp256r1"
21537
21538requires_config_enabled MBEDTLS_SSL_SRV_C
21539requires_config_enabled MBEDTLS_DEBUG_C
21540requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21541requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21542requires_gnutls_tls1_3
21543requires_gnutls_next_no_ticket
21544requires_gnutls_next_disable_tls13_compat
21545run_test "TLS 1.3 G->m: HRR ffdhe3072 -> secp384r1" \
21546 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21547 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
21548 0 \
21549 -s "Protocol is TLSv1.3" \
21550 -s "got named group: secp384r1(0018)" \
21551 -s "Certificate verification was skipped" \
21552 -s "HRR selected_group: secp384r1"
21553
21554requires_config_enabled MBEDTLS_SSL_SRV_C
21555requires_config_enabled MBEDTLS_DEBUG_C
21556requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21557requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21558requires_gnutls_tls1_3
21559requires_gnutls_next_no_ticket
21560requires_gnutls_next_disable_tls13_compat
21561run_test "TLS 1.3 G->m: HRR ffdhe3072 -> secp521r1" \
21562 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21563 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
21564 0 \
21565 -s "Protocol is TLSv1.3" \
21566 -s "got named group: secp521r1(0019)" \
21567 -s "Certificate verification was skipped" \
21568 -s "HRR selected_group: secp521r1"
21569
21570requires_config_enabled MBEDTLS_SSL_SRV_C
21571requires_config_enabled MBEDTLS_DEBUG_C
21572requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21573requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21574requires_gnutls_tls1_3
21575requires_gnutls_next_no_ticket
21576requires_gnutls_next_disable_tls13_compat
21577run_test "TLS 1.3 G->m: HRR ffdhe3072 -> x25519" \
21578 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21579 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
21580 0 \
21581 -s "Protocol is TLSv1.3" \
21582 -s "got named group: x25519(001d)" \
21583 -s "Certificate verification was skipped" \
21584 -s "HRR selected_group: x25519"
21585
21586requires_config_enabled MBEDTLS_SSL_SRV_C
21587requires_config_enabled MBEDTLS_DEBUG_C
21588requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21589requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21590requires_gnutls_tls1_3
21591requires_gnutls_next_no_ticket
21592requires_gnutls_next_disable_tls13_compat
21593run_test "TLS 1.3 G->m: HRR ffdhe3072 -> x448" \
21594 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21595 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
21596 0 \
21597 -s "Protocol is TLSv1.3" \
21598 -s "got named group: x448(001e)" \
21599 -s "Certificate verification was skipped" \
21600 -s "HRR selected_group: x448"
21601
21602requires_config_enabled MBEDTLS_SSL_SRV_C
21603requires_config_enabled MBEDTLS_DEBUG_C
21604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21605requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21606requires_gnutls_tls1_3
21607requires_gnutls_next_no_ticket
21608requires_gnutls_next_disable_tls13_compat
21609run_test "TLS 1.3 G->m: HRR ffdhe3072 -> ffdhe2048" \
21610 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21611 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
21612 0 \
21613 -s "Protocol is TLSv1.3" \
21614 -s "got named group: ffdhe2048(0100)" \
21615 -s "Certificate verification was skipped" \
21616 -s "HRR selected_group: ffdhe2048"
21617
21618requires_config_enabled MBEDTLS_SSL_SRV_C
21619requires_config_enabled MBEDTLS_DEBUG_C
21620requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21621requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21622requires_gnutls_tls1_3
21623requires_gnutls_next_no_ticket
21624requires_gnutls_next_disable_tls13_compat
21625run_test "TLS 1.3 G->m: HRR ffdhe3072 -> ffdhe4096" \
21626 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21627 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
21628 0 \
21629 -s "Protocol is TLSv1.3" \
21630 -s "got named group: ffdhe4096(0102)" \
21631 -s "Certificate verification was skipped" \
21632 -s "HRR selected_group: ffdhe4096"
21633
21634requires_config_enabled MBEDTLS_SSL_SRV_C
21635requires_config_enabled MBEDTLS_DEBUG_C
21636requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21637requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21638requires_gnutls_tls1_3
21639requires_gnutls_next_no_ticket
21640requires_gnutls_next_disable_tls13_compat
21641run_test "TLS 1.3 G->m: HRR ffdhe3072 -> ffdhe6144" \
21642 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21643 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
21644 0 \
21645 -s "Protocol is TLSv1.3" \
21646 -s "got named group: ffdhe6144(0103)" \
21647 -s "Certificate verification was skipped" \
21648 -s "HRR selected_group: ffdhe6144"
21649
21650requires_config_enabled MBEDTLS_SSL_SRV_C
21651requires_config_enabled MBEDTLS_DEBUG_C
21652requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21653requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21654requires_gnutls_tls1_3
21655requires_gnutls_next_no_ticket
21656requires_gnutls_next_disable_tls13_compat
21657run_test "TLS 1.3 G->m: HRR ffdhe3072 -> ffdhe8192" \
21658 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21659 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
21660 0 \
21661 -s "Protocol is TLSv1.3" \
21662 -s "got named group: ffdhe8192(0104)" \
21663 -s "Certificate verification was skipped" \
21664 -s "HRR selected_group: ffdhe8192"
21665
21666requires_config_enabled MBEDTLS_SSL_SRV_C
21667requires_config_enabled MBEDTLS_DEBUG_C
21668requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21670requires_gnutls_tls1_3
21671requires_gnutls_next_no_ticket
21672requires_gnutls_next_disable_tls13_compat
21673run_test "TLS 1.3 G->m: HRR ffdhe4096 -> secp256r1" \
21674 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21675 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
21676 0 \
21677 -s "Protocol is TLSv1.3" \
21678 -s "got named group: secp256r1(0017)" \
21679 -s "Certificate verification was skipped" \
21680 -s "HRR selected_group: secp256r1"
21681
21682requires_config_enabled MBEDTLS_SSL_SRV_C
21683requires_config_enabled MBEDTLS_DEBUG_C
21684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21685requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21686requires_gnutls_tls1_3
21687requires_gnutls_next_no_ticket
21688requires_gnutls_next_disable_tls13_compat
21689run_test "TLS 1.3 G->m: HRR ffdhe4096 -> secp384r1" \
21690 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21691 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
21692 0 \
21693 -s "Protocol is TLSv1.3" \
21694 -s "got named group: secp384r1(0018)" \
21695 -s "Certificate verification was skipped" \
21696 -s "HRR selected_group: secp384r1"
21697
21698requires_config_enabled MBEDTLS_SSL_SRV_C
21699requires_config_enabled MBEDTLS_DEBUG_C
21700requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21701requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21702requires_gnutls_tls1_3
21703requires_gnutls_next_no_ticket
21704requires_gnutls_next_disable_tls13_compat
21705run_test "TLS 1.3 G->m: HRR ffdhe4096 -> secp521r1" \
21706 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21707 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
21708 0 \
21709 -s "Protocol is TLSv1.3" \
21710 -s "got named group: secp521r1(0019)" \
21711 -s "Certificate verification was skipped" \
21712 -s "HRR selected_group: secp521r1"
21713
21714requires_config_enabled MBEDTLS_SSL_SRV_C
21715requires_config_enabled MBEDTLS_DEBUG_C
21716requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21718requires_gnutls_tls1_3
21719requires_gnutls_next_no_ticket
21720requires_gnutls_next_disable_tls13_compat
21721run_test "TLS 1.3 G->m: HRR ffdhe4096 -> x25519" \
21722 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21723 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
21724 0 \
21725 -s "Protocol is TLSv1.3" \
21726 -s "got named group: x25519(001d)" \
21727 -s "Certificate verification was skipped" \
21728 -s "HRR selected_group: x25519"
21729
21730requires_config_enabled MBEDTLS_SSL_SRV_C
21731requires_config_enabled MBEDTLS_DEBUG_C
21732requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21733requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21734requires_gnutls_tls1_3
21735requires_gnutls_next_no_ticket
21736requires_gnutls_next_disable_tls13_compat
21737run_test "TLS 1.3 G->m: HRR ffdhe4096 -> x448" \
21738 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21739 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
21740 0 \
21741 -s "Protocol is TLSv1.3" \
21742 -s "got named group: x448(001e)" \
21743 -s "Certificate verification was skipped" \
21744 -s "HRR selected_group: x448"
21745
21746requires_config_enabled MBEDTLS_SSL_SRV_C
21747requires_config_enabled MBEDTLS_DEBUG_C
21748requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21749requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21750requires_gnutls_tls1_3
21751requires_gnutls_next_no_ticket
21752requires_gnutls_next_disable_tls13_compat
21753run_test "TLS 1.3 G->m: HRR ffdhe4096 -> ffdhe2048" \
21754 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21755 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
21756 0 \
21757 -s "Protocol is TLSv1.3" \
21758 -s "got named group: ffdhe2048(0100)" \
21759 -s "Certificate verification was skipped" \
21760 -s "HRR selected_group: ffdhe2048"
21761
21762requires_config_enabled MBEDTLS_SSL_SRV_C
21763requires_config_enabled MBEDTLS_DEBUG_C
21764requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21765requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21766requires_gnutls_tls1_3
21767requires_gnutls_next_no_ticket
21768requires_gnutls_next_disable_tls13_compat
21769run_test "TLS 1.3 G->m: HRR ffdhe4096 -> ffdhe3072" \
21770 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21771 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
21772 0 \
21773 -s "Protocol is TLSv1.3" \
21774 -s "got named group: ffdhe3072(0101)" \
21775 -s "Certificate verification was skipped" \
21776 -s "HRR selected_group: ffdhe3072"
21777
21778requires_config_enabled MBEDTLS_SSL_SRV_C
21779requires_config_enabled MBEDTLS_DEBUG_C
21780requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21781requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21782requires_gnutls_tls1_3
21783requires_gnutls_next_no_ticket
21784requires_gnutls_next_disable_tls13_compat
21785run_test "TLS 1.3 G->m: HRR ffdhe4096 -> ffdhe6144" \
21786 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21787 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
21788 0 \
21789 -s "Protocol is TLSv1.3" \
21790 -s "got named group: ffdhe6144(0103)" \
21791 -s "Certificate verification was skipped" \
21792 -s "HRR selected_group: ffdhe6144"
21793
21794requires_config_enabled MBEDTLS_SSL_SRV_C
21795requires_config_enabled MBEDTLS_DEBUG_C
21796requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21797requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21798requires_gnutls_tls1_3
21799requires_gnutls_next_no_ticket
21800requires_gnutls_next_disable_tls13_compat
21801run_test "TLS 1.3 G->m: HRR ffdhe4096 -> ffdhe8192" \
21802 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21803 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
21804 0 \
21805 -s "Protocol is TLSv1.3" \
21806 -s "got named group: ffdhe8192(0104)" \
21807 -s "Certificate verification was skipped" \
21808 -s "HRR selected_group: ffdhe8192"
21809
21810requires_config_enabled MBEDTLS_SSL_SRV_C
21811requires_config_enabled MBEDTLS_DEBUG_C
21812requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21813requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21814requires_gnutls_tls1_3
21815requires_gnutls_next_no_ticket
21816requires_gnutls_next_disable_tls13_compat
21817run_test "TLS 1.3 G->m: HRR ffdhe6144 -> secp256r1" \
21818 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21819 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
21820 0 \
21821 -s "Protocol is TLSv1.3" \
21822 -s "got named group: secp256r1(0017)" \
21823 -s "Certificate verification was skipped" \
21824 -s "HRR selected_group: secp256r1"
21825
21826requires_config_enabled MBEDTLS_SSL_SRV_C
21827requires_config_enabled MBEDTLS_DEBUG_C
21828requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21829requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21830requires_gnutls_tls1_3
21831requires_gnutls_next_no_ticket
21832requires_gnutls_next_disable_tls13_compat
21833run_test "TLS 1.3 G->m: HRR ffdhe6144 -> secp384r1" \
21834 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21835 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
21836 0 \
21837 -s "Protocol is TLSv1.3" \
21838 -s "got named group: secp384r1(0018)" \
21839 -s "Certificate verification was skipped" \
21840 -s "HRR selected_group: secp384r1"
21841
21842requires_config_enabled MBEDTLS_SSL_SRV_C
21843requires_config_enabled MBEDTLS_DEBUG_C
21844requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21845requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21846requires_gnutls_tls1_3
21847requires_gnutls_next_no_ticket
21848requires_gnutls_next_disable_tls13_compat
21849run_test "TLS 1.3 G->m: HRR ffdhe6144 -> secp521r1" \
21850 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21851 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
21852 0 \
21853 -s "Protocol is TLSv1.3" \
21854 -s "got named group: secp521r1(0019)" \
21855 -s "Certificate verification was skipped" \
21856 -s "HRR selected_group: secp521r1"
21857
21858requires_config_enabled MBEDTLS_SSL_SRV_C
21859requires_config_enabled MBEDTLS_DEBUG_C
21860requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21861requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21862requires_gnutls_tls1_3
21863requires_gnutls_next_no_ticket
21864requires_gnutls_next_disable_tls13_compat
21865run_test "TLS 1.3 G->m: HRR ffdhe6144 -> x25519" \
21866 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21867 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
21868 0 \
21869 -s "Protocol is TLSv1.3" \
21870 -s "got named group: x25519(001d)" \
21871 -s "Certificate verification was skipped" \
21872 -s "HRR selected_group: x25519"
21873
21874requires_config_enabled MBEDTLS_SSL_SRV_C
21875requires_config_enabled MBEDTLS_DEBUG_C
21876requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21877requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21878requires_gnutls_tls1_3
21879requires_gnutls_next_no_ticket
21880requires_gnutls_next_disable_tls13_compat
21881run_test "TLS 1.3 G->m: HRR ffdhe6144 -> x448" \
21882 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21883 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
21884 0 \
21885 -s "Protocol is TLSv1.3" \
21886 -s "got named group: x448(001e)" \
21887 -s "Certificate verification was skipped" \
21888 -s "HRR selected_group: x448"
21889
21890requires_config_enabled MBEDTLS_SSL_SRV_C
21891requires_config_enabled MBEDTLS_DEBUG_C
21892requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21893requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21894requires_gnutls_tls1_3
21895requires_gnutls_next_no_ticket
21896requires_gnutls_next_disable_tls13_compat
21897run_test "TLS 1.3 G->m: HRR ffdhe6144 -> ffdhe2048" \
21898 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21899 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
21900 0 \
21901 -s "Protocol is TLSv1.3" \
21902 -s "got named group: ffdhe2048(0100)" \
21903 -s "Certificate verification was skipped" \
21904 -s "HRR selected_group: ffdhe2048"
21905
21906requires_config_enabled MBEDTLS_SSL_SRV_C
21907requires_config_enabled MBEDTLS_DEBUG_C
21908requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21909requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21910requires_gnutls_tls1_3
21911requires_gnutls_next_no_ticket
21912requires_gnutls_next_disable_tls13_compat
21913run_test "TLS 1.3 G->m: HRR ffdhe6144 -> ffdhe3072" \
21914 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21915 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
21916 0 \
21917 -s "Protocol is TLSv1.3" \
21918 -s "got named group: ffdhe3072(0101)" \
21919 -s "Certificate verification was skipped" \
21920 -s "HRR selected_group: ffdhe3072"
21921
21922requires_config_enabled MBEDTLS_SSL_SRV_C
21923requires_config_enabled MBEDTLS_DEBUG_C
21924requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21925requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21926requires_gnutls_tls1_3
21927requires_gnutls_next_no_ticket
21928requires_gnutls_next_disable_tls13_compat
21929run_test "TLS 1.3 G->m: HRR ffdhe6144 -> ffdhe4096" \
21930 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21931 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
21932 0 \
21933 -s "Protocol is TLSv1.3" \
21934 -s "got named group: ffdhe4096(0102)" \
21935 -s "Certificate verification was skipped" \
21936 -s "HRR selected_group: ffdhe4096"
21937
21938requires_config_enabled MBEDTLS_SSL_SRV_C
21939requires_config_enabled MBEDTLS_DEBUG_C
21940requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21941requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21942requires_gnutls_tls1_3
21943requires_gnutls_next_no_ticket
21944requires_gnutls_next_disable_tls13_compat
21945run_test "TLS 1.3 G->m: HRR ffdhe6144 -> ffdhe8192" \
21946 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21947 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
21948 0 \
21949 -s "Protocol is TLSv1.3" \
21950 -s "got named group: ffdhe8192(0104)" \
21951 -s "Certificate verification was skipped" \
21952 -s "HRR selected_group: ffdhe8192"
21953
21954requires_config_enabled MBEDTLS_SSL_SRV_C
21955requires_config_enabled MBEDTLS_DEBUG_C
21956requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21957requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21958requires_gnutls_tls1_3
21959requires_gnutls_next_no_ticket
21960requires_gnutls_next_disable_tls13_compat
21961run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp256r1" \
21962 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21963 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
21964 0 \
21965 -s "Protocol is TLSv1.3" \
21966 -s "got named group: secp256r1(0017)" \
21967 -s "Certificate verification was skipped" \
21968 -s "HRR selected_group: secp256r1"
21969
21970requires_config_enabled MBEDTLS_SSL_SRV_C
21971requires_config_enabled MBEDTLS_DEBUG_C
21972requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21973requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21974requires_gnutls_tls1_3
21975requires_gnutls_next_no_ticket
21976requires_gnutls_next_disable_tls13_compat
21977run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp384r1" \
21978 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21979 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
21980 0 \
21981 -s "Protocol is TLSv1.3" \
21982 -s "got named group: secp384r1(0018)" \
21983 -s "Certificate verification was skipped" \
21984 -s "HRR selected_group: secp384r1"
21985
21986requires_config_enabled MBEDTLS_SSL_SRV_C
21987requires_config_enabled MBEDTLS_DEBUG_C
21988requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
21989requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
21990requires_gnutls_tls1_3
21991requires_gnutls_next_no_ticket
21992requires_gnutls_next_disable_tls13_compat
21993run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp521r1" \
21994 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
21995 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
21996 0 \
21997 -s "Protocol is TLSv1.3" \
21998 -s "got named group: secp521r1(0019)" \
21999 -s "Certificate verification was skipped" \
22000 -s "HRR selected_group: secp521r1"
22001
22002requires_config_enabled MBEDTLS_SSL_SRV_C
22003requires_config_enabled MBEDTLS_DEBUG_C
22004requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22005requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22006requires_gnutls_tls1_3
22007requires_gnutls_next_no_ticket
22008requires_gnutls_next_disable_tls13_compat
22009run_test "TLS 1.3 G->m: HRR ffdhe8192 -> x25519" \
22010 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
22011 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
22012 0 \
22013 -s "Protocol is TLSv1.3" \
22014 -s "got named group: x25519(001d)" \
22015 -s "Certificate verification was skipped" \
22016 -s "HRR selected_group: x25519"
22017
22018requires_config_enabled MBEDTLS_SSL_SRV_C
22019requires_config_enabled MBEDTLS_DEBUG_C
22020requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22021requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22022requires_gnutls_tls1_3
22023requires_gnutls_next_no_ticket
22024requires_gnutls_next_disable_tls13_compat
22025run_test "TLS 1.3 G->m: HRR ffdhe8192 -> x448" \
22026 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
22027 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
22028 0 \
22029 -s "Protocol is TLSv1.3" \
22030 -s "got named group: x448(001e)" \
22031 -s "Certificate verification was skipped" \
22032 -s "HRR selected_group: x448"
22033
22034requires_config_enabled MBEDTLS_SSL_SRV_C
22035requires_config_enabled MBEDTLS_DEBUG_C
22036requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22037requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22038requires_gnutls_tls1_3
22039requires_gnutls_next_no_ticket
22040requires_gnutls_next_disable_tls13_compat
22041run_test "TLS 1.3 G->m: HRR ffdhe8192 -> ffdhe2048" \
22042 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
22043 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
22044 0 \
22045 -s "Protocol is TLSv1.3" \
22046 -s "got named group: ffdhe2048(0100)" \
22047 -s "Certificate verification was skipped" \
22048 -s "HRR selected_group: ffdhe2048"
22049
22050requires_config_enabled MBEDTLS_SSL_SRV_C
22051requires_config_enabled MBEDTLS_DEBUG_C
22052requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22053requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22054requires_gnutls_tls1_3
22055requires_gnutls_next_no_ticket
22056requires_gnutls_next_disable_tls13_compat
22057run_test "TLS 1.3 G->m: HRR ffdhe8192 -> ffdhe3072" \
22058 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
22059 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
22060 0 \
22061 -s "Protocol is TLSv1.3" \
22062 -s "got named group: ffdhe3072(0101)" \
22063 -s "Certificate verification was skipped" \
22064 -s "HRR selected_group: ffdhe3072"
22065
22066requires_config_enabled MBEDTLS_SSL_SRV_C
22067requires_config_enabled MBEDTLS_DEBUG_C
22068requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22069requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22070requires_gnutls_tls1_3
22071requires_gnutls_next_no_ticket
22072requires_gnutls_next_disable_tls13_compat
22073run_test "TLS 1.3 G->m: HRR ffdhe8192 -> ffdhe4096" \
22074 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
22075 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
22076 0 \
22077 -s "Protocol is TLSv1.3" \
22078 -s "got named group: ffdhe4096(0102)" \
22079 -s "Certificate verification was skipped" \
22080 -s "HRR selected_group: ffdhe4096"
22081
22082requires_config_enabled MBEDTLS_SSL_SRV_C
22083requires_config_enabled MBEDTLS_DEBUG_C
22084requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22085requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22086requires_gnutls_tls1_3
22087requires_gnutls_next_no_ticket
22088requires_gnutls_next_disable_tls13_compat
22089run_test "TLS 1.3 G->m: HRR ffdhe8192 -> ffdhe6144" \
22090 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
22091 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
22092 0 \
22093 -s "Protocol is TLSv1.3" \
22094 -s "got named group: ffdhe6144(0103)" \
22095 -s "Certificate verification was skipped" \
22096 -s "HRR selected_group: ffdhe6144"
22097
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22098requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22099requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22100requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22101requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22102requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]22103run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22104 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22105 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]22106 0 \
22107 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22108 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]22109 -c "NamedGroup: secp256r1 ( 17 )" \
22110 -c "NamedGroup: secp384r1 ( 18 )" \
22111 -c "Verifying peer X.509 certificate... ok" \
22112 -c "received HelloRetryRequest message" \
22113 -c "selected_group ( 24 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22114
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22115requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22116requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22117requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22118requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22119requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]22120run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22121 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22122 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22123 0 \
22124 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22125 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]22126 -c "NamedGroup: secp256r1 ( 17 )" \
22127 -c "NamedGroup: secp521r1 ( 19 )" \
22128 -c "Verifying peer X.509 certificate... ok" \
22129 -c "received HelloRetryRequest message" \
22130 -c "selected_group ( 25 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22131
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22132requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22133requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22134requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22135requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22136requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]22137run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22138 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22139 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22140 0 \
22141 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22142 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]22143 -c "NamedGroup: secp256r1 ( 17 )" \
22144 -c "NamedGroup: x25519 ( 1d )" \
22145 -c "Verifying peer X.509 certificate... ok" \
22146 -c "received HelloRetryRequest message" \
22147 -c "selected_group ( 29 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22148
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22149requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22150requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22151requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22152requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22153requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]22154run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22155 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22156 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22157 0 \
22158 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22159 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]22160 -c "NamedGroup: secp256r1 ( 17 )" \
22161 -c "NamedGroup: x448 ( 1e )" \
22162 -c "Verifying peer X.509 certificate... ok" \
22163 -c "received HelloRetryRequest message" \
22164 -c "selected_group ( 30 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]22165
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22166requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]22167requires_openssl_3_x
22168requires_config_enabled MBEDTLS_SSL_CLI_C
22169requires_config_enabled MBEDTLS_DEBUG_C
22170requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22171requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22172run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe2048" \
22173 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22174 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe2048" \
22175 0 \
22176 -c "HTTP/1.0 200 ok" \
22177 -c "Protocol is TLSv1.3" \
22178 -c "NamedGroup: secp256r1 ( 17 )" \
22179 -c "NamedGroup: ffdhe2048 ( 100 )" \
22180 -c "Verifying peer X.509 certificate... ok" \
22181 -c "received HelloRetryRequest message" \
22182 -c "selected_group ( 256 )"
22183
22184requires_openssl_tls1_3
22185requires_openssl_3_x
22186requires_config_enabled MBEDTLS_SSL_CLI_C
22187requires_config_enabled MBEDTLS_DEBUG_C
22188requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22189requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22190run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe3072" \
22191 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22192 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe3072" \
22193 0 \
22194 -c "HTTP/1.0 200 ok" \
22195 -c "Protocol is TLSv1.3" \
22196 -c "NamedGroup: secp256r1 ( 17 )" \
22197 -c "NamedGroup: ffdhe3072 ( 101 )" \
22198 -c "Verifying peer X.509 certificate... ok" \
22199 -c "received HelloRetryRequest message" \
22200 -c "selected_group ( 257 )"
22201
22202requires_openssl_tls1_3
22203requires_openssl_3_x
22204requires_config_enabled MBEDTLS_SSL_CLI_C
22205requires_config_enabled MBEDTLS_DEBUG_C
22206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22207requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22208run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe4096" \
22209 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22210 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe4096" \
22211 0 \
22212 -c "HTTP/1.0 200 ok" \
22213 -c "Protocol is TLSv1.3" \
22214 -c "NamedGroup: secp256r1 ( 17 )" \
22215 -c "NamedGroup: ffdhe4096 ( 102 )" \
22216 -c "Verifying peer X.509 certificate... ok" \
22217 -c "received HelloRetryRequest message" \
22218 -c "selected_group ( 258 )"
22219
22220requires_openssl_tls1_3
22221requires_openssl_3_x
22222requires_config_enabled MBEDTLS_SSL_CLI_C
22223requires_config_enabled MBEDTLS_DEBUG_C
22224requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22225requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22226run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe6144" \
22227 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22228 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe6144" \
22229 0 \
22230 -c "HTTP/1.0 200 ok" \
22231 -c "Protocol is TLSv1.3" \
22232 -c "NamedGroup: secp256r1 ( 17 )" \
22233 -c "NamedGroup: ffdhe6144 ( 103 )" \
22234 -c "Verifying peer X.509 certificate... ok" \
22235 -c "received HelloRetryRequest message" \
22236 -c "selected_group ( 259 )"
22237
22238requires_openssl_tls1_3
22239requires_openssl_3_x
22240requires_config_enabled MBEDTLS_SSL_CLI_C
22241requires_config_enabled MBEDTLS_DEBUG_C
22242requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22243requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22244run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe8192" \
22245 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22246 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \
22247 0 \
22248 -c "HTTP/1.0 200 ok" \
22249 -c "Protocol is TLSv1.3" \
22250 -c "NamedGroup: secp256r1 ( 17 )" \
22251 -c "NamedGroup: ffdhe8192 ( 104 )" \
22252 -c "Verifying peer X.509 certificate... ok" \
22253 -c "received HelloRetryRequest message" \
22254 -c "selected_group ( 260 )"
22255
22256requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22257requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22258requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22259requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22260requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22261run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22262 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22263 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22264 0 \
22265 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22266 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22267 -c "NamedGroup: secp384r1 ( 18 )" \
22268 -c "NamedGroup: secp256r1 ( 17 )" \
22269 -c "Verifying peer X.509 certificate... ok" \
22270 -c "received HelloRetryRequest message" \
22271 -c "selected_group ( 23 )"
22272
22273requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22274requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22275requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22276requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22277requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22278run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22279 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22280 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22281 0 \
22282 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22283 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22284 -c "NamedGroup: secp384r1 ( 18 )" \
22285 -c "NamedGroup: secp521r1 ( 19 )" \
22286 -c "Verifying peer X.509 certificate... ok" \
22287 -c "received HelloRetryRequest message" \
22288 -c "selected_group ( 25 )"
22289
22290requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22291requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22292requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22293requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22294requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22295run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22296 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22297 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22298 0 \
22299 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22300 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22301 -c "NamedGroup: secp384r1 ( 18 )" \
22302 -c "NamedGroup: x25519 ( 1d )" \
22303 -c "Verifying peer X.509 certificate... ok" \
22304 -c "received HelloRetryRequest message" \
22305 -c "selected_group ( 29 )"
22306
22307requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22308requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22309requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22310requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22311requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22312run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22313 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22314 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22315 0 \
22316 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22317 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22318 -c "NamedGroup: secp384r1 ( 18 )" \
22319 -c "NamedGroup: x448 ( 1e )" \
22320 -c "Verifying peer X.509 certificate... ok" \
22321 -c "received HelloRetryRequest message" \
22322 -c "selected_group ( 30 )"
22323
22324requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]22325requires_openssl_3_x
22326requires_config_enabled MBEDTLS_SSL_CLI_C
22327requires_config_enabled MBEDTLS_DEBUG_C
22328requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22329requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22330run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe2048" \
22331 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22332 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe2048" \
22333 0 \
22334 -c "HTTP/1.0 200 ok" \
22335 -c "Protocol is TLSv1.3" \
22336 -c "NamedGroup: secp384r1 ( 18 )" \
22337 -c "NamedGroup: ffdhe2048 ( 100 )" \
22338 -c "Verifying peer X.509 certificate... ok" \
22339 -c "received HelloRetryRequest message" \
22340 -c "selected_group ( 256 )"
22341
22342requires_openssl_tls1_3
22343requires_openssl_3_x
22344requires_config_enabled MBEDTLS_SSL_CLI_C
22345requires_config_enabled MBEDTLS_DEBUG_C
22346requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22347requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22348run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe3072" \
22349 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22350 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe3072" \
22351 0 \
22352 -c "HTTP/1.0 200 ok" \
22353 -c "Protocol is TLSv1.3" \
22354 -c "NamedGroup: secp384r1 ( 18 )" \
22355 -c "NamedGroup: ffdhe3072 ( 101 )" \
22356 -c "Verifying peer X.509 certificate... ok" \
22357 -c "received HelloRetryRequest message" \
22358 -c "selected_group ( 257 )"
22359
22360requires_openssl_tls1_3
22361requires_openssl_3_x
22362requires_config_enabled MBEDTLS_SSL_CLI_C
22363requires_config_enabled MBEDTLS_DEBUG_C
22364requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22365requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22366run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe4096" \
22367 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22368 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe4096" \
22369 0 \
22370 -c "HTTP/1.0 200 ok" \
22371 -c "Protocol is TLSv1.3" \
22372 -c "NamedGroup: secp384r1 ( 18 )" \
22373 -c "NamedGroup: ffdhe4096 ( 102 )" \
22374 -c "Verifying peer X.509 certificate... ok" \
22375 -c "received HelloRetryRequest message" \
22376 -c "selected_group ( 258 )"
22377
22378requires_openssl_tls1_3
22379requires_openssl_3_x
22380requires_config_enabled MBEDTLS_SSL_CLI_C
22381requires_config_enabled MBEDTLS_DEBUG_C
22382requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22383requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22384run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe6144" \
22385 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22386 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe6144" \
22387 0 \
22388 -c "HTTP/1.0 200 ok" \
22389 -c "Protocol is TLSv1.3" \
22390 -c "NamedGroup: secp384r1 ( 18 )" \
22391 -c "NamedGroup: ffdhe6144 ( 103 )" \
22392 -c "Verifying peer X.509 certificate... ok" \
22393 -c "received HelloRetryRequest message" \
22394 -c "selected_group ( 259 )"
22395
22396requires_openssl_tls1_3
22397requires_openssl_3_x
22398requires_config_enabled MBEDTLS_SSL_CLI_C
22399requires_config_enabled MBEDTLS_DEBUG_C
22400requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22401requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22402run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe8192" \
22403 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22404 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \
22405 0 \
22406 -c "HTTP/1.0 200 ok" \
22407 -c "Protocol is TLSv1.3" \
22408 -c "NamedGroup: secp384r1 ( 18 )" \
22409 -c "NamedGroup: ffdhe8192 ( 104 )" \
22410 -c "Verifying peer X.509 certificate... ok" \
22411 -c "received HelloRetryRequest message" \
22412 -c "selected_group ( 260 )"
22413
22414requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22415requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22416requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22417requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22418requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22419run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22420 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22421 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22422 0 \
22423 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22424 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22425 -c "NamedGroup: secp521r1 ( 19 )" \
22426 -c "NamedGroup: secp256r1 ( 17 )" \
22427 -c "Verifying peer X.509 certificate... ok" \
22428 -c "received HelloRetryRequest message" \
22429 -c "selected_group ( 23 )"
22430
22431requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22432requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22433requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22434requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22435requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22436run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22437 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22438 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22439 0 \
22440 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22441 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22442 -c "NamedGroup: secp521r1 ( 19 )" \
22443 -c "NamedGroup: secp384r1 ( 18 )" \
22444 -c "Verifying peer X.509 certificate... ok" \
22445 -c "received HelloRetryRequest message" \
22446 -c "selected_group ( 24 )"
22447
22448requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22449requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22450requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22451requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22452requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22453run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22454 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22455 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22456 0 \
22457 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22458 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22459 -c "NamedGroup: secp521r1 ( 19 )" \
22460 -c "NamedGroup: x25519 ( 1d )" \
22461 -c "Verifying peer X.509 certificate... ok" \
22462 -c "received HelloRetryRequest message" \
22463 -c "selected_group ( 29 )"
22464
22465requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22466requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22467requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22468requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22469requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22470run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22471 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22472 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22473 0 \
22474 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22475 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22476 -c "NamedGroup: secp521r1 ( 19 )" \
22477 -c "NamedGroup: x448 ( 1e )" \
22478 -c "Verifying peer X.509 certificate... ok" \
22479 -c "received HelloRetryRequest message" \
22480 -c "selected_group ( 30 )"
22481
22482requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]22483requires_openssl_3_x
22484requires_config_enabled MBEDTLS_SSL_CLI_C
22485requires_config_enabled MBEDTLS_DEBUG_C
22486requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22487requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22488run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe2048" \
22489 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22490 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe2048" \
22491 0 \
22492 -c "HTTP/1.0 200 ok" \
22493 -c "Protocol is TLSv1.3" \
22494 -c "NamedGroup: secp521r1 ( 19 )" \
22495 -c "NamedGroup: ffdhe2048 ( 100 )" \
22496 -c "Verifying peer X.509 certificate... ok" \
22497 -c "received HelloRetryRequest message" \
22498 -c "selected_group ( 256 )"
22499
22500requires_openssl_tls1_3
22501requires_openssl_3_x
22502requires_config_enabled MBEDTLS_SSL_CLI_C
22503requires_config_enabled MBEDTLS_DEBUG_C
22504requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22505requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22506run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe3072" \
22507 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22508 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe3072" \
22509 0 \
22510 -c "HTTP/1.0 200 ok" \
22511 -c "Protocol is TLSv1.3" \
22512 -c "NamedGroup: secp521r1 ( 19 )" \
22513 -c "NamedGroup: ffdhe3072 ( 101 )" \
22514 -c "Verifying peer X.509 certificate... ok" \
22515 -c "received HelloRetryRequest message" \
22516 -c "selected_group ( 257 )"
22517
22518requires_openssl_tls1_3
22519requires_openssl_3_x
22520requires_config_enabled MBEDTLS_SSL_CLI_C
22521requires_config_enabled MBEDTLS_DEBUG_C
22522requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22523requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22524run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe4096" \
22525 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22526 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe4096" \
22527 0 \
22528 -c "HTTP/1.0 200 ok" \
22529 -c "Protocol is TLSv1.3" \
22530 -c "NamedGroup: secp521r1 ( 19 )" \
22531 -c "NamedGroup: ffdhe4096 ( 102 )" \
22532 -c "Verifying peer X.509 certificate... ok" \
22533 -c "received HelloRetryRequest message" \
22534 -c "selected_group ( 258 )"
22535
22536requires_openssl_tls1_3
22537requires_openssl_3_x
22538requires_config_enabled MBEDTLS_SSL_CLI_C
22539requires_config_enabled MBEDTLS_DEBUG_C
22540requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22541requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22542run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe6144" \
22543 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22544 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe6144" \
22545 0 \
22546 -c "HTTP/1.0 200 ok" \
22547 -c "Protocol is TLSv1.3" \
22548 -c "NamedGroup: secp521r1 ( 19 )" \
22549 -c "NamedGroup: ffdhe6144 ( 103 )" \
22550 -c "Verifying peer X.509 certificate... ok" \
22551 -c "received HelloRetryRequest message" \
22552 -c "selected_group ( 259 )"
22553
22554requires_openssl_tls1_3
22555requires_openssl_3_x
22556requires_config_enabled MBEDTLS_SSL_CLI_C
22557requires_config_enabled MBEDTLS_DEBUG_C
22558requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22559requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22560run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe8192" \
22561 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22562 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \
22563 0 \
22564 -c "HTTP/1.0 200 ok" \
22565 -c "Protocol is TLSv1.3" \
22566 -c "NamedGroup: secp521r1 ( 19 )" \
22567 -c "NamedGroup: ffdhe8192 ( 104 )" \
22568 -c "Verifying peer X.509 certificate... ok" \
22569 -c "received HelloRetryRequest message" \
22570 -c "selected_group ( 260 )"
22571
22572requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22573requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22574requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22575requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22576requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22577run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22578 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22579 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22580 0 \
22581 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22582 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22583 -c "NamedGroup: x25519 ( 1d )" \
22584 -c "NamedGroup: secp256r1 ( 17 )" \
22585 -c "Verifying peer X.509 certificate... ok" \
22586 -c "received HelloRetryRequest message" \
22587 -c "selected_group ( 23 )"
22588
22589requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22590requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22591requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22592requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22593requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22594run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22595 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22596 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22597 0 \
22598 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22599 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22600 -c "NamedGroup: x25519 ( 1d )" \
22601 -c "NamedGroup: secp384r1 ( 18 )" \
22602 -c "Verifying peer X.509 certificate... ok" \
22603 -c "received HelloRetryRequest message" \
22604 -c "selected_group ( 24 )"
22605
22606requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22607requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22608requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22609requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22610requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22611run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22612 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22613 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22614 0 \
22615 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22616 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22617 -c "NamedGroup: x25519 ( 1d )" \
22618 -c "NamedGroup: secp521r1 ( 19 )" \
22619 -c "Verifying peer X.509 certificate... ok" \
22620 -c "received HelloRetryRequest message" \
22621 -c "selected_group ( 25 )"
22622
22623requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22624requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22625requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22626requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22627requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22628run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22629 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22630 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22631 0 \
22632 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22633 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22634 -c "NamedGroup: x25519 ( 1d )" \
22635 -c "NamedGroup: x448 ( 1e )" \
22636 -c "Verifying peer X.509 certificate... ok" \
22637 -c "received HelloRetryRequest message" \
22638 -c "selected_group ( 30 )"
22639
22640requires_openssl_tls1_3
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]22641requires_openssl_3_x
22642requires_config_enabled MBEDTLS_SSL_CLI_C
22643requires_config_enabled MBEDTLS_DEBUG_C
22644requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22645requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22646run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe2048" \
22647 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22648 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe2048" \
22649 0 \
22650 -c "HTTP/1.0 200 ok" \
22651 -c "Protocol is TLSv1.3" \
22652 -c "NamedGroup: x25519 ( 1d )" \
22653 -c "NamedGroup: ffdhe2048 ( 100 )" \
22654 -c "Verifying peer X.509 certificate... ok" \
22655 -c "received HelloRetryRequest message" \
22656 -c "selected_group ( 256 )"
22657
22658requires_openssl_tls1_3
22659requires_openssl_3_x
22660requires_config_enabled MBEDTLS_SSL_CLI_C
22661requires_config_enabled MBEDTLS_DEBUG_C
22662requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22663requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22664run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe3072" \
22665 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22666 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe3072" \
22667 0 \
22668 -c "HTTP/1.0 200 ok" \
22669 -c "Protocol is TLSv1.3" \
22670 -c "NamedGroup: x25519 ( 1d )" \
22671 -c "NamedGroup: ffdhe3072 ( 101 )" \
22672 -c "Verifying peer X.509 certificate... ok" \
22673 -c "received HelloRetryRequest message" \
22674 -c "selected_group ( 257 )"
22675
22676requires_openssl_tls1_3
22677requires_openssl_3_x
22678requires_config_enabled MBEDTLS_SSL_CLI_C
22679requires_config_enabled MBEDTLS_DEBUG_C
22680requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22681requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22682run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe4096" \
22683 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22684 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe4096" \
22685 0 \
22686 -c "HTTP/1.0 200 ok" \
22687 -c "Protocol is TLSv1.3" \
22688 -c "NamedGroup: x25519 ( 1d )" \
22689 -c "NamedGroup: ffdhe4096 ( 102 )" \
22690 -c "Verifying peer X.509 certificate... ok" \
22691 -c "received HelloRetryRequest message" \
22692 -c "selected_group ( 258 )"
22693
22694requires_openssl_tls1_3
22695requires_openssl_3_x
22696requires_config_enabled MBEDTLS_SSL_CLI_C
22697requires_config_enabled MBEDTLS_DEBUG_C
22698requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22700run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe6144" \
22701 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22702 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe6144" \
22703 0 \
22704 -c "HTTP/1.0 200 ok" \
22705 -c "Protocol is TLSv1.3" \
22706 -c "NamedGroup: x25519 ( 1d )" \
22707 -c "NamedGroup: ffdhe6144 ( 103 )" \
22708 -c "Verifying peer X.509 certificate... ok" \
22709 -c "received HelloRetryRequest message" \
22710 -c "selected_group ( 259 )"
22711
22712requires_openssl_tls1_3
22713requires_openssl_3_x
22714requires_config_enabled MBEDTLS_SSL_CLI_C
22715requires_config_enabled MBEDTLS_DEBUG_C
22716requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22718run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe8192" \
22719 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22720 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \
22721 0 \
22722 -c "HTTP/1.0 200 ok" \
22723 -c "Protocol is TLSv1.3" \
22724 -c "NamedGroup: x25519 ( 1d )" \
22725 -c "NamedGroup: ffdhe8192 ( 104 )" \
22726 -c "Verifying peer X.509 certificate... ok" \
22727 -c "received HelloRetryRequest message" \
22728 -c "selected_group ( 260 )"
22729
22730requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22731requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22732requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22733requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22734requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22735run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22736 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22737 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22738 0 \
22739 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22740 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22741 -c "NamedGroup: x448 ( 1e )" \
22742 -c "NamedGroup: secp256r1 ( 17 )" \
22743 -c "Verifying peer X.509 certificate... ok" \
22744 -c "received HelloRetryRequest message" \
22745 -c "selected_group ( 23 )"
22746
22747requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22748requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22749requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22750requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22751requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22752run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22753 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22754 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22755 0 \
22756 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22757 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22758 -c "NamedGroup: x448 ( 1e )" \
22759 -c "NamedGroup: secp384r1 ( 18 )" \
22760 -c "Verifying peer X.509 certificate... ok" \
22761 -c "received HelloRetryRequest message" \
22762 -c "selected_group ( 24 )"
22763
22764requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22765requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22766requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22767requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22768requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22769run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22770 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22771 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22772 0 \
22773 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22774 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22775 -c "NamedGroup: x448 ( 1e )" \
22776 -c "NamedGroup: secp521r1 ( 19 )" \
22777 -c "Verifying peer X.509 certificate... ok" \
22778 -c "received HelloRetryRequest message" \
22779 -c "selected_group ( 25 )"
22780
22781requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22782requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]22783requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]22784requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22785requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22786run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]22787 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]22788 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22789 0 \
22790 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]22791 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]22792 -c "NamedGroup: x448 ( 1e )" \
22793 -c "NamedGroup: x25519 ( 1d )" \
22794 -c "Verifying peer X.509 certificate... ok" \
22795 -c "received HelloRetryRequest message" \
22796 -c "selected_group ( 29 )"
22797
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]22798requires_openssl_tls1_3
22799requires_openssl_3_x
22800requires_config_enabled MBEDTLS_SSL_CLI_C
22801requires_config_enabled MBEDTLS_DEBUG_C
22802requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22803requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22804run_test "TLS 1.3 m->O: HRR x448 -> ffdhe2048" \
22805 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22806 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe2048" \
22807 0 \
22808 -c "HTTP/1.0 200 ok" \
22809 -c "Protocol is TLSv1.3" \
22810 -c "NamedGroup: x448 ( 1e )" \
22811 -c "NamedGroup: ffdhe2048 ( 100 )" \
22812 -c "Verifying peer X.509 certificate... ok" \
22813 -c "received HelloRetryRequest message" \
22814 -c "selected_group ( 256 )"
22815
22816requires_openssl_tls1_3
22817requires_openssl_3_x
22818requires_config_enabled MBEDTLS_SSL_CLI_C
22819requires_config_enabled MBEDTLS_DEBUG_C
22820requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22822run_test "TLS 1.3 m->O: HRR x448 -> ffdhe3072" \
22823 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22824 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe3072" \
22825 0 \
22826 -c "HTTP/1.0 200 ok" \
22827 -c "Protocol is TLSv1.3" \
22828 -c "NamedGroup: x448 ( 1e )" \
22829 -c "NamedGroup: ffdhe3072 ( 101 )" \
22830 -c "Verifying peer X.509 certificate... ok" \
22831 -c "received HelloRetryRequest message" \
22832 -c "selected_group ( 257 )"
22833
22834requires_openssl_tls1_3
22835requires_openssl_3_x
22836requires_config_enabled MBEDTLS_SSL_CLI_C
22837requires_config_enabled MBEDTLS_DEBUG_C
22838requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22839requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22840run_test "TLS 1.3 m->O: HRR x448 -> ffdhe4096" \
22841 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22842 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe4096" \
22843 0 \
22844 -c "HTTP/1.0 200 ok" \
22845 -c "Protocol is TLSv1.3" \
22846 -c "NamedGroup: x448 ( 1e )" \
22847 -c "NamedGroup: ffdhe4096 ( 102 )" \
22848 -c "Verifying peer X.509 certificate... ok" \
22849 -c "received HelloRetryRequest message" \
22850 -c "selected_group ( 258 )"
22851
22852requires_openssl_tls1_3
22853requires_openssl_3_x
22854requires_config_enabled MBEDTLS_SSL_CLI_C
22855requires_config_enabled MBEDTLS_DEBUG_C
22856requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22857requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22858run_test "TLS 1.3 m->O: HRR x448 -> ffdhe6144" \
22859 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22860 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe6144" \
22861 0 \
22862 -c "HTTP/1.0 200 ok" \
22863 -c "Protocol is TLSv1.3" \
22864 -c "NamedGroup: x448 ( 1e )" \
22865 -c "NamedGroup: ffdhe6144 ( 103 )" \
22866 -c "Verifying peer X.509 certificate... ok" \
22867 -c "received HelloRetryRequest message" \
22868 -c "selected_group ( 259 )"
22869
22870requires_openssl_tls1_3
22871requires_openssl_3_x
22872requires_config_enabled MBEDTLS_SSL_CLI_C
22873requires_config_enabled MBEDTLS_DEBUG_C
22874requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22875requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22876run_test "TLS 1.3 m->O: HRR x448 -> ffdhe8192" \
22877 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22878 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \
22879 0 \
22880 -c "HTTP/1.0 200 ok" \
22881 -c "Protocol is TLSv1.3" \
22882 -c "NamedGroup: x448 ( 1e )" \
22883 -c "NamedGroup: ffdhe8192 ( 104 )" \
22884 -c "Verifying peer X.509 certificate... ok" \
22885 -c "received HelloRetryRequest message" \
22886 -c "selected_group ( 260 )"
22887
22888requires_openssl_tls1_3
22889requires_config_enabled MBEDTLS_SSL_CLI_C
22890requires_config_enabled MBEDTLS_DEBUG_C
22891requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22892requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22893run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp256r1" \
22894 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22895 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp256r1" \
22896 0 \
22897 -c "HTTP/1.0 200 ok" \
22898 -c "Protocol is TLSv1.3" \
22899 -c "NamedGroup: ffdhe2048 ( 100 )" \
22900 -c "NamedGroup: secp256r1 ( 17 )" \
22901 -c "Verifying peer X.509 certificate... ok" \
22902 -c "received HelloRetryRequest message" \
22903 -c "selected_group ( 23 )"
22904
22905requires_openssl_tls1_3
22906requires_config_enabled MBEDTLS_SSL_CLI_C
22907requires_config_enabled MBEDTLS_DEBUG_C
22908requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22909requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22910run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp384r1" \
22911 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22912 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp384r1" \
22913 0 \
22914 -c "HTTP/1.0 200 ok" \
22915 -c "Protocol is TLSv1.3" \
22916 -c "NamedGroup: ffdhe2048 ( 100 )" \
22917 -c "NamedGroup: secp384r1 ( 18 )" \
22918 -c "Verifying peer X.509 certificate... ok" \
22919 -c "received HelloRetryRequest message" \
22920 -c "selected_group ( 24 )"
22921
22922requires_openssl_tls1_3
22923requires_config_enabled MBEDTLS_SSL_CLI_C
22924requires_config_enabled MBEDTLS_DEBUG_C
22925requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22926requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22927run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp521r1" \
22928 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22929 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp521r1" \
22930 0 \
22931 -c "HTTP/1.0 200 ok" \
22932 -c "Protocol is TLSv1.3" \
22933 -c "NamedGroup: ffdhe2048 ( 100 )" \
22934 -c "NamedGroup: secp521r1 ( 19 )" \
22935 -c "Verifying peer X.509 certificate... ok" \
22936 -c "received HelloRetryRequest message" \
22937 -c "selected_group ( 25 )"
22938
22939requires_openssl_tls1_3
22940requires_config_enabled MBEDTLS_SSL_CLI_C
22941requires_config_enabled MBEDTLS_DEBUG_C
22942requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22943requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22944run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x25519" \
22945 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22946 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x25519" \
22947 0 \
22948 -c "HTTP/1.0 200 ok" \
22949 -c "Protocol is TLSv1.3" \
22950 -c "NamedGroup: ffdhe2048 ( 100 )" \
22951 -c "NamedGroup: x25519 ( 1d )" \
22952 -c "Verifying peer X.509 certificate... ok" \
22953 -c "received HelloRetryRequest message" \
22954 -c "selected_group ( 29 )"
22955
22956requires_openssl_tls1_3
22957requires_config_enabled MBEDTLS_SSL_CLI_C
22958requires_config_enabled MBEDTLS_DEBUG_C
22959requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22960requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22961run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x448" \
22962 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22963 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x448" \
22964 0 \
22965 -c "HTTP/1.0 200 ok" \
22966 -c "Protocol is TLSv1.3" \
22967 -c "NamedGroup: ffdhe2048 ( 100 )" \
22968 -c "NamedGroup: x448 ( 1e )" \
22969 -c "Verifying peer X.509 certificate... ok" \
22970 -c "received HelloRetryRequest message" \
22971 -c "selected_group ( 30 )"
22972
22973requires_openssl_tls1_3
22974requires_openssl_3_x
22975requires_config_enabled MBEDTLS_SSL_CLI_C
22976requires_config_enabled MBEDTLS_DEBUG_C
22977requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22978requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22979run_test "TLS 1.3 m->O: HRR ffdhe2048 -> ffdhe3072" \
22980 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22981 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe3072" \
22982 0 \
22983 -c "HTTP/1.0 200 ok" \
22984 -c "Protocol is TLSv1.3" \
22985 -c "NamedGroup: ffdhe2048 ( 100 )" \
22986 -c "NamedGroup: ffdhe3072 ( 101 )" \
22987 -c "Verifying peer X.509 certificate... ok" \
22988 -c "received HelloRetryRequest message" \
22989 -c "selected_group ( 257 )"
22990
22991requires_openssl_tls1_3
22992requires_openssl_3_x
22993requires_config_enabled MBEDTLS_SSL_CLI_C
22994requires_config_enabled MBEDTLS_DEBUG_C
22995requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
22996requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
22997run_test "TLS 1.3 m->O: HRR ffdhe2048 -> ffdhe4096" \
22998 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
22999 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe4096" \
23000 0 \
23001 -c "HTTP/1.0 200 ok" \
23002 -c "Protocol is TLSv1.3" \
23003 -c "NamedGroup: ffdhe2048 ( 100 )" \
23004 -c "NamedGroup: ffdhe4096 ( 102 )" \
23005 -c "Verifying peer X.509 certificate... ok" \
23006 -c "received HelloRetryRequest message" \
23007 -c "selected_group ( 258 )"
23008
23009requires_openssl_tls1_3
23010requires_openssl_3_x
23011requires_config_enabled MBEDTLS_SSL_CLI_C
23012requires_config_enabled MBEDTLS_DEBUG_C
23013requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23014requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23015run_test "TLS 1.3 m->O: HRR ffdhe2048 -> ffdhe6144" \
23016 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23017 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe6144" \
23018 0 \
23019 -c "HTTP/1.0 200 ok" \
23020 -c "Protocol is TLSv1.3" \
23021 -c "NamedGroup: ffdhe2048 ( 100 )" \
23022 -c "NamedGroup: ffdhe6144 ( 103 )" \
23023 -c "Verifying peer X.509 certificate... ok" \
23024 -c "received HelloRetryRequest message" \
23025 -c "selected_group ( 259 )"
23026
23027requires_openssl_tls1_3
23028requires_openssl_3_x
23029requires_config_enabled MBEDTLS_SSL_CLI_C
23030requires_config_enabled MBEDTLS_DEBUG_C
23031requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23033run_test "TLS 1.3 m->O: HRR ffdhe2048 -> ffdhe8192" \
23034 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23035 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \
23036 0 \
23037 -c "HTTP/1.0 200 ok" \
23038 -c "Protocol is TLSv1.3" \
23039 -c "NamedGroup: ffdhe2048 ( 100 )" \
23040 -c "NamedGroup: ffdhe8192 ( 104 )" \
23041 -c "Verifying peer X.509 certificate... ok" \
23042 -c "received HelloRetryRequest message" \
23043 -c "selected_group ( 260 )"
23044
23045requires_openssl_tls1_3
23046requires_config_enabled MBEDTLS_SSL_CLI_C
23047requires_config_enabled MBEDTLS_DEBUG_C
23048requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23049requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23050run_test "TLS 1.3 m->O: HRR ffdhe3072 -> secp256r1" \
23051 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23052 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,secp256r1" \
23053 0 \
23054 -c "HTTP/1.0 200 ok" \
23055 -c "Protocol is TLSv1.3" \
23056 -c "NamedGroup: ffdhe3072 ( 101 )" \
23057 -c "NamedGroup: secp256r1 ( 17 )" \
23058 -c "Verifying peer X.509 certificate... ok" \
23059 -c "received HelloRetryRequest message" \
23060 -c "selected_group ( 23 )"
23061
23062requires_openssl_tls1_3
23063requires_config_enabled MBEDTLS_SSL_CLI_C
23064requires_config_enabled MBEDTLS_DEBUG_C
23065requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23066requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23067run_test "TLS 1.3 m->O: HRR ffdhe3072 -> secp384r1" \
23068 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23069 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,secp384r1" \
23070 0 \
23071 -c "HTTP/1.0 200 ok" \
23072 -c "Protocol is TLSv1.3" \
23073 -c "NamedGroup: ffdhe3072 ( 101 )" \
23074 -c "NamedGroup: secp384r1 ( 18 )" \
23075 -c "Verifying peer X.509 certificate... ok" \
23076 -c "received HelloRetryRequest message" \
23077 -c "selected_group ( 24 )"
23078
23079requires_openssl_tls1_3
23080requires_config_enabled MBEDTLS_SSL_CLI_C
23081requires_config_enabled MBEDTLS_DEBUG_C
23082requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23084run_test "TLS 1.3 m->O: HRR ffdhe3072 -> secp521r1" \
23085 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23086 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,secp521r1" \
23087 0 \
23088 -c "HTTP/1.0 200 ok" \
23089 -c "Protocol is TLSv1.3" \
23090 -c "NamedGroup: ffdhe3072 ( 101 )" \
23091 -c "NamedGroup: secp521r1 ( 19 )" \
23092 -c "Verifying peer X.509 certificate... ok" \
23093 -c "received HelloRetryRequest message" \
23094 -c "selected_group ( 25 )"
23095
23096requires_openssl_tls1_3
23097requires_config_enabled MBEDTLS_SSL_CLI_C
23098requires_config_enabled MBEDTLS_DEBUG_C
23099requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23101run_test "TLS 1.3 m->O: HRR ffdhe3072 -> x25519" \
23102 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23103 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,x25519" \
23104 0 \
23105 -c "HTTP/1.0 200 ok" \
23106 -c "Protocol is TLSv1.3" \
23107 -c "NamedGroup: ffdhe3072 ( 101 )" \
23108 -c "NamedGroup: x25519 ( 1d )" \
23109 -c "Verifying peer X.509 certificate... ok" \
23110 -c "received HelloRetryRequest message" \
23111 -c "selected_group ( 29 )"
23112
23113requires_openssl_tls1_3
23114requires_config_enabled MBEDTLS_SSL_CLI_C
23115requires_config_enabled MBEDTLS_DEBUG_C
23116requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23117requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23118run_test "TLS 1.3 m->O: HRR ffdhe3072 -> x448" \
23119 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23120 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,x448" \
23121 0 \
23122 -c "HTTP/1.0 200 ok" \
23123 -c "Protocol is TLSv1.3" \
23124 -c "NamedGroup: ffdhe3072 ( 101 )" \
23125 -c "NamedGroup: x448 ( 1e )" \
23126 -c "Verifying peer X.509 certificate... ok" \
23127 -c "received HelloRetryRequest message" \
23128 -c "selected_group ( 30 )"
23129
23130requires_openssl_tls1_3
23131requires_openssl_3_x
23132requires_config_enabled MBEDTLS_SSL_CLI_C
23133requires_config_enabled MBEDTLS_DEBUG_C
23134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23136run_test "TLS 1.3 m->O: HRR ffdhe3072 -> ffdhe2048" \
23137 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23138 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,ffdhe2048" \
23139 0 \
23140 -c "HTTP/1.0 200 ok" \
23141 -c "Protocol is TLSv1.3" \
23142 -c "NamedGroup: ffdhe3072 ( 101 )" \
23143 -c "NamedGroup: ffdhe2048 ( 100 )" \
23144 -c "Verifying peer X.509 certificate... ok" \
23145 -c "received HelloRetryRequest message" \
23146 -c "selected_group ( 256 )"
23147
23148requires_openssl_tls1_3
23149requires_openssl_3_x
23150requires_config_enabled MBEDTLS_SSL_CLI_C
23151requires_config_enabled MBEDTLS_DEBUG_C
23152requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23153requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23154run_test "TLS 1.3 m->O: HRR ffdhe3072 -> ffdhe4096" \
23155 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23156 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,ffdhe4096" \
23157 0 \
23158 -c "HTTP/1.0 200 ok" \
23159 -c "Protocol is TLSv1.3" \
23160 -c "NamedGroup: ffdhe3072 ( 101 )" \
23161 -c "NamedGroup: ffdhe4096 ( 102 )" \
23162 -c "Verifying peer X.509 certificate... ok" \
23163 -c "received HelloRetryRequest message" \
23164 -c "selected_group ( 258 )"
23165
23166requires_openssl_tls1_3
23167requires_openssl_3_x
23168requires_config_enabled MBEDTLS_SSL_CLI_C
23169requires_config_enabled MBEDTLS_DEBUG_C
23170requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23171requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23172run_test "TLS 1.3 m->O: HRR ffdhe3072 -> ffdhe6144" \
23173 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23174 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,ffdhe6144" \
23175 0 \
23176 -c "HTTP/1.0 200 ok" \
23177 -c "Protocol is TLSv1.3" \
23178 -c "NamedGroup: ffdhe3072 ( 101 )" \
23179 -c "NamedGroup: ffdhe6144 ( 103 )" \
23180 -c "Verifying peer X.509 certificate... ok" \
23181 -c "received HelloRetryRequest message" \
23182 -c "selected_group ( 259 )"
23183
23184requires_openssl_tls1_3
23185requires_openssl_3_x
23186requires_config_enabled MBEDTLS_SSL_CLI_C
23187requires_config_enabled MBEDTLS_DEBUG_C
23188requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23189requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23190run_test "TLS 1.3 m->O: HRR ffdhe3072 -> ffdhe8192" \
23191 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23192 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,ffdhe8192" \
23193 0 \
23194 -c "HTTP/1.0 200 ok" \
23195 -c "Protocol is TLSv1.3" \
23196 -c "NamedGroup: ffdhe3072 ( 101 )" \
23197 -c "NamedGroup: ffdhe8192 ( 104 )" \
23198 -c "Verifying peer X.509 certificate... ok" \
23199 -c "received HelloRetryRequest message" \
23200 -c "selected_group ( 260 )"
23201
23202requires_openssl_tls1_3
23203requires_config_enabled MBEDTLS_SSL_CLI_C
23204requires_config_enabled MBEDTLS_DEBUG_C
23205requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23206requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23207run_test "TLS 1.3 m->O: HRR ffdhe4096 -> secp256r1" \
23208 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23209 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,secp256r1" \
23210 0 \
23211 -c "HTTP/1.0 200 ok" \
23212 -c "Protocol is TLSv1.3" \
23213 -c "NamedGroup: ffdhe4096 ( 102 )" \
23214 -c "NamedGroup: secp256r1 ( 17 )" \
23215 -c "Verifying peer X.509 certificate... ok" \
23216 -c "received HelloRetryRequest message" \
23217 -c "selected_group ( 23 )"
23218
23219requires_openssl_tls1_3
23220requires_config_enabled MBEDTLS_SSL_CLI_C
23221requires_config_enabled MBEDTLS_DEBUG_C
23222requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23223requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23224run_test "TLS 1.3 m->O: HRR ffdhe4096 -> secp384r1" \
23225 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23226 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,secp384r1" \
23227 0 \
23228 -c "HTTP/1.0 200 ok" \
23229 -c "Protocol is TLSv1.3" \
23230 -c "NamedGroup: ffdhe4096 ( 102 )" \
23231 -c "NamedGroup: secp384r1 ( 18 )" \
23232 -c "Verifying peer X.509 certificate... ok" \
23233 -c "received HelloRetryRequest message" \
23234 -c "selected_group ( 24 )"
23235
23236requires_openssl_tls1_3
23237requires_config_enabled MBEDTLS_SSL_CLI_C
23238requires_config_enabled MBEDTLS_DEBUG_C
23239requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23240requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23241run_test "TLS 1.3 m->O: HRR ffdhe4096 -> secp521r1" \
23242 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23243 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,secp521r1" \
23244 0 \
23245 -c "HTTP/1.0 200 ok" \
23246 -c "Protocol is TLSv1.3" \
23247 -c "NamedGroup: ffdhe4096 ( 102 )" \
23248 -c "NamedGroup: secp521r1 ( 19 )" \
23249 -c "Verifying peer X.509 certificate... ok" \
23250 -c "received HelloRetryRequest message" \
23251 -c "selected_group ( 25 )"
23252
23253requires_openssl_tls1_3
23254requires_config_enabled MBEDTLS_SSL_CLI_C
23255requires_config_enabled MBEDTLS_DEBUG_C
23256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23258run_test "TLS 1.3 m->O: HRR ffdhe4096 -> x25519" \
23259 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23260 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,x25519" \
23261 0 \
23262 -c "HTTP/1.0 200 ok" \
23263 -c "Protocol is TLSv1.3" \
23264 -c "NamedGroup: ffdhe4096 ( 102 )" \
23265 -c "NamedGroup: x25519 ( 1d )" \
23266 -c "Verifying peer X.509 certificate... ok" \
23267 -c "received HelloRetryRequest message" \
23268 -c "selected_group ( 29 )"
23269
23270requires_openssl_tls1_3
23271requires_config_enabled MBEDTLS_SSL_CLI_C
23272requires_config_enabled MBEDTLS_DEBUG_C
23273requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23274requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23275run_test "TLS 1.3 m->O: HRR ffdhe4096 -> x448" \
23276 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23277 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,x448" \
23278 0 \
23279 -c "HTTP/1.0 200 ok" \
23280 -c "Protocol is TLSv1.3" \
23281 -c "NamedGroup: ffdhe4096 ( 102 )" \
23282 -c "NamedGroup: x448 ( 1e )" \
23283 -c "Verifying peer X.509 certificate... ok" \
23284 -c "received HelloRetryRequest message" \
23285 -c "selected_group ( 30 )"
23286
23287requires_openssl_tls1_3
23288requires_openssl_3_x
23289requires_config_enabled MBEDTLS_SSL_CLI_C
23290requires_config_enabled MBEDTLS_DEBUG_C
23291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23292requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23293run_test "TLS 1.3 m->O: HRR ffdhe4096 -> ffdhe2048" \
23294 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23295 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,ffdhe2048" \
23296 0 \
23297 -c "HTTP/1.0 200 ok" \
23298 -c "Protocol is TLSv1.3" \
23299 -c "NamedGroup: ffdhe4096 ( 102 )" \
23300 -c "NamedGroup: ffdhe2048 ( 100 )" \
23301 -c "Verifying peer X.509 certificate... ok" \
23302 -c "received HelloRetryRequest message" \
23303 -c "selected_group ( 256 )"
23304
23305requires_openssl_tls1_3
23306requires_openssl_3_x
23307requires_config_enabled MBEDTLS_SSL_CLI_C
23308requires_config_enabled MBEDTLS_DEBUG_C
23309requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23310requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23311run_test "TLS 1.3 m->O: HRR ffdhe4096 -> ffdhe3072" \
23312 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23313 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,ffdhe3072" \
23314 0 \
23315 -c "HTTP/1.0 200 ok" \
23316 -c "Protocol is TLSv1.3" \
23317 -c "NamedGroup: ffdhe4096 ( 102 )" \
23318 -c "NamedGroup: ffdhe3072 ( 101 )" \
23319 -c "Verifying peer X.509 certificate... ok" \
23320 -c "received HelloRetryRequest message" \
23321 -c "selected_group ( 257 )"
23322
23323requires_openssl_tls1_3
23324requires_openssl_3_x
23325requires_config_enabled MBEDTLS_SSL_CLI_C
23326requires_config_enabled MBEDTLS_DEBUG_C
23327requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23328requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23329run_test "TLS 1.3 m->O: HRR ffdhe4096 -> ffdhe6144" \
23330 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23331 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,ffdhe6144" \
23332 0 \
23333 -c "HTTP/1.0 200 ok" \
23334 -c "Protocol is TLSv1.3" \
23335 -c "NamedGroup: ffdhe4096 ( 102 )" \
23336 -c "NamedGroup: ffdhe6144 ( 103 )" \
23337 -c "Verifying peer X.509 certificate... ok" \
23338 -c "received HelloRetryRequest message" \
23339 -c "selected_group ( 259 )"
23340
23341requires_openssl_tls1_3
23342requires_openssl_3_x
23343requires_config_enabled MBEDTLS_SSL_CLI_C
23344requires_config_enabled MBEDTLS_DEBUG_C
23345requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23346requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23347run_test "TLS 1.3 m->O: HRR ffdhe4096 -> ffdhe8192" \
23348 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23349 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,ffdhe8192" \
23350 0 \
23351 -c "HTTP/1.0 200 ok" \
23352 -c "Protocol is TLSv1.3" \
23353 -c "NamedGroup: ffdhe4096 ( 102 )" \
23354 -c "NamedGroup: ffdhe8192 ( 104 )" \
23355 -c "Verifying peer X.509 certificate... ok" \
23356 -c "received HelloRetryRequest message" \
23357 -c "selected_group ( 260 )"
23358
23359requires_openssl_tls1_3
23360requires_config_enabled MBEDTLS_SSL_CLI_C
23361requires_config_enabled MBEDTLS_DEBUG_C
23362requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23363requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23364run_test "TLS 1.3 m->O: HRR ffdhe6144 -> secp256r1" \
23365 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23366 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,secp256r1" \
23367 0 \
23368 -c "HTTP/1.0 200 ok" \
23369 -c "Protocol is TLSv1.3" \
23370 -c "NamedGroup: ffdhe6144 ( 103 )" \
23371 -c "NamedGroup: secp256r1 ( 17 )" \
23372 -c "Verifying peer X.509 certificate... ok" \
23373 -c "received HelloRetryRequest message" \
23374 -c "selected_group ( 23 )"
23375
23376requires_openssl_tls1_3
23377requires_config_enabled MBEDTLS_SSL_CLI_C
23378requires_config_enabled MBEDTLS_DEBUG_C
23379requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23380requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23381run_test "TLS 1.3 m->O: HRR ffdhe6144 -> secp384r1" \
23382 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23383 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,secp384r1" \
23384 0 \
23385 -c "HTTP/1.0 200 ok" \
23386 -c "Protocol is TLSv1.3" \
23387 -c "NamedGroup: ffdhe6144 ( 103 )" \
23388 -c "NamedGroup: secp384r1 ( 18 )" \
23389 -c "Verifying peer X.509 certificate... ok" \
23390 -c "received HelloRetryRequest message" \
23391 -c "selected_group ( 24 )"
23392
23393requires_openssl_tls1_3
23394requires_config_enabled MBEDTLS_SSL_CLI_C
23395requires_config_enabled MBEDTLS_DEBUG_C
23396requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23397requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23398run_test "TLS 1.3 m->O: HRR ffdhe6144 -> secp521r1" \
23399 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23400 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,secp521r1" \
23401 0 \
23402 -c "HTTP/1.0 200 ok" \
23403 -c "Protocol is TLSv1.3" \
23404 -c "NamedGroup: ffdhe6144 ( 103 )" \
23405 -c "NamedGroup: secp521r1 ( 19 )" \
23406 -c "Verifying peer X.509 certificate... ok" \
23407 -c "received HelloRetryRequest message" \
23408 -c "selected_group ( 25 )"
23409
23410requires_openssl_tls1_3
23411requires_config_enabled MBEDTLS_SSL_CLI_C
23412requires_config_enabled MBEDTLS_DEBUG_C
23413requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23414requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23415run_test "TLS 1.3 m->O: HRR ffdhe6144 -> x25519" \
23416 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23417 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,x25519" \
23418 0 \
23419 -c "HTTP/1.0 200 ok" \
23420 -c "Protocol is TLSv1.3" \
23421 -c "NamedGroup: ffdhe6144 ( 103 )" \
23422 -c "NamedGroup: x25519 ( 1d )" \
23423 -c "Verifying peer X.509 certificate... ok" \
23424 -c "received HelloRetryRequest message" \
23425 -c "selected_group ( 29 )"
23426
23427requires_openssl_tls1_3
23428requires_config_enabled MBEDTLS_SSL_CLI_C
23429requires_config_enabled MBEDTLS_DEBUG_C
23430requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23431requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23432run_test "TLS 1.3 m->O: HRR ffdhe6144 -> x448" \
23433 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23434 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,x448" \
23435 0 \
23436 -c "HTTP/1.0 200 ok" \
23437 -c "Protocol is TLSv1.3" \
23438 -c "NamedGroup: ffdhe6144 ( 103 )" \
23439 -c "NamedGroup: x448 ( 1e )" \
23440 -c "Verifying peer X.509 certificate... ok" \
23441 -c "received HelloRetryRequest message" \
23442 -c "selected_group ( 30 )"
23443
23444requires_openssl_tls1_3
23445requires_openssl_3_x
23446requires_config_enabled MBEDTLS_SSL_CLI_C
23447requires_config_enabled MBEDTLS_DEBUG_C
23448requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23449requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23450run_test "TLS 1.3 m->O: HRR ffdhe6144 -> ffdhe2048" \
23451 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23452 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,ffdhe2048" \
23453 0 \
23454 -c "HTTP/1.0 200 ok" \
23455 -c "Protocol is TLSv1.3" \
23456 -c "NamedGroup: ffdhe6144 ( 103 )" \
23457 -c "NamedGroup: ffdhe2048 ( 100 )" \
23458 -c "Verifying peer X.509 certificate... ok" \
23459 -c "received HelloRetryRequest message" \
23460 -c "selected_group ( 256 )"
23461
23462requires_openssl_tls1_3
23463requires_openssl_3_x
23464requires_config_enabled MBEDTLS_SSL_CLI_C
23465requires_config_enabled MBEDTLS_DEBUG_C
23466requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23467requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23468run_test "TLS 1.3 m->O: HRR ffdhe6144 -> ffdhe3072" \
23469 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23470 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,ffdhe3072" \
23471 0 \
23472 -c "HTTP/1.0 200 ok" \
23473 -c "Protocol is TLSv1.3" \
23474 -c "NamedGroup: ffdhe6144 ( 103 )" \
23475 -c "NamedGroup: ffdhe3072 ( 101 )" \
23476 -c "Verifying peer X.509 certificate... ok" \
23477 -c "received HelloRetryRequest message" \
23478 -c "selected_group ( 257 )"
23479
23480requires_openssl_tls1_3
23481requires_openssl_3_x
23482requires_config_enabled MBEDTLS_SSL_CLI_C
23483requires_config_enabled MBEDTLS_DEBUG_C
23484requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23485requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23486run_test "TLS 1.3 m->O: HRR ffdhe6144 -> ffdhe4096" \
23487 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23488 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,ffdhe4096" \
23489 0 \
23490 -c "HTTP/1.0 200 ok" \
23491 -c "Protocol is TLSv1.3" \
23492 -c "NamedGroup: ffdhe6144 ( 103 )" \
23493 -c "NamedGroup: ffdhe4096 ( 102 )" \
23494 -c "Verifying peer X.509 certificate... ok" \
23495 -c "received HelloRetryRequest message" \
23496 -c "selected_group ( 258 )"
23497
23498requires_openssl_tls1_3
23499requires_openssl_3_x
23500requires_config_enabled MBEDTLS_SSL_CLI_C
23501requires_config_enabled MBEDTLS_DEBUG_C
23502requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23503requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23504run_test "TLS 1.3 m->O: HRR ffdhe6144 -> ffdhe8192" \
23505 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23506 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,ffdhe8192" \
23507 0 \
23508 -c "HTTP/1.0 200 ok" \
23509 -c "Protocol is TLSv1.3" \
23510 -c "NamedGroup: ffdhe6144 ( 103 )" \
23511 -c "NamedGroup: ffdhe8192 ( 104 )" \
23512 -c "Verifying peer X.509 certificate... ok" \
23513 -c "received HelloRetryRequest message" \
23514 -c "selected_group ( 260 )"
23515
23516requires_openssl_tls1_3
23517requires_config_enabled MBEDTLS_SSL_CLI_C
23518requires_config_enabled MBEDTLS_DEBUG_C
23519requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23520requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23521run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp256r1" \
23522 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23523 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \
23524 0 \
23525 -c "HTTP/1.0 200 ok" \
23526 -c "Protocol is TLSv1.3" \
23527 -c "NamedGroup: ffdhe8192 ( 104 )" \
23528 -c "NamedGroup: secp256r1 ( 17 )" \
23529 -c "Verifying peer X.509 certificate... ok" \
23530 -c "received HelloRetryRequest message" \
23531 -c "selected_group ( 23 )"
23532
23533requires_openssl_tls1_3
23534requires_config_enabled MBEDTLS_SSL_CLI_C
23535requires_config_enabled MBEDTLS_DEBUG_C
23536requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23537requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23538run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp384r1" \
23539 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23540 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \
23541 0 \
23542 -c "HTTP/1.0 200 ok" \
23543 -c "Protocol is TLSv1.3" \
23544 -c "NamedGroup: ffdhe8192 ( 104 )" \
23545 -c "NamedGroup: secp384r1 ( 18 )" \
23546 -c "Verifying peer X.509 certificate... ok" \
23547 -c "received HelloRetryRequest message" \
23548 -c "selected_group ( 24 )"
23549
23550requires_openssl_tls1_3
23551requires_config_enabled MBEDTLS_SSL_CLI_C
23552requires_config_enabled MBEDTLS_DEBUG_C
23553requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23554requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23555run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp521r1" \
23556 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23557 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \
23558 0 \
23559 -c "HTTP/1.0 200 ok" \
23560 -c "Protocol is TLSv1.3" \
23561 -c "NamedGroup: ffdhe8192 ( 104 )" \
23562 -c "NamedGroup: secp521r1 ( 19 )" \
23563 -c "Verifying peer X.509 certificate... ok" \
23564 -c "received HelloRetryRequest message" \
23565 -c "selected_group ( 25 )"
23566
23567requires_openssl_tls1_3
23568requires_config_enabled MBEDTLS_SSL_CLI_C
23569requires_config_enabled MBEDTLS_DEBUG_C
23570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23572run_test "TLS 1.3 m->O: HRR ffdhe8192 -> x25519" \
23573 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23574 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \
23575 0 \
23576 -c "HTTP/1.0 200 ok" \
23577 -c "Protocol is TLSv1.3" \
23578 -c "NamedGroup: ffdhe8192 ( 104 )" \
23579 -c "NamedGroup: x25519 ( 1d )" \
23580 -c "Verifying peer X.509 certificate... ok" \
23581 -c "received HelloRetryRequest message" \
23582 -c "selected_group ( 29 )"
23583
23584requires_openssl_tls1_3
23585requires_config_enabled MBEDTLS_SSL_CLI_C
23586requires_config_enabled MBEDTLS_DEBUG_C
23587requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23588requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23589run_test "TLS 1.3 m->O: HRR ffdhe8192 -> x448" \
23590 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23591 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \
23592 0 \
23593 -c "HTTP/1.0 200 ok" \
23594 -c "Protocol is TLSv1.3" \
23595 -c "NamedGroup: ffdhe8192 ( 104 )" \
23596 -c "NamedGroup: x448 ( 1e )" \
23597 -c "Verifying peer X.509 certificate... ok" \
23598 -c "received HelloRetryRequest message" \
23599 -c "selected_group ( 30 )"
23600
23601requires_openssl_tls1_3
23602requires_openssl_3_x
23603requires_config_enabled MBEDTLS_SSL_CLI_C
23604requires_config_enabled MBEDTLS_DEBUG_C
23605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23606requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23607run_test "TLS 1.3 m->O: HRR ffdhe8192 -> ffdhe2048" \
23608 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23609 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \
23610 0 \
23611 -c "HTTP/1.0 200 ok" \
23612 -c "Protocol is TLSv1.3" \
23613 -c "NamedGroup: ffdhe8192 ( 104 )" \
23614 -c "NamedGroup: ffdhe2048 ( 100 )" \
23615 -c "Verifying peer X.509 certificate... ok" \
23616 -c "received HelloRetryRequest message" \
23617 -c "selected_group ( 256 )"
23618
23619requires_openssl_tls1_3
23620requires_openssl_3_x
23621requires_config_enabled MBEDTLS_SSL_CLI_C
23622requires_config_enabled MBEDTLS_DEBUG_C
23623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23624requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23625run_test "TLS 1.3 m->O: HRR ffdhe8192 -> ffdhe3072" \
23626 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe3072 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23627 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe3072" \
23628 0 \
23629 -c "HTTP/1.0 200 ok" \
23630 -c "Protocol is TLSv1.3" \
23631 -c "NamedGroup: ffdhe8192 ( 104 )" \
23632 -c "NamedGroup: ffdhe3072 ( 101 )" \
23633 -c "Verifying peer X.509 certificate... ok" \
23634 -c "received HelloRetryRequest message" \
23635 -c "selected_group ( 257 )"
23636
23637requires_openssl_tls1_3
23638requires_openssl_3_x
23639requires_config_enabled MBEDTLS_SSL_CLI_C
23640requires_config_enabled MBEDTLS_DEBUG_C
23641requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23642requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23643run_test "TLS 1.3 m->O: HRR ffdhe8192 -> ffdhe4096" \
23644 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe4096 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23645 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe4096" \
23646 0 \
23647 -c "HTTP/1.0 200 ok" \
23648 -c "Protocol is TLSv1.3" \
23649 -c "NamedGroup: ffdhe8192 ( 104 )" \
23650 -c "NamedGroup: ffdhe4096 ( 102 )" \
23651 -c "Verifying peer X.509 certificate... ok" \
23652 -c "received HelloRetryRequest message" \
23653 -c "selected_group ( 258 )"
23654
23655requires_openssl_tls1_3
23656requires_openssl_3_x
23657requires_config_enabled MBEDTLS_SSL_CLI_C
23658requires_config_enabled MBEDTLS_DEBUG_C
23659requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23660requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23661run_test "TLS 1.3 m->O: HRR ffdhe8192 -> ffdhe6144" \
23662 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe6144 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
23663 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe6144" \
23664 0 \
23665 -c "HTTP/1.0 200 ok" \
23666 -c "Protocol is TLSv1.3" \
23667 -c "NamedGroup: ffdhe8192 ( 104 )" \
23668 -c "NamedGroup: ffdhe6144 ( 103 )" \
23669 -c "Verifying peer X.509 certificate... ok" \
23670 -c "received HelloRetryRequest message" \
23671 -c "selected_group ( 259 )"
23672
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23673requires_gnutls_tls1_3
23674requires_gnutls_next_no_ticket
23675requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23676requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]23677requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]23678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23679requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23680run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]23681 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]23682 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23683 0 \
23684 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]23685 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23686 -c "NamedGroup: secp256r1 ( 17 )" \
23687 -c "NamedGroup: secp384r1 ( 18 )" \
23688 -c "Verifying peer X.509 certificate... ok" \
23689 -c "received HelloRetryRequest message" \
23690 -c "selected_group ( 24 )"
23691
23692requires_gnutls_tls1_3
23693requires_gnutls_next_no_ticket
23694requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23695requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]23696requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]23697requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23698requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23699run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]23700 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]23701 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23702 0 \
23703 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]23704 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23705 -c "NamedGroup: secp256r1 ( 17 )" \
23706 -c "NamedGroup: secp521r1 ( 19 )" \
23707 -c "Verifying peer X.509 certificate... ok" \
23708 -c "received HelloRetryRequest message" \
23709 -c "selected_group ( 25 )"
23710
23711requires_gnutls_tls1_3
23712requires_gnutls_next_no_ticket
23713requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23714requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]23715requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]23716requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23718run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]23719 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]23720 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23721 0 \
23722 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]23723 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23724 -c "NamedGroup: secp256r1 ( 17 )" \
23725 -c "NamedGroup: x25519 ( 1d )" \
23726 -c "Verifying peer X.509 certificate... ok" \
23727 -c "received HelloRetryRequest message" \
23728 -c "selected_group ( 29 )"
23729
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]23730requires_gnutls_tls1_3
23731requires_gnutls_next_no_ticket
23732requires_gnutls_next_disable_tls13_compat
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]23733requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]23734requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]23735requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]23736requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]23737run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]23738 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]23739 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]23740 0 \
23741 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]23742 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]23743 -c "NamedGroup: secp256r1 ( 17 )" \
23744 -c "NamedGroup: x448 ( 1e )" \
23745 -c "Verifying peer X.509 certificate... ok" \
23746 -c "received HelloRetryRequest message" \
23747 -c "selected_group ( 30 )"
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23748
23749requires_gnutls_tls1_3
23750requires_gnutls_next_no_ticket
23751requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23752requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]23753requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]23754requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]23756run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe2048" \
23757 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
23758 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe2048" \
23759 0 \
23760 -c "HTTP/1.0 200 OK" \
23761 -c "Protocol is TLSv1.3" \
23762 -c "NamedGroup: secp256r1 ( 17 )" \
23763 -c "NamedGroup: ffdhe2048 ( 100 )" \
23764 -c "Verifying peer X.509 certificate... ok" \
23765 -c "received HelloRetryRequest message" \
23766 -c "selected_group ( 256 )"
23767
23768requires_gnutls_tls1_3
23769requires_gnutls_next_no_ticket
23770requires_gnutls_next_disable_tls13_compat
23771requires_config_enabled MBEDTLS_SSL_CLI_C
23772requires_config_enabled MBEDTLS_DEBUG_C
23773requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23774requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23775run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe3072" \
23776 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
23777 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe3072" \
23778 0 \
23779 -c "HTTP/1.0 200 OK" \
23780 -c "Protocol is TLSv1.3" \
23781 -c "NamedGroup: secp256r1 ( 17 )" \
23782 -c "NamedGroup: ffdhe3072 ( 101 )" \
23783 -c "Verifying peer X.509 certificate... ok" \
23784 -c "received HelloRetryRequest message" \
23785 -c "selected_group ( 257 )"
23786
23787requires_gnutls_tls1_3
23788requires_gnutls_next_no_ticket
23789requires_gnutls_next_disable_tls13_compat
23790requires_config_enabled MBEDTLS_SSL_CLI_C
23791requires_config_enabled MBEDTLS_DEBUG_C
23792requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23793requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23794run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe4096" \
23795 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
23796 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe4096" \
23797 0 \
23798 -c "HTTP/1.0 200 OK" \
23799 -c "Protocol is TLSv1.3" \
23800 -c "NamedGroup: secp256r1 ( 17 )" \
23801 -c "NamedGroup: ffdhe4096 ( 102 )" \
23802 -c "Verifying peer X.509 certificate... ok" \
23803 -c "received HelloRetryRequest message" \
23804 -c "selected_group ( 258 )"
23805
23806requires_gnutls_tls1_3
23807requires_gnutls_next_no_ticket
23808requires_gnutls_next_disable_tls13_compat
23809requires_config_enabled MBEDTLS_SSL_CLI_C
23810requires_config_enabled MBEDTLS_DEBUG_C
23811requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23812requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23813run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe6144" \
23814 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
23815 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe6144" \
23816 0 \
23817 -c "HTTP/1.0 200 OK" \
23818 -c "Protocol is TLSv1.3" \
23819 -c "NamedGroup: secp256r1 ( 17 )" \
23820 -c "NamedGroup: ffdhe6144 ( 103 )" \
23821 -c "Verifying peer X.509 certificate... ok" \
23822 -c "received HelloRetryRequest message" \
23823 -c "selected_group ( 259 )"
23824
23825requires_gnutls_tls1_3
23826requires_gnutls_next_no_ticket
23827requires_gnutls_next_disable_tls13_compat
23828requires_config_enabled MBEDTLS_SSL_CLI_C
23829requires_config_enabled MBEDTLS_DEBUG_C
23830requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23831requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23832run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe8192" \
23833 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
23834 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \
23835 0 \
23836 -c "HTTP/1.0 200 OK" \
23837 -c "Protocol is TLSv1.3" \
23838 -c "NamedGroup: secp256r1 ( 17 )" \
23839 -c "NamedGroup: ffdhe8192 ( 104 )" \
23840 -c "Verifying peer X.509 certificate... ok" \
23841 -c "received HelloRetryRequest message" \
23842 -c "selected_group ( 260 )"
23843
23844requires_gnutls_tls1_3
23845requires_gnutls_next_no_ticket
23846requires_gnutls_next_disable_tls13_compat
23847requires_config_enabled MBEDTLS_SSL_CLI_C
23848requires_config_enabled MBEDTLS_DEBUG_C
23849requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23850requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23851run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]23852 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]23853 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23854 0 \
23855 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]23856 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23857 -c "NamedGroup: secp384r1 ( 18 )" \
23858 -c "NamedGroup: secp256r1 ( 17 )" \
23859 -c "Verifying peer X.509 certificate... ok" \
23860 -c "received HelloRetryRequest message" \
23861 -c "selected_group ( 23 )"
23862
23863requires_gnutls_tls1_3
23864requires_gnutls_next_no_ticket
23865requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23866requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]23867requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]23868requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23869requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23870run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]23871 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]23872 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23873 0 \
23874 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]23875 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23876 -c "NamedGroup: secp384r1 ( 18 )" \
23877 -c "NamedGroup: secp521r1 ( 19 )" \
23878 -c "Verifying peer X.509 certificate... ok" \
23879 -c "received HelloRetryRequest message" \
23880 -c "selected_group ( 25 )"
23881
23882requires_gnutls_tls1_3
23883requires_gnutls_next_no_ticket
23884requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23885requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]23886requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]23887requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23888requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23889run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]23890 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]23891 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23892 0 \
23893 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]23894 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23895 -c "NamedGroup: secp384r1 ( 18 )" \
23896 -c "NamedGroup: x25519 ( 1d )" \
23897 -c "Verifying peer X.509 certificate... ok" \
23898 -c "received HelloRetryRequest message" \
23899 -c "selected_group ( 29 )"
23900
23901requires_gnutls_tls1_3
23902requires_gnutls_next_no_ticket
23903requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23904requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]23905requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]23906requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23907requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23908run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]23909 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]23910 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23911 0 \
23912 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]23913 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23914 -c "NamedGroup: secp384r1 ( 18 )" \
23915 -c "NamedGroup: x448 ( 1e )" \
23916 -c "Verifying peer X.509 certificate... ok" \
23917 -c "received HelloRetryRequest message" \
23918 -c "selected_group ( 30 )"
23919
23920requires_gnutls_tls1_3
23921requires_gnutls_next_no_ticket
23922requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23923requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]23924requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]23925requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]23926requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]23927run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe2048" \
23928 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
23929 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe2048" \
23930 0 \
23931 -c "HTTP/1.0 200 OK" \
23932 -c "Protocol is TLSv1.3" \
23933 -c "NamedGroup: secp384r1 ( 18 )" \
23934 -c "NamedGroup: ffdhe2048 ( 100 )" \
23935 -c "Verifying peer X.509 certificate... ok" \
23936 -c "received HelloRetryRequest message" \
23937 -c "selected_group ( 256 )"
23938
23939requires_gnutls_tls1_3
23940requires_gnutls_next_no_ticket
23941requires_gnutls_next_disable_tls13_compat
23942requires_config_enabled MBEDTLS_SSL_CLI_C
23943requires_config_enabled MBEDTLS_DEBUG_C
23944requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23945requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23946run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe3072" \
23947 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
23948 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe3072" \
23949 0 \
23950 -c "HTTP/1.0 200 OK" \
23951 -c "Protocol is TLSv1.3" \
23952 -c "NamedGroup: secp384r1 ( 18 )" \
23953 -c "NamedGroup: ffdhe3072 ( 101 )" \
23954 -c "Verifying peer X.509 certificate... ok" \
23955 -c "received HelloRetryRequest message" \
23956 -c "selected_group ( 257 )"
23957
23958requires_gnutls_tls1_3
23959requires_gnutls_next_no_ticket
23960requires_gnutls_next_disable_tls13_compat
23961requires_config_enabled MBEDTLS_SSL_CLI_C
23962requires_config_enabled MBEDTLS_DEBUG_C
23963requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23964requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23965run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe4096" \
23966 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
23967 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe4096" \
23968 0 \
23969 -c "HTTP/1.0 200 OK" \
23970 -c "Protocol is TLSv1.3" \
23971 -c "NamedGroup: secp384r1 ( 18 )" \
23972 -c "NamedGroup: ffdhe4096 ( 102 )" \
23973 -c "Verifying peer X.509 certificate... ok" \
23974 -c "received HelloRetryRequest message" \
23975 -c "selected_group ( 258 )"
23976
23977requires_gnutls_tls1_3
23978requires_gnutls_next_no_ticket
23979requires_gnutls_next_disable_tls13_compat
23980requires_config_enabled MBEDTLS_SSL_CLI_C
23981requires_config_enabled MBEDTLS_DEBUG_C
23982requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
23983requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
23984run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe6144" \
23985 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
23986 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe6144" \
23987 0 \
23988 -c "HTTP/1.0 200 OK" \
23989 -c "Protocol is TLSv1.3" \
23990 -c "NamedGroup: secp384r1 ( 18 )" \
23991 -c "NamedGroup: ffdhe6144 ( 103 )" \
23992 -c "Verifying peer X.509 certificate... ok" \
23993 -c "received HelloRetryRequest message" \
23994 -c "selected_group ( 259 )"
23995
23996requires_gnutls_tls1_3
23997requires_gnutls_next_no_ticket
23998requires_gnutls_next_disable_tls13_compat
23999requires_config_enabled MBEDTLS_SSL_CLI_C
24000requires_config_enabled MBEDTLS_DEBUG_C
24001requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24002requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24003run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe8192" \
24004 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
24005 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \
24006 0 \
24007 -c "HTTP/1.0 200 OK" \
24008 -c "Protocol is TLSv1.3" \
24009 -c "NamedGroup: secp384r1 ( 18 )" \
24010 -c "NamedGroup: ffdhe8192 ( 104 )" \
24011 -c "Verifying peer X.509 certificate... ok" \
24012 -c "received HelloRetryRequest message" \
24013 -c "selected_group ( 260 )"
24014
24015requires_gnutls_tls1_3
24016requires_gnutls_next_no_ticket
24017requires_gnutls_next_disable_tls13_compat
24018requires_config_enabled MBEDTLS_SSL_CLI_C
24019requires_config_enabled MBEDTLS_DEBUG_C
24020requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24021requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24022run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24023 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]24024 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24025 0 \
24026 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]24027 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24028 -c "NamedGroup: secp521r1 ( 19 )" \
24029 -c "NamedGroup: secp256r1 ( 17 )" \
24030 -c "Verifying peer X.509 certificate... ok" \
24031 -c "received HelloRetryRequest message" \
24032 -c "selected_group ( 23 )"
24033
24034requires_gnutls_tls1_3
24035requires_gnutls_next_no_ticket
24036requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24037requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]24038requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]24039requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24040requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24041run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24042 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]24043 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24044 0 \
24045 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]24046 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24047 -c "NamedGroup: secp521r1 ( 19 )" \
24048 -c "NamedGroup: secp384r1 ( 18 )" \
24049 -c "Verifying peer X.509 certificate... ok" \
24050 -c "received HelloRetryRequest message" \
24051 -c "selected_group ( 24 )"
24052
24053requires_gnutls_tls1_3
24054requires_gnutls_next_no_ticket
24055requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24056requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]24057requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]24058requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24059requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24060run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24061 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]24062 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24063 0 \
24064 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]24065 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24066 -c "NamedGroup: secp521r1 ( 19 )" \
24067 -c "NamedGroup: x25519 ( 1d )" \
24068 -c "Verifying peer X.509 certificate... ok" \
24069 -c "received HelloRetryRequest message" \
24070 -c "selected_group ( 29 )"
24071
24072requires_gnutls_tls1_3
24073requires_gnutls_next_no_ticket
24074requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24075requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]24076requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]24077requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24078requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24079run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24080 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]24081 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24082 0 \
24083 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]24084 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24085 -c "NamedGroup: secp521r1 ( 19 )" \
24086 -c "NamedGroup: x448 ( 1e )" \
24087 -c "Verifying peer X.509 certificate... ok" \
24088 -c "received HelloRetryRequest message" \
24089 -c "selected_group ( 30 )"
24090
24091requires_gnutls_tls1_3
24092requires_gnutls_next_no_ticket
24093requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24094requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]24095requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]24096requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24097requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]24098run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe2048" \
24099 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
24100 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe2048" \
24101 0 \
24102 -c "HTTP/1.0 200 OK" \
24103 -c "Protocol is TLSv1.3" \
24104 -c "NamedGroup: secp521r1 ( 19 )" \
24105 -c "NamedGroup: ffdhe2048 ( 100 )" \
24106 -c "Verifying peer X.509 certificate... ok" \
24107 -c "received HelloRetryRequest message" \
24108 -c "selected_group ( 256 )"
24109
24110requires_gnutls_tls1_3
24111requires_gnutls_next_no_ticket
24112requires_gnutls_next_disable_tls13_compat
24113requires_config_enabled MBEDTLS_SSL_CLI_C
24114requires_config_enabled MBEDTLS_DEBUG_C
24115requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24116requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24117run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe3072" \
24118 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
24119 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe3072" \
24120 0 \
24121 -c "HTTP/1.0 200 OK" \
24122 -c "Protocol is TLSv1.3" \
24123 -c "NamedGroup: secp521r1 ( 19 )" \
24124 -c "NamedGroup: ffdhe3072 ( 101 )" \
24125 -c "Verifying peer X.509 certificate... ok" \
24126 -c "received HelloRetryRequest message" \
24127 -c "selected_group ( 257 )"
24128
24129requires_gnutls_tls1_3
24130requires_gnutls_next_no_ticket
24131requires_gnutls_next_disable_tls13_compat
24132requires_config_enabled MBEDTLS_SSL_CLI_C
24133requires_config_enabled MBEDTLS_DEBUG_C
24134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24136run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe4096" \
24137 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
24138 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe4096" \
24139 0 \
24140 -c "HTTP/1.0 200 OK" \
24141 -c "Protocol is TLSv1.3" \
24142 -c "NamedGroup: secp521r1 ( 19 )" \
24143 -c "NamedGroup: ffdhe4096 ( 102 )" \
24144 -c "Verifying peer X.509 certificate... ok" \
24145 -c "received HelloRetryRequest message" \
24146 -c "selected_group ( 258 )"
24147
24148requires_gnutls_tls1_3
24149requires_gnutls_next_no_ticket
24150requires_gnutls_next_disable_tls13_compat
24151requires_config_enabled MBEDTLS_SSL_CLI_C
24152requires_config_enabled MBEDTLS_DEBUG_C
24153requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24154requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24155run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe6144" \
24156 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
24157 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe6144" \
24158 0 \
24159 -c "HTTP/1.0 200 OK" \
24160 -c "Protocol is TLSv1.3" \
24161 -c "NamedGroup: secp521r1 ( 19 )" \
24162 -c "NamedGroup: ffdhe6144 ( 103 )" \
24163 -c "Verifying peer X.509 certificate... ok" \
24164 -c "received HelloRetryRequest message" \
24165 -c "selected_group ( 259 )"
24166
24167requires_gnutls_tls1_3
24168requires_gnutls_next_no_ticket
24169requires_gnutls_next_disable_tls13_compat
24170requires_config_enabled MBEDTLS_SSL_CLI_C
24171requires_config_enabled MBEDTLS_DEBUG_C
24172requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24173requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24174run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe8192" \
24175 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
24176 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \
24177 0 \
24178 -c "HTTP/1.0 200 OK" \
24179 -c "Protocol is TLSv1.3" \
24180 -c "NamedGroup: secp521r1 ( 19 )" \
24181 -c "NamedGroup: ffdhe8192 ( 104 )" \
24182 -c "Verifying peer X.509 certificate... ok" \
24183 -c "received HelloRetryRequest message" \
24184 -c "selected_group ( 260 )"
24185
24186requires_gnutls_tls1_3
24187requires_gnutls_next_no_ticket
24188requires_gnutls_next_disable_tls13_compat
24189requires_config_enabled MBEDTLS_SSL_CLI_C
24190requires_config_enabled MBEDTLS_DEBUG_C
24191requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24192requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24193run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24194 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]24195 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24196 0 \
24197 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]24198 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24199 -c "NamedGroup: x25519 ( 1d )" \
24200 -c "NamedGroup: secp256r1 ( 17 )" \
24201 -c "Verifying peer X.509 certificate... ok" \
24202 -c "received HelloRetryRequest message" \
24203 -c "selected_group ( 23 )"
24204
24205requires_gnutls_tls1_3
24206requires_gnutls_next_no_ticket
24207requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24208requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]24209requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]24210requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24211requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24212run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24213 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]24214 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24215 0 \
24216 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]24217 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24218 -c "NamedGroup: x25519 ( 1d )" \
24219 -c "NamedGroup: secp384r1 ( 18 )" \
24220 -c "Verifying peer X.509 certificate... ok" \
24221 -c "received HelloRetryRequest message" \
24222 -c "selected_group ( 24 )"
24223
24224requires_gnutls_tls1_3
24225requires_gnutls_next_no_ticket
24226requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24227requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]24228requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]24229requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24230requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24231run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24232 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]24233 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24234 0 \
24235 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]24236 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24237 -c "NamedGroup: x25519 ( 1d )" \
24238 -c "NamedGroup: secp521r1 ( 19 )" \
24239 -c "Verifying peer X.509 certificate... ok" \
24240 -c "received HelloRetryRequest message" \
24241 -c "selected_group ( 25 )"
24242
24243requires_gnutls_tls1_3
24244requires_gnutls_next_no_ticket
24245requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24246requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]24247requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]24248requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24249requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24250run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24251 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]24252 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24253 0 \
24254 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]24255 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24256 -c "NamedGroup: x25519 ( 1d )" \
24257 -c "NamedGroup: x448 ( 1e )" \
24258 -c "Verifying peer X.509 certificate... ok" \
24259 -c "received HelloRetryRequest message" \
24260 -c "selected_group ( 30 )"
24261
24262requires_gnutls_tls1_3
24263requires_gnutls_next_no_ticket
24264requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24265requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]24266requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]24267requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24268requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]24269run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe2048" \
24270 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
24271 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe2048" \
24272 0 \
24273 -c "HTTP/1.0 200 OK" \
24274 -c "Protocol is TLSv1.3" \
24275 -c "NamedGroup: x25519 ( 1d )" \
24276 -c "NamedGroup: ffdhe2048 ( 100 )" \
24277 -c "Verifying peer X.509 certificate... ok" \
24278 -c "received HelloRetryRequest message" \
24279 -c "selected_group ( 256 )"
24280
24281requires_gnutls_tls1_3
24282requires_gnutls_next_no_ticket
24283requires_gnutls_next_disable_tls13_compat
24284requires_config_enabled MBEDTLS_SSL_CLI_C
24285requires_config_enabled MBEDTLS_DEBUG_C
24286requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24287requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24288run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe3072" \
24289 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
24290 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe3072" \
24291 0 \
24292 -c "HTTP/1.0 200 OK" \
24293 -c "Protocol is TLSv1.3" \
24294 -c "NamedGroup: x25519 ( 1d )" \
24295 -c "NamedGroup: ffdhe3072 ( 101 )" \
24296 -c "Verifying peer X.509 certificate... ok" \
24297 -c "received HelloRetryRequest message" \
24298 -c "selected_group ( 257 )"
24299
24300requires_gnutls_tls1_3
24301requires_gnutls_next_no_ticket
24302requires_gnutls_next_disable_tls13_compat
24303requires_config_enabled MBEDTLS_SSL_CLI_C
24304requires_config_enabled MBEDTLS_DEBUG_C
24305requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24306requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24307run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe4096" \
24308 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
24309 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe4096" \
24310 0 \
24311 -c "HTTP/1.0 200 OK" \
24312 -c "Protocol is TLSv1.3" \
24313 -c "NamedGroup: x25519 ( 1d )" \
24314 -c "NamedGroup: ffdhe4096 ( 102 )" \
24315 -c "Verifying peer X.509 certificate... ok" \
24316 -c "received HelloRetryRequest message" \
24317 -c "selected_group ( 258 )"
24318
24319requires_gnutls_tls1_3
24320requires_gnutls_next_no_ticket
24321requires_gnutls_next_disable_tls13_compat
24322requires_config_enabled MBEDTLS_SSL_CLI_C
24323requires_config_enabled MBEDTLS_DEBUG_C
24324requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24326run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe6144" \
24327 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
24328 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe6144" \
24329 0 \
24330 -c "HTTP/1.0 200 OK" \
24331 -c "Protocol is TLSv1.3" \
24332 -c "NamedGroup: x25519 ( 1d )" \
24333 -c "NamedGroup: ffdhe6144 ( 103 )" \
24334 -c "Verifying peer X.509 certificate... ok" \
24335 -c "received HelloRetryRequest message" \
24336 -c "selected_group ( 259 )"
24337
24338requires_gnutls_tls1_3
24339requires_gnutls_next_no_ticket
24340requires_gnutls_next_disable_tls13_compat
24341requires_config_enabled MBEDTLS_SSL_CLI_C
24342requires_config_enabled MBEDTLS_DEBUG_C
24343requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24344requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24345run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe8192" \
24346 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
24347 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \
24348 0 \
24349 -c "HTTP/1.0 200 OK" \
24350 -c "Protocol is TLSv1.3" \
24351 -c "NamedGroup: x25519 ( 1d )" \
24352 -c "NamedGroup: ffdhe8192 ( 104 )" \
24353 -c "Verifying peer X.509 certificate... ok" \
24354 -c "received HelloRetryRequest message" \
24355 -c "selected_group ( 260 )"
24356
24357requires_gnutls_tls1_3
24358requires_gnutls_next_no_ticket
24359requires_gnutls_next_disable_tls13_compat
24360requires_config_enabled MBEDTLS_SSL_CLI_C
24361requires_config_enabled MBEDTLS_DEBUG_C
24362requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24363requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24364run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24365 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]24366 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24367 0 \
24368 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]24369 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24370 -c "NamedGroup: x448 ( 1e )" \
24371 -c "NamedGroup: secp256r1 ( 17 )" \
24372 -c "Verifying peer X.509 certificate... ok" \
24373 -c "received HelloRetryRequest message" \
24374 -c "selected_group ( 23 )"
24375
24376requires_gnutls_tls1_3
24377requires_gnutls_next_no_ticket
24378requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24379requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]24380requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]24381requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24382requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24383run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24384 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]24385 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24386 0 \
24387 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]24388 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24389 -c "NamedGroup: x448 ( 1e )" \
24390 -c "NamedGroup: secp384r1 ( 18 )" \
24391 -c "Verifying peer X.509 certificate... ok" \
24392 -c "received HelloRetryRequest message" \
24393 -c "selected_group ( 24 )"
24394
24395requires_gnutls_tls1_3
24396requires_gnutls_next_no_ticket
24397requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24398requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]24399requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]24400requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24401requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24402run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24403 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]24404 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24405 0 \
24406 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]24407 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24408 -c "NamedGroup: x448 ( 1e )" \
24409 -c "NamedGroup: secp521r1 ( 19 )" \
24410 -c "Verifying peer X.509 certificate... ok" \
24411 -c "received HelloRetryRequest message" \
24412 -c "selected_group ( 25 )"
24413
24414requires_gnutls_tls1_3
24415requires_gnutls_next_no_ticket
24416requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24417requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]24418requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]24419requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24420requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24421run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24422 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]24423 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24424 0 \
24425 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]24426 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]24427 -c "NamedGroup: x448 ( 1e )" \
24428 -c "NamedGroup: x25519 ( 1d )" \
24429 -c "Verifying peer X.509 certificate... ok" \
24430 -c "received HelloRetryRequest message" \
24431 -c "selected_group ( 29 )"
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]24432
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]24433requires_gnutls_tls1_3
24434requires_gnutls_next_no_ticket
24435requires_gnutls_next_disable_tls13_compat
24436requires_config_enabled MBEDTLS_SSL_CLI_C
24437requires_config_enabled MBEDTLS_DEBUG_C
24438requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24439requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24440run_test "TLS 1.3 m->G: HRR x448 -> ffdhe2048" \
24441 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
24442 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe2048" \
24443 0 \
24444 -c "HTTP/1.0 200 OK" \
24445 -c "Protocol is TLSv1.3" \
24446 -c "NamedGroup: x448 ( 1e )" \
24447 -c "NamedGroup: ffdhe2048 ( 100 )" \
24448 -c "Verifying peer X.509 certificate... ok" \
24449 -c "received HelloRetryRequest message" \
24450 -c "selected_group ( 256 )"
24451
24452requires_gnutls_tls1_3
24453requires_gnutls_next_no_ticket
24454requires_gnutls_next_disable_tls13_compat
24455requires_config_enabled MBEDTLS_SSL_CLI_C
24456requires_config_enabled MBEDTLS_DEBUG_C
24457requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24458requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24459run_test "TLS 1.3 m->G: HRR x448 -> ffdhe3072" \
24460 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
24461 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe3072" \
24462 0 \
24463 -c "HTTP/1.0 200 OK" \
24464 -c "Protocol is TLSv1.3" \
24465 -c "NamedGroup: x448 ( 1e )" \
24466 -c "NamedGroup: ffdhe3072 ( 101 )" \
24467 -c "Verifying peer X.509 certificate... ok" \
24468 -c "received HelloRetryRequest message" \
24469 -c "selected_group ( 257 )"
24470
24471requires_gnutls_tls1_3
24472requires_gnutls_next_no_ticket
24473requires_gnutls_next_disable_tls13_compat
24474requires_config_enabled MBEDTLS_SSL_CLI_C
24475requires_config_enabled MBEDTLS_DEBUG_C
24476requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24477requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24478run_test "TLS 1.3 m->G: HRR x448 -> ffdhe4096" \
24479 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
24480 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe4096" \
24481 0 \
24482 -c "HTTP/1.0 200 OK" \
24483 -c "Protocol is TLSv1.3" \
24484 -c "NamedGroup: x448 ( 1e )" \
24485 -c "NamedGroup: ffdhe4096 ( 102 )" \
24486 -c "Verifying peer X.509 certificate... ok" \
24487 -c "received HelloRetryRequest message" \
24488 -c "selected_group ( 258 )"
24489
24490requires_gnutls_tls1_3
24491requires_gnutls_next_no_ticket
24492requires_gnutls_next_disable_tls13_compat
24493requires_config_enabled MBEDTLS_SSL_CLI_C
24494requires_config_enabled MBEDTLS_DEBUG_C
24495requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24496requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24497run_test "TLS 1.3 m->G: HRR x448 -> ffdhe6144" \
24498 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
24499 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe6144" \
24500 0 \
24501 -c "HTTP/1.0 200 OK" \
24502 -c "Protocol is TLSv1.3" \
24503 -c "NamedGroup: x448 ( 1e )" \
24504 -c "NamedGroup: ffdhe6144 ( 103 )" \
24505 -c "Verifying peer X.509 certificate... ok" \
24506 -c "received HelloRetryRequest message" \
24507 -c "selected_group ( 259 )"
24508
24509requires_gnutls_tls1_3
24510requires_gnutls_next_no_ticket
24511requires_gnutls_next_disable_tls13_compat
24512requires_config_enabled MBEDTLS_SSL_CLI_C
24513requires_config_enabled MBEDTLS_DEBUG_C
24514requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24515requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24516run_test "TLS 1.3 m->G: HRR x448 -> ffdhe8192" \
24517 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
24518 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \
24519 0 \
24520 -c "HTTP/1.0 200 OK" \
24521 -c "Protocol is TLSv1.3" \
24522 -c "NamedGroup: x448 ( 1e )" \
24523 -c "NamedGroup: ffdhe8192 ( 104 )" \
24524 -c "Verifying peer X.509 certificate... ok" \
24525 -c "received HelloRetryRequest message" \
24526 -c "selected_group ( 260 )"
24527
24528requires_gnutls_tls1_3
24529requires_gnutls_next_no_ticket
24530requires_gnutls_next_disable_tls13_compat
24531requires_config_enabled MBEDTLS_SSL_CLI_C
24532requires_config_enabled MBEDTLS_DEBUG_C
24533requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24534requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24535run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp256r1" \
24536 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
24537 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp256r1" \
24538 0 \
24539 -c "HTTP/1.0 200 OK" \
24540 -c "Protocol is TLSv1.3" \
24541 -c "NamedGroup: ffdhe2048 ( 100 )" \
24542 -c "NamedGroup: secp256r1 ( 17 )" \
24543 -c "Verifying peer X.509 certificate... ok" \
24544 -c "received HelloRetryRequest message" \
24545 -c "selected_group ( 23 )"
24546
24547requires_gnutls_tls1_3
24548requires_gnutls_next_no_ticket
24549requires_gnutls_next_disable_tls13_compat
24550requires_config_enabled MBEDTLS_SSL_CLI_C
24551requires_config_enabled MBEDTLS_DEBUG_C
24552requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24553requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24554run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp384r1" \
24555 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
24556 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp384r1" \
24557 0 \
24558 -c "HTTP/1.0 200 OK" \
24559 -c "Protocol is TLSv1.3" \
24560 -c "NamedGroup: ffdhe2048 ( 100 )" \
24561 -c "NamedGroup: secp384r1 ( 18 )" \
24562 -c "Verifying peer X.509 certificate... ok" \
24563 -c "received HelloRetryRequest message" \
24564 -c "selected_group ( 24 )"
24565
24566requires_gnutls_tls1_3
24567requires_gnutls_next_no_ticket
24568requires_gnutls_next_disable_tls13_compat
24569requires_config_enabled MBEDTLS_SSL_CLI_C
24570requires_config_enabled MBEDTLS_DEBUG_C
24571requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24572requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24573run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp521r1" \
24574 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
24575 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp521r1" \
24576 0 \
24577 -c "HTTP/1.0 200 OK" \
24578 -c "Protocol is TLSv1.3" \
24579 -c "NamedGroup: ffdhe2048 ( 100 )" \
24580 -c "NamedGroup: secp521r1 ( 19 )" \
24581 -c "Verifying peer X.509 certificate... ok" \
24582 -c "received HelloRetryRequest message" \
24583 -c "selected_group ( 25 )"
24584
24585requires_gnutls_tls1_3
24586requires_gnutls_next_no_ticket
24587requires_gnutls_next_disable_tls13_compat
24588requires_config_enabled MBEDTLS_SSL_CLI_C
24589requires_config_enabled MBEDTLS_DEBUG_C
24590requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24591requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24592run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x25519" \
24593 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
24594 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x25519" \
24595 0 \
24596 -c "HTTP/1.0 200 OK" \
24597 -c "Protocol is TLSv1.3" \
24598 -c "NamedGroup: ffdhe2048 ( 100 )" \
24599 -c "NamedGroup: x25519 ( 1d )" \
24600 -c "Verifying peer X.509 certificate... ok" \
24601 -c "received HelloRetryRequest message" \
24602 -c "selected_group ( 29 )"
24603
24604requires_gnutls_tls1_3
24605requires_gnutls_next_no_ticket
24606requires_gnutls_next_disable_tls13_compat
24607requires_config_enabled MBEDTLS_SSL_CLI_C
24608requires_config_enabled MBEDTLS_DEBUG_C
24609requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24610requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24611run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x448" \
24612 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
24613 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x448" \
24614 0 \
24615 -c "HTTP/1.0 200 OK" \
24616 -c "Protocol is TLSv1.3" \
24617 -c "NamedGroup: ffdhe2048 ( 100 )" \
24618 -c "NamedGroup: x448 ( 1e )" \
24619 -c "Verifying peer X.509 certificate... ok" \
24620 -c "received HelloRetryRequest message" \
24621 -c "selected_group ( 30 )"
24622
24623requires_gnutls_tls1_3
24624requires_gnutls_next_no_ticket
24625requires_gnutls_next_disable_tls13_compat
24626requires_config_enabled MBEDTLS_SSL_CLI_C
24627requires_config_enabled MBEDTLS_DEBUG_C
24628requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24629requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24630run_test "TLS 1.3 m->G: HRR ffdhe2048 -> ffdhe3072" \
24631 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
24632 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe3072" \
24633 0 \
24634 -c "HTTP/1.0 200 OK" \
24635 -c "Protocol is TLSv1.3" \
24636 -c "NamedGroup: ffdhe2048 ( 100 )" \
24637 -c "NamedGroup: ffdhe3072 ( 101 )" \
24638 -c "Verifying peer X.509 certificate... ok" \
24639 -c "received HelloRetryRequest message" \
24640 -c "selected_group ( 257 )"
24641
24642requires_gnutls_tls1_3
24643requires_gnutls_next_no_ticket
24644requires_gnutls_next_disable_tls13_compat
24645requires_config_enabled MBEDTLS_SSL_CLI_C
24646requires_config_enabled MBEDTLS_DEBUG_C
24647requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24648requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24649run_test "TLS 1.3 m->G: HRR ffdhe2048 -> ffdhe4096" \
24650 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
24651 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe4096" \
24652 0 \
24653 -c "HTTP/1.0 200 OK" \
24654 -c "Protocol is TLSv1.3" \
24655 -c "NamedGroup: ffdhe2048 ( 100 )" \
24656 -c "NamedGroup: ffdhe4096 ( 102 )" \
24657 -c "Verifying peer X.509 certificate... ok" \
24658 -c "received HelloRetryRequest message" \
24659 -c "selected_group ( 258 )"
24660
24661requires_gnutls_tls1_3
24662requires_gnutls_next_no_ticket
24663requires_gnutls_next_disable_tls13_compat
24664requires_config_enabled MBEDTLS_SSL_CLI_C
24665requires_config_enabled MBEDTLS_DEBUG_C
24666requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24667requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24668run_test "TLS 1.3 m->G: HRR ffdhe2048 -> ffdhe6144" \
24669 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
24670 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe6144" \
24671 0 \
24672 -c "HTTP/1.0 200 OK" \
24673 -c "Protocol is TLSv1.3" \
24674 -c "NamedGroup: ffdhe2048 ( 100 )" \
24675 -c "NamedGroup: ffdhe6144 ( 103 )" \
24676 -c "Verifying peer X.509 certificate... ok" \
24677 -c "received HelloRetryRequest message" \
24678 -c "selected_group ( 259 )"
24679
24680requires_gnutls_tls1_3
24681requires_gnutls_next_no_ticket
24682requires_gnutls_next_disable_tls13_compat
24683requires_config_enabled MBEDTLS_SSL_CLI_C
24684requires_config_enabled MBEDTLS_DEBUG_C
24685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24686requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24687run_test "TLS 1.3 m->G: HRR ffdhe2048 -> ffdhe8192" \
24688 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
24689 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \
24690 0 \
24691 -c "HTTP/1.0 200 OK" \
24692 -c "Protocol is TLSv1.3" \
24693 -c "NamedGroup: ffdhe2048 ( 100 )" \
24694 -c "NamedGroup: ffdhe8192 ( 104 )" \
24695 -c "Verifying peer X.509 certificate... ok" \
24696 -c "received HelloRetryRequest message" \
24697 -c "selected_group ( 260 )"
24698
24699requires_gnutls_tls1_3
24700requires_gnutls_next_no_ticket
24701requires_gnutls_next_disable_tls13_compat
24702requires_config_enabled MBEDTLS_SSL_CLI_C
24703requires_config_enabled MBEDTLS_DEBUG_C
24704requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24705requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24706run_test "TLS 1.3 m->G: HRR ffdhe3072 -> secp256r1" \
24707 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
24708 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,secp256r1" \
24709 0 \
24710 -c "HTTP/1.0 200 OK" \
24711 -c "Protocol is TLSv1.3" \
24712 -c "NamedGroup: ffdhe3072 ( 101 )" \
24713 -c "NamedGroup: secp256r1 ( 17 )" \
24714 -c "Verifying peer X.509 certificate... ok" \
24715 -c "received HelloRetryRequest message" \
24716 -c "selected_group ( 23 )"
24717
24718requires_gnutls_tls1_3
24719requires_gnutls_next_no_ticket
24720requires_gnutls_next_disable_tls13_compat
24721requires_config_enabled MBEDTLS_SSL_CLI_C
24722requires_config_enabled MBEDTLS_DEBUG_C
24723requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24724requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24725run_test "TLS 1.3 m->G: HRR ffdhe3072 -> secp384r1" \
24726 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
24727 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,secp384r1" \
24728 0 \
24729 -c "HTTP/1.0 200 OK" \
24730 -c "Protocol is TLSv1.3" \
24731 -c "NamedGroup: ffdhe3072 ( 101 )" \
24732 -c "NamedGroup: secp384r1 ( 18 )" \
24733 -c "Verifying peer X.509 certificate... ok" \
24734 -c "received HelloRetryRequest message" \
24735 -c "selected_group ( 24 )"
24736
24737requires_gnutls_tls1_3
24738requires_gnutls_next_no_ticket
24739requires_gnutls_next_disable_tls13_compat
24740requires_config_enabled MBEDTLS_SSL_CLI_C
24741requires_config_enabled MBEDTLS_DEBUG_C
24742requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24743requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24744run_test "TLS 1.3 m->G: HRR ffdhe3072 -> secp521r1" \
24745 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
24746 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,secp521r1" \
24747 0 \
24748 -c "HTTP/1.0 200 OK" \
24749 -c "Protocol is TLSv1.3" \
24750 -c "NamedGroup: ffdhe3072 ( 101 )" \
24751 -c "NamedGroup: secp521r1 ( 19 )" \
24752 -c "Verifying peer X.509 certificate... ok" \
24753 -c "received HelloRetryRequest message" \
24754 -c "selected_group ( 25 )"
24755
24756requires_gnutls_tls1_3
24757requires_gnutls_next_no_ticket
24758requires_gnutls_next_disable_tls13_compat
24759requires_config_enabled MBEDTLS_SSL_CLI_C
24760requires_config_enabled MBEDTLS_DEBUG_C
24761requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24762requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24763run_test "TLS 1.3 m->G: HRR ffdhe3072 -> x25519" \
24764 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
24765 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,x25519" \
24766 0 \
24767 -c "HTTP/1.0 200 OK" \
24768 -c "Protocol is TLSv1.3" \
24769 -c "NamedGroup: ffdhe3072 ( 101 )" \
24770 -c "NamedGroup: x25519 ( 1d )" \
24771 -c "Verifying peer X.509 certificate... ok" \
24772 -c "received HelloRetryRequest message" \
24773 -c "selected_group ( 29 )"
24774
24775requires_gnutls_tls1_3
24776requires_gnutls_next_no_ticket
24777requires_gnutls_next_disable_tls13_compat
24778requires_config_enabled MBEDTLS_SSL_CLI_C
24779requires_config_enabled MBEDTLS_DEBUG_C
24780requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24781requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24782run_test "TLS 1.3 m->G: HRR ffdhe3072 -> x448" \
24783 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
24784 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,x448" \
24785 0 \
24786 -c "HTTP/1.0 200 OK" \
24787 -c "Protocol is TLSv1.3" \
24788 -c "NamedGroup: ffdhe3072 ( 101 )" \
24789 -c "NamedGroup: x448 ( 1e )" \
24790 -c "Verifying peer X.509 certificate... ok" \
24791 -c "received HelloRetryRequest message" \
24792 -c "selected_group ( 30 )"
24793
24794requires_gnutls_tls1_3
24795requires_gnutls_next_no_ticket
24796requires_gnutls_next_disable_tls13_compat
24797requires_config_enabled MBEDTLS_SSL_CLI_C
24798requires_config_enabled MBEDTLS_DEBUG_C
24799requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24800requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24801run_test "TLS 1.3 m->G: HRR ffdhe3072 -> ffdhe2048" \
24802 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
24803 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,ffdhe2048" \
24804 0 \
24805 -c "HTTP/1.0 200 OK" \
24806 -c "Protocol is TLSv1.3" \
24807 -c "NamedGroup: ffdhe3072 ( 101 )" \
24808 -c "NamedGroup: ffdhe2048 ( 100 )" \
24809 -c "Verifying peer X.509 certificate... ok" \
24810 -c "received HelloRetryRequest message" \
24811 -c "selected_group ( 256 )"
24812
24813requires_gnutls_tls1_3
24814requires_gnutls_next_no_ticket
24815requires_gnutls_next_disable_tls13_compat
24816requires_config_enabled MBEDTLS_SSL_CLI_C
24817requires_config_enabled MBEDTLS_DEBUG_C
24818requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24819requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24820run_test "TLS 1.3 m->G: HRR ffdhe3072 -> ffdhe4096" \
24821 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
24822 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,ffdhe4096" \
24823 0 \
24824 -c "HTTP/1.0 200 OK" \
24825 -c "Protocol is TLSv1.3" \
24826 -c "NamedGroup: ffdhe3072 ( 101 )" \
24827 -c "NamedGroup: ffdhe4096 ( 102 )" \
24828 -c "Verifying peer X.509 certificate... ok" \
24829 -c "received HelloRetryRequest message" \
24830 -c "selected_group ( 258 )"
24831
24832requires_gnutls_tls1_3
24833requires_gnutls_next_no_ticket
24834requires_gnutls_next_disable_tls13_compat
24835requires_config_enabled MBEDTLS_SSL_CLI_C
24836requires_config_enabled MBEDTLS_DEBUG_C
24837requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24838requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24839run_test "TLS 1.3 m->G: HRR ffdhe3072 -> ffdhe6144" \
24840 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
24841 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,ffdhe6144" \
24842 0 \
24843 -c "HTTP/1.0 200 OK" \
24844 -c "Protocol is TLSv1.3" \
24845 -c "NamedGroup: ffdhe3072 ( 101 )" \
24846 -c "NamedGroup: ffdhe6144 ( 103 )" \
24847 -c "Verifying peer X.509 certificate... ok" \
24848 -c "received HelloRetryRequest message" \
24849 -c "selected_group ( 259 )"
24850
24851requires_gnutls_tls1_3
24852requires_gnutls_next_no_ticket
24853requires_gnutls_next_disable_tls13_compat
24854requires_config_enabled MBEDTLS_SSL_CLI_C
24855requires_config_enabled MBEDTLS_DEBUG_C
24856requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24857requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24858run_test "TLS 1.3 m->G: HRR ffdhe3072 -> ffdhe8192" \
24859 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
24860 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,ffdhe8192" \
24861 0 \
24862 -c "HTTP/1.0 200 OK" \
24863 -c "Protocol is TLSv1.3" \
24864 -c "NamedGroup: ffdhe3072 ( 101 )" \
24865 -c "NamedGroup: ffdhe8192 ( 104 )" \
24866 -c "Verifying peer X.509 certificate... ok" \
24867 -c "received HelloRetryRequest message" \
24868 -c "selected_group ( 260 )"
24869
24870requires_gnutls_tls1_3
24871requires_gnutls_next_no_ticket
24872requires_gnutls_next_disable_tls13_compat
24873requires_config_enabled MBEDTLS_SSL_CLI_C
24874requires_config_enabled MBEDTLS_DEBUG_C
24875requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24876requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24877run_test "TLS 1.3 m->G: HRR ffdhe4096 -> secp256r1" \
24878 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
24879 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,secp256r1" \
24880 0 \
24881 -c "HTTP/1.0 200 OK" \
24882 -c "Protocol is TLSv1.3" \
24883 -c "NamedGroup: ffdhe4096 ( 102 )" \
24884 -c "NamedGroup: secp256r1 ( 17 )" \
24885 -c "Verifying peer X.509 certificate... ok" \
24886 -c "received HelloRetryRequest message" \
24887 -c "selected_group ( 23 )"
24888
24889requires_gnutls_tls1_3
24890requires_gnutls_next_no_ticket
24891requires_gnutls_next_disable_tls13_compat
24892requires_config_enabled MBEDTLS_SSL_CLI_C
24893requires_config_enabled MBEDTLS_DEBUG_C
24894requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24895requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24896run_test "TLS 1.3 m->G: HRR ffdhe4096 -> secp384r1" \
24897 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
24898 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,secp384r1" \
24899 0 \
24900 -c "HTTP/1.0 200 OK" \
24901 -c "Protocol is TLSv1.3" \
24902 -c "NamedGroup: ffdhe4096 ( 102 )" \
24903 -c "NamedGroup: secp384r1 ( 18 )" \
24904 -c "Verifying peer X.509 certificate... ok" \
24905 -c "received HelloRetryRequest message" \
24906 -c "selected_group ( 24 )"
24907
24908requires_gnutls_tls1_3
24909requires_gnutls_next_no_ticket
24910requires_gnutls_next_disable_tls13_compat
24911requires_config_enabled MBEDTLS_SSL_CLI_C
24912requires_config_enabled MBEDTLS_DEBUG_C
24913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24914requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24915run_test "TLS 1.3 m->G: HRR ffdhe4096 -> secp521r1" \
24916 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
24917 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,secp521r1" \
24918 0 \
24919 -c "HTTP/1.0 200 OK" \
24920 -c "Protocol is TLSv1.3" \
24921 -c "NamedGroup: ffdhe4096 ( 102 )" \
24922 -c "NamedGroup: secp521r1 ( 19 )" \
24923 -c "Verifying peer X.509 certificate... ok" \
24924 -c "received HelloRetryRequest message" \
24925 -c "selected_group ( 25 )"
24926
24927requires_gnutls_tls1_3
24928requires_gnutls_next_no_ticket
24929requires_gnutls_next_disable_tls13_compat
24930requires_config_enabled MBEDTLS_SSL_CLI_C
24931requires_config_enabled MBEDTLS_DEBUG_C
24932requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24933requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24934run_test "TLS 1.3 m->G: HRR ffdhe4096 -> x25519" \
24935 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
24936 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,x25519" \
24937 0 \
24938 -c "HTTP/1.0 200 OK" \
24939 -c "Protocol is TLSv1.3" \
24940 -c "NamedGroup: ffdhe4096 ( 102 )" \
24941 -c "NamedGroup: x25519 ( 1d )" \
24942 -c "Verifying peer X.509 certificate... ok" \
24943 -c "received HelloRetryRequest message" \
24944 -c "selected_group ( 29 )"
24945
24946requires_gnutls_tls1_3
24947requires_gnutls_next_no_ticket
24948requires_gnutls_next_disable_tls13_compat
24949requires_config_enabled MBEDTLS_SSL_CLI_C
24950requires_config_enabled MBEDTLS_DEBUG_C
24951requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24952requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24953run_test "TLS 1.3 m->G: HRR ffdhe4096 -> x448" \
24954 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
24955 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,x448" \
24956 0 \
24957 -c "HTTP/1.0 200 OK" \
24958 -c "Protocol is TLSv1.3" \
24959 -c "NamedGroup: ffdhe4096 ( 102 )" \
24960 -c "NamedGroup: x448 ( 1e )" \
24961 -c "Verifying peer X.509 certificate... ok" \
24962 -c "received HelloRetryRequest message" \
24963 -c "selected_group ( 30 )"
24964
24965requires_gnutls_tls1_3
24966requires_gnutls_next_no_ticket
24967requires_gnutls_next_disable_tls13_compat
24968requires_config_enabled MBEDTLS_SSL_CLI_C
24969requires_config_enabled MBEDTLS_DEBUG_C
24970requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24971requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24972run_test "TLS 1.3 m->G: HRR ffdhe4096 -> ffdhe2048" \
24973 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
24974 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,ffdhe2048" \
24975 0 \
24976 -c "HTTP/1.0 200 OK" \
24977 -c "Protocol is TLSv1.3" \
24978 -c "NamedGroup: ffdhe4096 ( 102 )" \
24979 -c "NamedGroup: ffdhe2048 ( 100 )" \
24980 -c "Verifying peer X.509 certificate... ok" \
24981 -c "received HelloRetryRequest message" \
24982 -c "selected_group ( 256 )"
24983
24984requires_gnutls_tls1_3
24985requires_gnutls_next_no_ticket
24986requires_gnutls_next_disable_tls13_compat
24987requires_config_enabled MBEDTLS_SSL_CLI_C
24988requires_config_enabled MBEDTLS_DEBUG_C
24989requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
24990requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
24991run_test "TLS 1.3 m->G: HRR ffdhe4096 -> ffdhe3072" \
24992 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
24993 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,ffdhe3072" \
24994 0 \
24995 -c "HTTP/1.0 200 OK" \
24996 -c "Protocol is TLSv1.3" \
24997 -c "NamedGroup: ffdhe4096 ( 102 )" \
24998 -c "NamedGroup: ffdhe3072 ( 101 )" \
24999 -c "Verifying peer X.509 certificate... ok" \
25000 -c "received HelloRetryRequest message" \
25001 -c "selected_group ( 257 )"
25002
25003requires_gnutls_tls1_3
25004requires_gnutls_next_no_ticket
25005requires_gnutls_next_disable_tls13_compat
25006requires_config_enabled MBEDTLS_SSL_CLI_C
25007requires_config_enabled MBEDTLS_DEBUG_C
25008requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25009requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25010run_test "TLS 1.3 m->G: HRR ffdhe4096 -> ffdhe6144" \
25011 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
25012 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,ffdhe6144" \
25013 0 \
25014 -c "HTTP/1.0 200 OK" \
25015 -c "Protocol is TLSv1.3" \
25016 -c "NamedGroup: ffdhe4096 ( 102 )" \
25017 -c "NamedGroup: ffdhe6144 ( 103 )" \
25018 -c "Verifying peer X.509 certificate... ok" \
25019 -c "received HelloRetryRequest message" \
25020 -c "selected_group ( 259 )"
25021
25022requires_gnutls_tls1_3
25023requires_gnutls_next_no_ticket
25024requires_gnutls_next_disable_tls13_compat
25025requires_config_enabled MBEDTLS_SSL_CLI_C
25026requires_config_enabled MBEDTLS_DEBUG_C
25027requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25028requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25029run_test "TLS 1.3 m->G: HRR ffdhe4096 -> ffdhe8192" \
25030 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
25031 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,ffdhe8192" \
25032 0 \
25033 -c "HTTP/1.0 200 OK" \
25034 -c "Protocol is TLSv1.3" \
25035 -c "NamedGroup: ffdhe4096 ( 102 )" \
25036 -c "NamedGroup: ffdhe8192 ( 104 )" \
25037 -c "Verifying peer X.509 certificate... ok" \
25038 -c "received HelloRetryRequest message" \
25039 -c "selected_group ( 260 )"
25040
25041requires_gnutls_tls1_3
25042requires_gnutls_next_no_ticket
25043requires_gnutls_next_disable_tls13_compat
25044requires_config_enabled MBEDTLS_SSL_CLI_C
25045requires_config_enabled MBEDTLS_DEBUG_C
25046requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25047requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25048run_test "TLS 1.3 m->G: HRR ffdhe6144 -> secp256r1" \
25049 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
25050 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,secp256r1" \
25051 0 \
25052 -c "HTTP/1.0 200 OK" \
25053 -c "Protocol is TLSv1.3" \
25054 -c "NamedGroup: ffdhe6144 ( 103 )" \
25055 -c "NamedGroup: secp256r1 ( 17 )" \
25056 -c "Verifying peer X.509 certificate... ok" \
25057 -c "received HelloRetryRequest message" \
25058 -c "selected_group ( 23 )"
25059
25060requires_gnutls_tls1_3
25061requires_gnutls_next_no_ticket
25062requires_gnutls_next_disable_tls13_compat
25063requires_config_enabled MBEDTLS_SSL_CLI_C
25064requires_config_enabled MBEDTLS_DEBUG_C
25065requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25066requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25067run_test "TLS 1.3 m->G: HRR ffdhe6144 -> secp384r1" \
25068 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
25069 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,secp384r1" \
25070 0 \
25071 -c "HTTP/1.0 200 OK" \
25072 -c "Protocol is TLSv1.3" \
25073 -c "NamedGroup: ffdhe6144 ( 103 )" \
25074 -c "NamedGroup: secp384r1 ( 18 )" \
25075 -c "Verifying peer X.509 certificate... ok" \
25076 -c "received HelloRetryRequest message" \
25077 -c "selected_group ( 24 )"
25078
25079requires_gnutls_tls1_3
25080requires_gnutls_next_no_ticket
25081requires_gnutls_next_disable_tls13_compat
25082requires_config_enabled MBEDTLS_SSL_CLI_C
25083requires_config_enabled MBEDTLS_DEBUG_C
25084requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25085requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25086run_test "TLS 1.3 m->G: HRR ffdhe6144 -> secp521r1" \
25087 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
25088 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,secp521r1" \
25089 0 \
25090 -c "HTTP/1.0 200 OK" \
25091 -c "Protocol is TLSv1.3" \
25092 -c "NamedGroup: ffdhe6144 ( 103 )" \
25093 -c "NamedGroup: secp521r1 ( 19 )" \
25094 -c "Verifying peer X.509 certificate... ok" \
25095 -c "received HelloRetryRequest message" \
25096 -c "selected_group ( 25 )"
25097
25098requires_gnutls_tls1_3
25099requires_gnutls_next_no_ticket
25100requires_gnutls_next_disable_tls13_compat
25101requires_config_enabled MBEDTLS_SSL_CLI_C
25102requires_config_enabled MBEDTLS_DEBUG_C
25103requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25104requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25105run_test "TLS 1.3 m->G: HRR ffdhe6144 -> x25519" \
25106 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
25107 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,x25519" \
25108 0 \
25109 -c "HTTP/1.0 200 OK" \
25110 -c "Protocol is TLSv1.3" \
25111 -c "NamedGroup: ffdhe6144 ( 103 )" \
25112 -c "NamedGroup: x25519 ( 1d )" \
25113 -c "Verifying peer X.509 certificate... ok" \
25114 -c "received HelloRetryRequest message" \
25115 -c "selected_group ( 29 )"
25116
25117requires_gnutls_tls1_3
25118requires_gnutls_next_no_ticket
25119requires_gnutls_next_disable_tls13_compat
25120requires_config_enabled MBEDTLS_SSL_CLI_C
25121requires_config_enabled MBEDTLS_DEBUG_C
25122requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25123requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25124run_test "TLS 1.3 m->G: HRR ffdhe6144 -> x448" \
25125 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
25126 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,x448" \
25127 0 \
25128 -c "HTTP/1.0 200 OK" \
25129 -c "Protocol is TLSv1.3" \
25130 -c "NamedGroup: ffdhe6144 ( 103 )" \
25131 -c "NamedGroup: x448 ( 1e )" \
25132 -c "Verifying peer X.509 certificate... ok" \
25133 -c "received HelloRetryRequest message" \
25134 -c "selected_group ( 30 )"
25135
25136requires_gnutls_tls1_3
25137requires_gnutls_next_no_ticket
25138requires_gnutls_next_disable_tls13_compat
25139requires_config_enabled MBEDTLS_SSL_CLI_C
25140requires_config_enabled MBEDTLS_DEBUG_C
25141requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25142requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25143run_test "TLS 1.3 m->G: HRR ffdhe6144 -> ffdhe2048" \
25144 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
25145 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,ffdhe2048" \
25146 0 \
25147 -c "HTTP/1.0 200 OK" \
25148 -c "Protocol is TLSv1.3" \
25149 -c "NamedGroup: ffdhe6144 ( 103 )" \
25150 -c "NamedGroup: ffdhe2048 ( 100 )" \
25151 -c "Verifying peer X.509 certificate... ok" \
25152 -c "received HelloRetryRequest message" \
25153 -c "selected_group ( 256 )"
25154
25155requires_gnutls_tls1_3
25156requires_gnutls_next_no_ticket
25157requires_gnutls_next_disable_tls13_compat
25158requires_config_enabled MBEDTLS_SSL_CLI_C
25159requires_config_enabled MBEDTLS_DEBUG_C
25160requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25162run_test "TLS 1.3 m->G: HRR ffdhe6144 -> ffdhe3072" \
25163 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
25164 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,ffdhe3072" \
25165 0 \
25166 -c "HTTP/1.0 200 OK" \
25167 -c "Protocol is TLSv1.3" \
25168 -c "NamedGroup: ffdhe6144 ( 103 )" \
25169 -c "NamedGroup: ffdhe3072 ( 101 )" \
25170 -c "Verifying peer X.509 certificate... ok" \
25171 -c "received HelloRetryRequest message" \
25172 -c "selected_group ( 257 )"
25173
25174requires_gnutls_tls1_3
25175requires_gnutls_next_no_ticket
25176requires_gnutls_next_disable_tls13_compat
25177requires_config_enabled MBEDTLS_SSL_CLI_C
25178requires_config_enabled MBEDTLS_DEBUG_C
25179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25180requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25181run_test "TLS 1.3 m->G: HRR ffdhe6144 -> ffdhe4096" \
25182 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
25183 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,ffdhe4096" \
25184 0 \
25185 -c "HTTP/1.0 200 OK" \
25186 -c "Protocol is TLSv1.3" \
25187 -c "NamedGroup: ffdhe6144 ( 103 )" \
25188 -c "NamedGroup: ffdhe4096 ( 102 )" \
25189 -c "Verifying peer X.509 certificate... ok" \
25190 -c "received HelloRetryRequest message" \
25191 -c "selected_group ( 258 )"
25192
25193requires_gnutls_tls1_3
25194requires_gnutls_next_no_ticket
25195requires_gnutls_next_disable_tls13_compat
25196requires_config_enabled MBEDTLS_SSL_CLI_C
25197requires_config_enabled MBEDTLS_DEBUG_C
25198requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25199requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25200run_test "TLS 1.3 m->G: HRR ffdhe6144 -> ffdhe8192" \
25201 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
25202 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,ffdhe8192" \
25203 0 \
25204 -c "HTTP/1.0 200 OK" \
25205 -c "Protocol is TLSv1.3" \
25206 -c "NamedGroup: ffdhe6144 ( 103 )" \
25207 -c "NamedGroup: ffdhe8192 ( 104 )" \
25208 -c "Verifying peer X.509 certificate... ok" \
25209 -c "received HelloRetryRequest message" \
25210 -c "selected_group ( 260 )"
25211
25212requires_gnutls_tls1_3
25213requires_gnutls_next_no_ticket
25214requires_gnutls_next_disable_tls13_compat
25215requires_config_enabled MBEDTLS_SSL_CLI_C
25216requires_config_enabled MBEDTLS_DEBUG_C
25217requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25218requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25219run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp256r1" \
25220 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
25221 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \
25222 0 \
25223 -c "HTTP/1.0 200 OK" \
25224 -c "Protocol is TLSv1.3" \
25225 -c "NamedGroup: ffdhe8192 ( 104 )" \
25226 -c "NamedGroup: secp256r1 ( 17 )" \
25227 -c "Verifying peer X.509 certificate... ok" \
25228 -c "received HelloRetryRequest message" \
25229 -c "selected_group ( 23 )"
25230
25231requires_gnutls_tls1_3
25232requires_gnutls_next_no_ticket
25233requires_gnutls_next_disable_tls13_compat
25234requires_config_enabled MBEDTLS_SSL_CLI_C
25235requires_config_enabled MBEDTLS_DEBUG_C
25236requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25237requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25238run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp384r1" \
25239 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
25240 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \
25241 0 \
25242 -c "HTTP/1.0 200 OK" \
25243 -c "Protocol is TLSv1.3" \
25244 -c "NamedGroup: ffdhe8192 ( 104 )" \
25245 -c "NamedGroup: secp384r1 ( 18 )" \
25246 -c "Verifying peer X.509 certificate... ok" \
25247 -c "received HelloRetryRequest message" \
25248 -c "selected_group ( 24 )"
25249
25250requires_gnutls_tls1_3
25251requires_gnutls_next_no_ticket
25252requires_gnutls_next_disable_tls13_compat
25253requires_config_enabled MBEDTLS_SSL_CLI_C
25254requires_config_enabled MBEDTLS_DEBUG_C
25255requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25257run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp521r1" \
25258 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
25259 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \
25260 0 \
25261 -c "HTTP/1.0 200 OK" \
25262 -c "Protocol is TLSv1.3" \
25263 -c "NamedGroup: ffdhe8192 ( 104 )" \
25264 -c "NamedGroup: secp521r1 ( 19 )" \
25265 -c "Verifying peer X.509 certificate... ok" \
25266 -c "received HelloRetryRequest message" \
25267 -c "selected_group ( 25 )"
25268
25269requires_gnutls_tls1_3
25270requires_gnutls_next_no_ticket
25271requires_gnutls_next_disable_tls13_compat
25272requires_config_enabled MBEDTLS_SSL_CLI_C
25273requires_config_enabled MBEDTLS_DEBUG_C
25274requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25275requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25276run_test "TLS 1.3 m->G: HRR ffdhe8192 -> x25519" \
25277 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
25278 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \
25279 0 \
25280 -c "HTTP/1.0 200 OK" \
25281 -c "Protocol is TLSv1.3" \
25282 -c "NamedGroup: ffdhe8192 ( 104 )" \
25283 -c "NamedGroup: x25519 ( 1d )" \
25284 -c "Verifying peer X.509 certificate... ok" \
25285 -c "received HelloRetryRequest message" \
25286 -c "selected_group ( 29 )"
25287
25288requires_gnutls_tls1_3
25289requires_gnutls_next_no_ticket
25290requires_gnutls_next_disable_tls13_compat
25291requires_config_enabled MBEDTLS_SSL_CLI_C
25292requires_config_enabled MBEDTLS_DEBUG_C
25293requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25294requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25295run_test "TLS 1.3 m->G: HRR ffdhe8192 -> x448" \
25296 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
25297 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \
25298 0 \
25299 -c "HTTP/1.0 200 OK" \
25300 -c "Protocol is TLSv1.3" \
25301 -c "NamedGroup: ffdhe8192 ( 104 )" \
25302 -c "NamedGroup: x448 ( 1e )" \
25303 -c "Verifying peer X.509 certificate... ok" \
25304 -c "received HelloRetryRequest message" \
25305 -c "selected_group ( 30 )"
25306
25307requires_gnutls_tls1_3
25308requires_gnutls_next_no_ticket
25309requires_gnutls_next_disable_tls13_compat
25310requires_config_enabled MBEDTLS_SSL_CLI_C
25311requires_config_enabled MBEDTLS_DEBUG_C
25312requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25313requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25314run_test "TLS 1.3 m->G: HRR ffdhe8192 -> ffdhe2048" \
25315 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
25316 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \
25317 0 \
25318 -c "HTTP/1.0 200 OK" \
25319 -c "Protocol is TLSv1.3" \
25320 -c "NamedGroup: ffdhe8192 ( 104 )" \
25321 -c "NamedGroup: ffdhe2048 ( 100 )" \
25322 -c "Verifying peer X.509 certificate... ok" \
25323 -c "received HelloRetryRequest message" \
25324 -c "selected_group ( 256 )"
25325
25326requires_gnutls_tls1_3
25327requires_gnutls_next_no_ticket
25328requires_gnutls_next_disable_tls13_compat
25329requires_config_enabled MBEDTLS_SSL_CLI_C
25330requires_config_enabled MBEDTLS_DEBUG_C
25331requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25332requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25333run_test "TLS 1.3 m->G: HRR ffdhe8192 -> ffdhe3072" \
25334 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
25335 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe3072" \
25336 0 \
25337 -c "HTTP/1.0 200 OK" \
25338 -c "Protocol is TLSv1.3" \
25339 -c "NamedGroup: ffdhe8192 ( 104 )" \
25340 -c "NamedGroup: ffdhe3072 ( 101 )" \
25341 -c "Verifying peer X.509 certificate... ok" \
25342 -c "received HelloRetryRequest message" \
25343 -c "selected_group ( 257 )"
25344
25345requires_gnutls_tls1_3
25346requires_gnutls_next_no_ticket
25347requires_gnutls_next_disable_tls13_compat
25348requires_config_enabled MBEDTLS_SSL_CLI_C
25349requires_config_enabled MBEDTLS_DEBUG_C
25350requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25351requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25352run_test "TLS 1.3 m->G: HRR ffdhe8192 -> ffdhe4096" \
25353 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
25354 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe4096" \
25355 0 \
25356 -c "HTTP/1.0 200 OK" \
25357 -c "Protocol is TLSv1.3" \
25358 -c "NamedGroup: ffdhe8192 ( 104 )" \
25359 -c "NamedGroup: ffdhe4096 ( 102 )" \
25360 -c "Verifying peer X.509 certificate... ok" \
25361 -c "received HelloRetryRequest message" \
25362 -c "selected_group ( 258 )"
25363
25364requires_gnutls_tls1_3
25365requires_gnutls_next_no_ticket
25366requires_gnutls_next_disable_tls13_compat
25367requires_config_enabled MBEDTLS_SSL_CLI_C
25368requires_config_enabled MBEDTLS_DEBUG_C
25369requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25370requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25371run_test "TLS 1.3 m->G: HRR ffdhe8192 -> ffdhe6144" \
25372 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
25373 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe6144" \
25374 0 \
25375 -c "HTTP/1.0 200 OK" \
25376 -c "Protocol is TLSv1.3" \
25377 -c "NamedGroup: ffdhe8192 ( 104 )" \
25378 -c "NamedGroup: ffdhe6144 ( 103 )" \
25379 -c "Verifying peer X.509 certificate... ok" \
25380 -c "received HelloRetryRequest message" \
25381 -c "selected_group ( 259 )"
25382
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]25383requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25384requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25385requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25386requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25387requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25388requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25389requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25390requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25391run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]25392 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25393 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25394 0 \
25395 -s "Protocol is TLSv1.3" \
25396 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]25397 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25398 -c "Protocol is TLSv1.3" \
25399 -c "NamedGroup: secp256r1 ( 17 )" \
25400 -c "NamedGroup: secp384r1 ( 18 )" \
25401 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25402 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25403 -c "received HelloRetryRequest message" \
25404 -c "selected_group ( 24 )"
25405
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]25406requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25407requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25408requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25409requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25410requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25411requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25412requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25413requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25414run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]25415 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25416 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25417 0 \
25418 -s "Protocol is TLSv1.3" \
25419 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]25420 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25421 -c "Protocol is TLSv1.3" \
25422 -c "NamedGroup: secp256r1 ( 17 )" \
25423 -c "NamedGroup: secp521r1 ( 19 )" \
25424 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25425 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25426 -c "received HelloRetryRequest message" \
25427 -c "selected_group ( 25 )"
25428
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]25429requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25430requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25431requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25432requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25433requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25434requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25435requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25436requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25437run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]25438 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25439 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25440 0 \
25441 -s "Protocol is TLSv1.3" \
25442 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]25443 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25444 -c "Protocol is TLSv1.3" \
25445 -c "NamedGroup: secp256r1 ( 17 )" \
25446 -c "NamedGroup: x25519 ( 1d )" \
25447 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25448 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25449 -c "received HelloRetryRequest message" \
25450 -c "selected_group ( 29 )"
25451
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]25452requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25453requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25454requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25455requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25456requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25457requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25458requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25459requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25460run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]25461 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25462 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25463 0 \
25464 -s "Protocol is TLSv1.3" \
25465 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]25466 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25467 -c "Protocol is TLSv1.3" \
25468 -c "NamedGroup: secp256r1 ( 17 )" \
25469 -c "NamedGroup: x448 ( 1e )" \
25470 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25471 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25472 -c "received HelloRetryRequest message" \
25473 -c "selected_group ( 30 )"
25474
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]25475requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25476requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25477requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25478requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25479requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25480requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25481requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25482requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]25483run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe2048" \
25484 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25485 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe2048" \
25486 0 \
25487 -s "Protocol is TLSv1.3" \
25488 -s "got named group: ffdhe2048(0100)" \
25489 -s "Certificate verification was skipped" \
25490 -c "Protocol is TLSv1.3" \
25491 -c "NamedGroup: secp256r1 ( 17 )" \
25492 -c "NamedGroup: ffdhe2048 ( 100 )" \
25493 -c "Verifying peer X.509 certificate... ok" \
25494 -s "HRR selected_group: ffdhe2048" \
25495 -c "received HelloRetryRequest message" \
25496 -c "selected_group ( 256 )"
25497
25498requires_config_enabled MBEDTLS_SSL_SRV_C
25499requires_config_enabled MBEDTLS_DEBUG_C
25500requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25501requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25502requires_config_enabled MBEDTLS_SSL_CLI_C
25503requires_config_enabled MBEDTLS_DEBUG_C
25504requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25505requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25506run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe3072" \
25507 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25508 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe3072" \
25509 0 \
25510 -s "Protocol is TLSv1.3" \
25511 -s "got named group: ffdhe3072(0101)" \
25512 -s "Certificate verification was skipped" \
25513 -c "Protocol is TLSv1.3" \
25514 -c "NamedGroup: secp256r1 ( 17 )" \
25515 -c "NamedGroup: ffdhe3072 ( 101 )" \
25516 -c "Verifying peer X.509 certificate... ok" \
25517 -s "HRR selected_group: ffdhe3072" \
25518 -c "received HelloRetryRequest message" \
25519 -c "selected_group ( 257 )"
25520
25521requires_config_enabled MBEDTLS_SSL_SRV_C
25522requires_config_enabled MBEDTLS_DEBUG_C
25523requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25524requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25525requires_config_enabled MBEDTLS_SSL_CLI_C
25526requires_config_enabled MBEDTLS_DEBUG_C
25527requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25528requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25529run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe4096" \
25530 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25531 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe4096" \
25532 0 \
25533 -s "Protocol is TLSv1.3" \
25534 -s "got named group: ffdhe4096(0102)" \
25535 -s "Certificate verification was skipped" \
25536 -c "Protocol is TLSv1.3" \
25537 -c "NamedGroup: secp256r1 ( 17 )" \
25538 -c "NamedGroup: ffdhe4096 ( 102 )" \
25539 -c "Verifying peer X.509 certificate... ok" \
25540 -s "HRR selected_group: ffdhe4096" \
25541 -c "received HelloRetryRequest message" \
25542 -c "selected_group ( 258 )"
25543
25544requires_config_enabled MBEDTLS_SSL_SRV_C
25545requires_config_enabled MBEDTLS_DEBUG_C
25546requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25547requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25548requires_config_enabled MBEDTLS_SSL_CLI_C
25549requires_config_enabled MBEDTLS_DEBUG_C
25550requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25551requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25552run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe6144" \
25553 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25554 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe6144" \
25555 0 \
25556 -s "Protocol is TLSv1.3" \
25557 -s "got named group: ffdhe6144(0103)" \
25558 -s "Certificate verification was skipped" \
25559 -c "Protocol is TLSv1.3" \
25560 -c "NamedGroup: secp256r1 ( 17 )" \
25561 -c "NamedGroup: ffdhe6144 ( 103 )" \
25562 -c "Verifying peer X.509 certificate... ok" \
25563 -s "HRR selected_group: ffdhe6144" \
25564 -c "received HelloRetryRequest message" \
25565 -c "selected_group ( 259 )"
25566
25567requires_config_enabled MBEDTLS_SSL_SRV_C
25568requires_config_enabled MBEDTLS_DEBUG_C
25569requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25570requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25571requires_config_enabled MBEDTLS_SSL_CLI_C
25572requires_config_enabled MBEDTLS_DEBUG_C
25573requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25574requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25575run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe8192" \
25576 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25577 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \
25578 0 \
25579 -s "Protocol is TLSv1.3" \
25580 -s "got named group: ffdhe8192(0104)" \
25581 -s "Certificate verification was skipped" \
25582 -c "Protocol is TLSv1.3" \
25583 -c "NamedGroup: secp256r1 ( 17 )" \
25584 -c "NamedGroup: ffdhe8192 ( 104 )" \
25585 -c "Verifying peer X.509 certificate... ok" \
25586 -s "HRR selected_group: ffdhe8192" \
25587 -c "received HelloRetryRequest message" \
25588 -c "selected_group ( 260 )"
25589
25590requires_config_enabled MBEDTLS_SSL_SRV_C
25591requires_config_enabled MBEDTLS_DEBUG_C
25592requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25593requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25594requires_config_enabled MBEDTLS_SSL_CLI_C
25595requires_config_enabled MBEDTLS_DEBUG_C
25596requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25597requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25598run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]25599 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25600 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25601 0 \
25602 -s "Protocol is TLSv1.3" \
25603 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]25604 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25605 -c "Protocol is TLSv1.3" \
25606 -c "NamedGroup: secp384r1 ( 18 )" \
25607 -c "NamedGroup: secp256r1 ( 17 )" \
25608 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25609 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25610 -c "received HelloRetryRequest message" \
25611 -c "selected_group ( 23 )"
25612
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]25613requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25614requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25615requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25616requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25617requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25618requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25619requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25620requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25621run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]25622 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25623 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25624 0 \
25625 -s "Protocol is TLSv1.3" \
25626 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]25627 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25628 -c "Protocol is TLSv1.3" \
25629 -c "NamedGroup: secp384r1 ( 18 )" \
25630 -c "NamedGroup: secp521r1 ( 19 )" \
25631 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25632 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25633 -c "received HelloRetryRequest message" \
25634 -c "selected_group ( 25 )"
25635
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]25636requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25637requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25638requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25639requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25640requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25641requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25642requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25643requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25644run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]25645 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25646 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25647 0 \
25648 -s "Protocol is TLSv1.3" \
25649 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]25650 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25651 -c "Protocol is TLSv1.3" \
25652 -c "NamedGroup: secp384r1 ( 18 )" \
25653 -c "NamedGroup: x25519 ( 1d )" \
25654 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25655 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25656 -c "received HelloRetryRequest message" \
25657 -c "selected_group ( 29 )"
25658
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]25659requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25660requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25661requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25662requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25663requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25664requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25665requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25666requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25667run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]25668 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25669 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25670 0 \
25671 -s "Protocol is TLSv1.3" \
25672 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]25673 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25674 -c "Protocol is TLSv1.3" \
25675 -c "NamedGroup: secp384r1 ( 18 )" \
25676 -c "NamedGroup: x448 ( 1e )" \
25677 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25678 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25679 -c "received HelloRetryRequest message" \
25680 -c "selected_group ( 30 )"
25681
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]25682requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25683requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25685requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25686requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25687requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25688requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25689requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]25690run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe2048" \
25691 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25692 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe2048" \
25693 0 \
25694 -s "Protocol is TLSv1.3" \
25695 -s "got named group: ffdhe2048(0100)" \
25696 -s "Certificate verification was skipped" \
25697 -c "Protocol is TLSv1.3" \
25698 -c "NamedGroup: secp384r1 ( 18 )" \
25699 -c "NamedGroup: ffdhe2048 ( 100 )" \
25700 -c "Verifying peer X.509 certificate... ok" \
25701 -s "HRR selected_group: ffdhe2048" \
25702 -c "received HelloRetryRequest message" \
25703 -c "selected_group ( 256 )"
25704
25705requires_config_enabled MBEDTLS_SSL_SRV_C
25706requires_config_enabled MBEDTLS_DEBUG_C
25707requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25708requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25709requires_config_enabled MBEDTLS_SSL_CLI_C
25710requires_config_enabled MBEDTLS_DEBUG_C
25711requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25712requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25713run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe3072" \
25714 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25715 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe3072" \
25716 0 \
25717 -s "Protocol is TLSv1.3" \
25718 -s "got named group: ffdhe3072(0101)" \
25719 -s "Certificate verification was skipped" \
25720 -c "Protocol is TLSv1.3" \
25721 -c "NamedGroup: secp384r1 ( 18 )" \
25722 -c "NamedGroup: ffdhe3072 ( 101 )" \
25723 -c "Verifying peer X.509 certificate... ok" \
25724 -s "HRR selected_group: ffdhe3072" \
25725 -c "received HelloRetryRequest message" \
25726 -c "selected_group ( 257 )"
25727
25728requires_config_enabled MBEDTLS_SSL_SRV_C
25729requires_config_enabled MBEDTLS_DEBUG_C
25730requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25731requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25732requires_config_enabled MBEDTLS_SSL_CLI_C
25733requires_config_enabled MBEDTLS_DEBUG_C
25734requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25735requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25736run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe4096" \
25737 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25738 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe4096" \
25739 0 \
25740 -s "Protocol is TLSv1.3" \
25741 -s "got named group: ffdhe4096(0102)" \
25742 -s "Certificate verification was skipped" \
25743 -c "Protocol is TLSv1.3" \
25744 -c "NamedGroup: secp384r1 ( 18 )" \
25745 -c "NamedGroup: ffdhe4096 ( 102 )" \
25746 -c "Verifying peer X.509 certificate... ok" \
25747 -s "HRR selected_group: ffdhe4096" \
25748 -c "received HelloRetryRequest message" \
25749 -c "selected_group ( 258 )"
25750
25751requires_config_enabled MBEDTLS_SSL_SRV_C
25752requires_config_enabled MBEDTLS_DEBUG_C
25753requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25754requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25755requires_config_enabled MBEDTLS_SSL_CLI_C
25756requires_config_enabled MBEDTLS_DEBUG_C
25757requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25758requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25759run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe6144" \
25760 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25761 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe6144" \
25762 0 \
25763 -s "Protocol is TLSv1.3" \
25764 -s "got named group: ffdhe6144(0103)" \
25765 -s "Certificate verification was skipped" \
25766 -c "Protocol is TLSv1.3" \
25767 -c "NamedGroup: secp384r1 ( 18 )" \
25768 -c "NamedGroup: ffdhe6144 ( 103 )" \
25769 -c "Verifying peer X.509 certificate... ok" \
25770 -s "HRR selected_group: ffdhe6144" \
25771 -c "received HelloRetryRequest message" \
25772 -c "selected_group ( 259 )"
25773
25774requires_config_enabled MBEDTLS_SSL_SRV_C
25775requires_config_enabled MBEDTLS_DEBUG_C
25776requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25777requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25778requires_config_enabled MBEDTLS_SSL_CLI_C
25779requires_config_enabled MBEDTLS_DEBUG_C
25780requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25781requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25782run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe8192" \
25783 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25784 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \
25785 0 \
25786 -s "Protocol is TLSv1.3" \
25787 -s "got named group: ffdhe8192(0104)" \
25788 -s "Certificate verification was skipped" \
25789 -c "Protocol is TLSv1.3" \
25790 -c "NamedGroup: secp384r1 ( 18 )" \
25791 -c "NamedGroup: ffdhe8192 ( 104 )" \
25792 -c "Verifying peer X.509 certificate... ok" \
25793 -s "HRR selected_group: ffdhe8192" \
25794 -c "received HelloRetryRequest message" \
25795 -c "selected_group ( 260 )"
25796
25797requires_config_enabled MBEDTLS_SSL_SRV_C
25798requires_config_enabled MBEDTLS_DEBUG_C
25799requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25800requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25801requires_config_enabled MBEDTLS_SSL_CLI_C
25802requires_config_enabled MBEDTLS_DEBUG_C
25803requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25804requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25805run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]25806 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25807 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25808 0 \
25809 -s "Protocol is TLSv1.3" \
25810 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]25811 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25812 -c "Protocol is TLSv1.3" \
25813 -c "NamedGroup: secp521r1 ( 19 )" \
25814 -c "NamedGroup: secp256r1 ( 17 )" \
25815 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25816 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25817 -c "received HelloRetryRequest message" \
25818 -c "selected_group ( 23 )"
25819
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]25820requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25821requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25822requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25823requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25824requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25825requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25826requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25827requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25828run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]25829 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25830 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25831 0 \
25832 -s "Protocol is TLSv1.3" \
25833 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]25834 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25835 -c "Protocol is TLSv1.3" \
25836 -c "NamedGroup: secp521r1 ( 19 )" \
25837 -c "NamedGroup: secp384r1 ( 18 )" \
25838 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25839 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25840 -c "received HelloRetryRequest message" \
25841 -c "selected_group ( 24 )"
25842
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]25843requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25844requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25845requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25846requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25847requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25848requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25849requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25850requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25851run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]25852 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25853 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25854 0 \
25855 -s "Protocol is TLSv1.3" \
25856 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]25857 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25858 -c "Protocol is TLSv1.3" \
25859 -c "NamedGroup: secp521r1 ( 19 )" \
25860 -c "NamedGroup: x25519 ( 1d )" \
25861 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25862 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25863 -c "received HelloRetryRequest message" \
25864 -c "selected_group ( 29 )"
25865
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]25866requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25867requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25868requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25869requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25870requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25871requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25872requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25873requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25874run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]25875 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25876 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25877 0 \
25878 -s "Protocol is TLSv1.3" \
25879 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]25880 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25881 -c "Protocol is TLSv1.3" \
25882 -c "NamedGroup: secp521r1 ( 19 )" \
25883 -c "NamedGroup: x448 ( 1e )" \
25884 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25885 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25886 -c "received HelloRetryRequest message" \
25887 -c "selected_group ( 30 )"
25888
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]25889requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25890requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25891requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25892requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25893requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]25894requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]25895requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]25896requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]25897run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe2048" \
25898 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25899 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe2048" \
25900 0 \
25901 -s "Protocol is TLSv1.3" \
25902 -s "got named group: ffdhe2048(0100)" \
25903 -s "Certificate verification was skipped" \
25904 -c "Protocol is TLSv1.3" \
25905 -c "NamedGroup: secp521r1 ( 19 )" \
25906 -c "NamedGroup: ffdhe2048 ( 100 )" \
25907 -c "Verifying peer X.509 certificate... ok" \
25908 -s "HRR selected_group: ffdhe2048" \
25909 -c "received HelloRetryRequest message" \
25910 -c "selected_group ( 256 )"
25911
25912requires_config_enabled MBEDTLS_SSL_SRV_C
25913requires_config_enabled MBEDTLS_DEBUG_C
25914requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25915requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25916requires_config_enabled MBEDTLS_SSL_CLI_C
25917requires_config_enabled MBEDTLS_DEBUG_C
25918requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25919requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25920run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe3072" \
25921 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25922 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe3072" \
25923 0 \
25924 -s "Protocol is TLSv1.3" \
25925 -s "got named group: ffdhe3072(0101)" \
25926 -s "Certificate verification was skipped" \
25927 -c "Protocol is TLSv1.3" \
25928 -c "NamedGroup: secp521r1 ( 19 )" \
25929 -c "NamedGroup: ffdhe3072 ( 101 )" \
25930 -c "Verifying peer X.509 certificate... ok" \
25931 -s "HRR selected_group: ffdhe3072" \
25932 -c "received HelloRetryRequest message" \
25933 -c "selected_group ( 257 )"
25934
25935requires_config_enabled MBEDTLS_SSL_SRV_C
25936requires_config_enabled MBEDTLS_DEBUG_C
25937requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25938requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25939requires_config_enabled MBEDTLS_SSL_CLI_C
25940requires_config_enabled MBEDTLS_DEBUG_C
25941requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25942requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25943run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe4096" \
25944 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25945 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe4096" \
25946 0 \
25947 -s "Protocol is TLSv1.3" \
25948 -s "got named group: ffdhe4096(0102)" \
25949 -s "Certificate verification was skipped" \
25950 -c "Protocol is TLSv1.3" \
25951 -c "NamedGroup: secp521r1 ( 19 )" \
25952 -c "NamedGroup: ffdhe4096 ( 102 )" \
25953 -c "Verifying peer X.509 certificate... ok" \
25954 -s "HRR selected_group: ffdhe4096" \
25955 -c "received HelloRetryRequest message" \
25956 -c "selected_group ( 258 )"
25957
25958requires_config_enabled MBEDTLS_SSL_SRV_C
25959requires_config_enabled MBEDTLS_DEBUG_C
25960requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25961requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25962requires_config_enabled MBEDTLS_SSL_CLI_C
25963requires_config_enabled MBEDTLS_DEBUG_C
25964requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25965requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25966run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe6144" \
25967 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25968 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe6144" \
25969 0 \
25970 -s "Protocol is TLSv1.3" \
25971 -s "got named group: ffdhe6144(0103)" \
25972 -s "Certificate verification was skipped" \
25973 -c "Protocol is TLSv1.3" \
25974 -c "NamedGroup: secp521r1 ( 19 )" \
25975 -c "NamedGroup: ffdhe6144 ( 103 )" \
25976 -c "Verifying peer X.509 certificate... ok" \
25977 -s "HRR selected_group: ffdhe6144" \
25978 -c "received HelloRetryRequest message" \
25979 -c "selected_group ( 259 )"
25980
25981requires_config_enabled MBEDTLS_SSL_SRV_C
25982requires_config_enabled MBEDTLS_DEBUG_C
25983requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25984requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25985requires_config_enabled MBEDTLS_SSL_CLI_C
25986requires_config_enabled MBEDTLS_DEBUG_C
25987requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
25988requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
25989run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe8192" \
25990 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
25991 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \
25992 0 \
25993 -s "Protocol is TLSv1.3" \
25994 -s "got named group: ffdhe8192(0104)" \
25995 -s "Certificate verification was skipped" \
25996 -c "Protocol is TLSv1.3" \
25997 -c "NamedGroup: secp521r1 ( 19 )" \
25998 -c "NamedGroup: ffdhe8192 ( 104 )" \
25999 -c "Verifying peer X.509 certificate... ok" \
26000 -s "HRR selected_group: ffdhe8192" \
26001 -c "received HelloRetryRequest message" \
26002 -c "selected_group ( 260 )"
26003
26004requires_config_enabled MBEDTLS_SSL_SRV_C
26005requires_config_enabled MBEDTLS_DEBUG_C
26006requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26007requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26008requires_config_enabled MBEDTLS_SSL_CLI_C
26009requires_config_enabled MBEDTLS_DEBUG_C
26010requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26011requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26012run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]26013 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26014 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26015 0 \
26016 -s "Protocol is TLSv1.3" \
26017 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]26018 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26019 -c "Protocol is TLSv1.3" \
26020 -c "NamedGroup: x25519 ( 1d )" \
26021 -c "NamedGroup: secp256r1 ( 17 )" \
26022 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26023 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26024 -c "received HelloRetryRequest message" \
26025 -c "selected_group ( 23 )"
26026
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]26027requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26028requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26029requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26030requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26031requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26032requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26033requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26034requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26035run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]26036 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26037 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26038 0 \
26039 -s "Protocol is TLSv1.3" \
26040 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]26041 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26042 -c "Protocol is TLSv1.3" \
26043 -c "NamedGroup: x25519 ( 1d )" \
26044 -c "NamedGroup: secp384r1 ( 18 )" \
26045 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26046 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26047 -c "received HelloRetryRequest message" \
26048 -c "selected_group ( 24 )"
26049
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]26050requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26051requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26052requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26053requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26054requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26055requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26056requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26057requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26058run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]26059 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26060 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26061 0 \
26062 -s "Protocol is TLSv1.3" \
26063 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]26064 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26065 -c "Protocol is TLSv1.3" \
26066 -c "NamedGroup: x25519 ( 1d )" \
26067 -c "NamedGroup: secp521r1 ( 19 )" \
26068 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26069 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26070 -c "received HelloRetryRequest message" \
26071 -c "selected_group ( 25 )"
26072
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]26073requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26074requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26075requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26076requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26077requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26078requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26079requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26080requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26081run_test "TLS 1.3 m->m: HRR x25519 -> x448" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]26082 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26083 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26084 0 \
26085 -s "Protocol is TLSv1.3" \
26086 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]26087 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26088 -c "Protocol is TLSv1.3" \
26089 -c "NamedGroup: x25519 ( 1d )" \
26090 -c "NamedGroup: x448 ( 1e )" \
26091 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26092 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26093 -c "received HelloRetryRequest message" \
26094 -c "selected_group ( 30 )"
26095
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]26096requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26097requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26098requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26099requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26100requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26101requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26102requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26103requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]26104run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe2048" \
26105 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26106 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe2048" \
26107 0 \
26108 -s "Protocol is TLSv1.3" \
26109 -s "got named group: ffdhe2048(0100)" \
26110 -s "Certificate verification was skipped" \
26111 -c "Protocol is TLSv1.3" \
26112 -c "NamedGroup: x25519 ( 1d )" \
26113 -c "NamedGroup: ffdhe2048 ( 100 )" \
26114 -c "Verifying peer X.509 certificate... ok" \
26115 -s "HRR selected_group: ffdhe2048" \
26116 -c "received HelloRetryRequest message" \
26117 -c "selected_group ( 256 )"
26118
26119requires_config_enabled MBEDTLS_SSL_SRV_C
26120requires_config_enabled MBEDTLS_DEBUG_C
26121requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26122requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26123requires_config_enabled MBEDTLS_SSL_CLI_C
26124requires_config_enabled MBEDTLS_DEBUG_C
26125requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26126requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26127run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe3072" \
26128 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26129 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe3072" \
26130 0 \
26131 -s "Protocol is TLSv1.3" \
26132 -s "got named group: ffdhe3072(0101)" \
26133 -s "Certificate verification was skipped" \
26134 -c "Protocol is TLSv1.3" \
26135 -c "NamedGroup: x25519 ( 1d )" \
26136 -c "NamedGroup: ffdhe3072 ( 101 )" \
26137 -c "Verifying peer X.509 certificate... ok" \
26138 -s "HRR selected_group: ffdhe3072" \
26139 -c "received HelloRetryRequest message" \
26140 -c "selected_group ( 257 )"
26141
26142requires_config_enabled MBEDTLS_SSL_SRV_C
26143requires_config_enabled MBEDTLS_DEBUG_C
26144requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26145requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26146requires_config_enabled MBEDTLS_SSL_CLI_C
26147requires_config_enabled MBEDTLS_DEBUG_C
26148requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26149requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26150run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe4096" \
26151 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26152 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe4096" \
26153 0 \
26154 -s "Protocol is TLSv1.3" \
26155 -s "got named group: ffdhe4096(0102)" \
26156 -s "Certificate verification was skipped" \
26157 -c "Protocol is TLSv1.3" \
26158 -c "NamedGroup: x25519 ( 1d )" \
26159 -c "NamedGroup: ffdhe4096 ( 102 )" \
26160 -c "Verifying peer X.509 certificate... ok" \
26161 -s "HRR selected_group: ffdhe4096" \
26162 -c "received HelloRetryRequest message" \
26163 -c "selected_group ( 258 )"
26164
26165requires_config_enabled MBEDTLS_SSL_SRV_C
26166requires_config_enabled MBEDTLS_DEBUG_C
26167requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26168requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26169requires_config_enabled MBEDTLS_SSL_CLI_C
26170requires_config_enabled MBEDTLS_DEBUG_C
26171requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26172requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26173run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe6144" \
26174 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26175 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe6144" \
26176 0 \
26177 -s "Protocol is TLSv1.3" \
26178 -s "got named group: ffdhe6144(0103)" \
26179 -s "Certificate verification was skipped" \
26180 -c "Protocol is TLSv1.3" \
26181 -c "NamedGroup: x25519 ( 1d )" \
26182 -c "NamedGroup: ffdhe6144 ( 103 )" \
26183 -c "Verifying peer X.509 certificate... ok" \
26184 -s "HRR selected_group: ffdhe6144" \
26185 -c "received HelloRetryRequest message" \
26186 -c "selected_group ( 259 )"
26187
26188requires_config_enabled MBEDTLS_SSL_SRV_C
26189requires_config_enabled MBEDTLS_DEBUG_C
26190requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26191requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26192requires_config_enabled MBEDTLS_SSL_CLI_C
26193requires_config_enabled MBEDTLS_DEBUG_C
26194requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26195requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26196run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe8192" \
26197 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26198 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \
26199 0 \
26200 -s "Protocol is TLSv1.3" \
26201 -s "got named group: ffdhe8192(0104)" \
26202 -s "Certificate verification was skipped" \
26203 -c "Protocol is TLSv1.3" \
26204 -c "NamedGroup: x25519 ( 1d )" \
26205 -c "NamedGroup: ffdhe8192 ( 104 )" \
26206 -c "Verifying peer X.509 certificate... ok" \
26207 -s "HRR selected_group: ffdhe8192" \
26208 -c "received HelloRetryRequest message" \
26209 -c "selected_group ( 260 )"
26210
26211requires_config_enabled MBEDTLS_SSL_SRV_C
26212requires_config_enabled MBEDTLS_DEBUG_C
26213requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26214requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26215requires_config_enabled MBEDTLS_SSL_CLI_C
26216requires_config_enabled MBEDTLS_DEBUG_C
26217requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26218requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26219run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]26220 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26221 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26222 0 \
26223 -s "Protocol is TLSv1.3" \
26224 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]26225 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26226 -c "Protocol is TLSv1.3" \
26227 -c "NamedGroup: x448 ( 1e )" \
26228 -c "NamedGroup: secp256r1 ( 17 )" \
26229 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26230 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26231 -c "received HelloRetryRequest message" \
26232 -c "selected_group ( 23 )"
26233
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]26234requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26235requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26236requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26237requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26238requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26239requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26240requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26241requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26242run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]26243 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26244 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26245 0 \
26246 -s "Protocol is TLSv1.3" \
26247 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]26248 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26249 -c "Protocol is TLSv1.3" \
26250 -c "NamedGroup: x448 ( 1e )" \
26251 -c "NamedGroup: secp384r1 ( 18 )" \
26252 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26253 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26254 -c "received HelloRetryRequest message" \
26255 -c "selected_group ( 24 )"
26256
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]26257requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26258requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26259requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26260requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26261requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26262requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26263requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26264requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26265run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]26266 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26267 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26268 0 \
26269 -s "Protocol is TLSv1.3" \
26270 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]26271 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26272 -c "Protocol is TLSv1.3" \
26273 -c "NamedGroup: x448 ( 1e )" \
26274 -c "NamedGroup: secp521r1 ( 19 )" \
26275 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26276 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26277 -c "received HelloRetryRequest message" \
26278 -c "selected_group ( 25 )"
26279
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]26280requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26281requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26282requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26283requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26284requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26285requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]26286requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26287requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26288run_test "TLS 1.3 m->m: HRR x448 -> x25519" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]26289 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26290 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26291 0 \
26292 -s "Protocol is TLSv1.3" \
26293 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]26294 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26295 -c "Protocol is TLSv1.3" \
26296 -c "NamedGroup: x448 ( 1e )" \
26297 -c "NamedGroup: x25519 ( 1d )" \
26298 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]26299 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]26300 -c "received HelloRetryRequest message" \
26301 -c "selected_group ( 29 )"
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame^]26302
26303requires_config_enabled MBEDTLS_SSL_SRV_C
26304requires_config_enabled MBEDTLS_DEBUG_C
26305requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26306requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26307requires_config_enabled MBEDTLS_SSL_CLI_C
26308requires_config_enabled MBEDTLS_DEBUG_C
26309requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26310requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26311run_test "TLS 1.3 m->m: HRR x448 -> ffdhe2048" \
26312 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26313 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe2048" \
26314 0 \
26315 -s "Protocol is TLSv1.3" \
26316 -s "got named group: ffdhe2048(0100)" \
26317 -s "Certificate verification was skipped" \
26318 -c "Protocol is TLSv1.3" \
26319 -c "NamedGroup: x448 ( 1e )" \
26320 -c "NamedGroup: ffdhe2048 ( 100 )" \
26321 -c "Verifying peer X.509 certificate... ok" \
26322 -s "HRR selected_group: ffdhe2048" \
26323 -c "received HelloRetryRequest message" \
26324 -c "selected_group ( 256 )"
26325
26326requires_config_enabled MBEDTLS_SSL_SRV_C
26327requires_config_enabled MBEDTLS_DEBUG_C
26328requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26329requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26330requires_config_enabled MBEDTLS_SSL_CLI_C
26331requires_config_enabled MBEDTLS_DEBUG_C
26332requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26333requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26334run_test "TLS 1.3 m->m: HRR x448 -> ffdhe3072" \
26335 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26336 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe3072" \
26337 0 \
26338 -s "Protocol is TLSv1.3" \
26339 -s "got named group: ffdhe3072(0101)" \
26340 -s "Certificate verification was skipped" \
26341 -c "Protocol is TLSv1.3" \
26342 -c "NamedGroup: x448 ( 1e )" \
26343 -c "NamedGroup: ffdhe3072 ( 101 )" \
26344 -c "Verifying peer X.509 certificate... ok" \
26345 -s "HRR selected_group: ffdhe3072" \
26346 -c "received HelloRetryRequest message" \
26347 -c "selected_group ( 257 )"
26348
26349requires_config_enabled MBEDTLS_SSL_SRV_C
26350requires_config_enabled MBEDTLS_DEBUG_C
26351requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26352requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26353requires_config_enabled MBEDTLS_SSL_CLI_C
26354requires_config_enabled MBEDTLS_DEBUG_C
26355requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26356requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26357run_test "TLS 1.3 m->m: HRR x448 -> ffdhe4096" \
26358 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26359 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe4096" \
26360 0 \
26361 -s "Protocol is TLSv1.3" \
26362 -s "got named group: ffdhe4096(0102)" \
26363 -s "Certificate verification was skipped" \
26364 -c "Protocol is TLSv1.3" \
26365 -c "NamedGroup: x448 ( 1e )" \
26366 -c "NamedGroup: ffdhe4096 ( 102 )" \
26367 -c "Verifying peer X.509 certificate... ok" \
26368 -s "HRR selected_group: ffdhe4096" \
26369 -c "received HelloRetryRequest message" \
26370 -c "selected_group ( 258 )"
26371
26372requires_config_enabled MBEDTLS_SSL_SRV_C
26373requires_config_enabled MBEDTLS_DEBUG_C
26374requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26375requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26376requires_config_enabled MBEDTLS_SSL_CLI_C
26377requires_config_enabled MBEDTLS_DEBUG_C
26378requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26379requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26380run_test "TLS 1.3 m->m: HRR x448 -> ffdhe6144" \
26381 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26382 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe6144" \
26383 0 \
26384 -s "Protocol is TLSv1.3" \
26385 -s "got named group: ffdhe6144(0103)" \
26386 -s "Certificate verification was skipped" \
26387 -c "Protocol is TLSv1.3" \
26388 -c "NamedGroup: x448 ( 1e )" \
26389 -c "NamedGroup: ffdhe6144 ( 103 )" \
26390 -c "Verifying peer X.509 certificate... ok" \
26391 -s "HRR selected_group: ffdhe6144" \
26392 -c "received HelloRetryRequest message" \
26393 -c "selected_group ( 259 )"
26394
26395requires_config_enabled MBEDTLS_SSL_SRV_C
26396requires_config_enabled MBEDTLS_DEBUG_C
26397requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26398requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26399requires_config_enabled MBEDTLS_SSL_CLI_C
26400requires_config_enabled MBEDTLS_DEBUG_C
26401requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26402requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26403run_test "TLS 1.3 m->m: HRR x448 -> ffdhe8192" \
26404 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26405 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \
26406 0 \
26407 -s "Protocol is TLSv1.3" \
26408 -s "got named group: ffdhe8192(0104)" \
26409 -s "Certificate verification was skipped" \
26410 -c "Protocol is TLSv1.3" \
26411 -c "NamedGroup: x448 ( 1e )" \
26412 -c "NamedGroup: ffdhe8192 ( 104 )" \
26413 -c "Verifying peer X.509 certificate... ok" \
26414 -s "HRR selected_group: ffdhe8192" \
26415 -c "received HelloRetryRequest message" \
26416 -c "selected_group ( 260 )"
26417
26418requires_config_enabled MBEDTLS_SSL_SRV_C
26419requires_config_enabled MBEDTLS_DEBUG_C
26420requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26421requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26422requires_config_enabled MBEDTLS_SSL_CLI_C
26423requires_config_enabled MBEDTLS_DEBUG_C
26424requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26425requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26426run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp256r1" \
26427 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26428 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp256r1" \
26429 0 \
26430 -s "Protocol is TLSv1.3" \
26431 -s "got named group: secp256r1(0017)" \
26432 -s "Certificate verification was skipped" \
26433 -c "Protocol is TLSv1.3" \
26434 -c "NamedGroup: ffdhe2048 ( 100 )" \
26435 -c "NamedGroup: secp256r1 ( 17 )" \
26436 -c "Verifying peer X.509 certificate... ok" \
26437 -s "HRR selected_group: secp256r1" \
26438 -c "received HelloRetryRequest message" \
26439 -c "selected_group ( 23 )"
26440
26441requires_config_enabled MBEDTLS_SSL_SRV_C
26442requires_config_enabled MBEDTLS_DEBUG_C
26443requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26444requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26445requires_config_enabled MBEDTLS_SSL_CLI_C
26446requires_config_enabled MBEDTLS_DEBUG_C
26447requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26448requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26449run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp384r1" \
26450 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26451 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp384r1" \
26452 0 \
26453 -s "Protocol is TLSv1.3" \
26454 -s "got named group: secp384r1(0018)" \
26455 -s "Certificate verification was skipped" \
26456 -c "Protocol is TLSv1.3" \
26457 -c "NamedGroup: ffdhe2048 ( 100 )" \
26458 -c "NamedGroup: secp384r1 ( 18 )" \
26459 -c "Verifying peer X.509 certificate... ok" \
26460 -s "HRR selected_group: secp384r1" \
26461 -c "received HelloRetryRequest message" \
26462 -c "selected_group ( 24 )"
26463
26464requires_config_enabled MBEDTLS_SSL_SRV_C
26465requires_config_enabled MBEDTLS_DEBUG_C
26466requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26467requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26468requires_config_enabled MBEDTLS_SSL_CLI_C
26469requires_config_enabled MBEDTLS_DEBUG_C
26470requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26471requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26472run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp521r1" \
26473 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26474 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp521r1" \
26475 0 \
26476 -s "Protocol is TLSv1.3" \
26477 -s "got named group: secp521r1(0019)" \
26478 -s "Certificate verification was skipped" \
26479 -c "Protocol is TLSv1.3" \
26480 -c "NamedGroup: ffdhe2048 ( 100 )" \
26481 -c "NamedGroup: secp521r1 ( 19 )" \
26482 -c "Verifying peer X.509 certificate... ok" \
26483 -s "HRR selected_group: secp521r1" \
26484 -c "received HelloRetryRequest message" \
26485 -c "selected_group ( 25 )"
26486
26487requires_config_enabled MBEDTLS_SSL_SRV_C
26488requires_config_enabled MBEDTLS_DEBUG_C
26489requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26490requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26491requires_config_enabled MBEDTLS_SSL_CLI_C
26492requires_config_enabled MBEDTLS_DEBUG_C
26493requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26494requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26495run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x25519" \
26496 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26497 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x25519" \
26498 0 \
26499 -s "Protocol is TLSv1.3" \
26500 -s "got named group: x25519(001d)" \
26501 -s "Certificate verification was skipped" \
26502 -c "Protocol is TLSv1.3" \
26503 -c "NamedGroup: ffdhe2048 ( 100 )" \
26504 -c "NamedGroup: x25519 ( 1d )" \
26505 -c "Verifying peer X.509 certificate... ok" \
26506 -s "HRR selected_group: x25519" \
26507 -c "received HelloRetryRequest message" \
26508 -c "selected_group ( 29 )"
26509
26510requires_config_enabled MBEDTLS_SSL_SRV_C
26511requires_config_enabled MBEDTLS_DEBUG_C
26512requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26513requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26514requires_config_enabled MBEDTLS_SSL_CLI_C
26515requires_config_enabled MBEDTLS_DEBUG_C
26516requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26517requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26518run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x448" \
26519 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26520 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x448" \
26521 0 \
26522 -s "Protocol is TLSv1.3" \
26523 -s "got named group: x448(001e)" \
26524 -s "Certificate verification was skipped" \
26525 -c "Protocol is TLSv1.3" \
26526 -c "NamedGroup: ffdhe2048 ( 100 )" \
26527 -c "NamedGroup: x448 ( 1e )" \
26528 -c "Verifying peer X.509 certificate... ok" \
26529 -s "HRR selected_group: x448" \
26530 -c "received HelloRetryRequest message" \
26531 -c "selected_group ( 30 )"
26532
26533requires_config_enabled MBEDTLS_SSL_SRV_C
26534requires_config_enabled MBEDTLS_DEBUG_C
26535requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26536requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26537requires_config_enabled MBEDTLS_SSL_CLI_C
26538requires_config_enabled MBEDTLS_DEBUG_C
26539requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26540requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26541run_test "TLS 1.3 m->m: HRR ffdhe2048 -> ffdhe3072" \
26542 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26543 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe3072" \
26544 0 \
26545 -s "Protocol is TLSv1.3" \
26546 -s "got named group: ffdhe3072(0101)" \
26547 -s "Certificate verification was skipped" \
26548 -c "Protocol is TLSv1.3" \
26549 -c "NamedGroup: ffdhe2048 ( 100 )" \
26550 -c "NamedGroup: ffdhe3072 ( 101 )" \
26551 -c "Verifying peer X.509 certificate... ok" \
26552 -s "HRR selected_group: ffdhe3072" \
26553 -c "received HelloRetryRequest message" \
26554 -c "selected_group ( 257 )"
26555
26556requires_config_enabled MBEDTLS_SSL_SRV_C
26557requires_config_enabled MBEDTLS_DEBUG_C
26558requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26559requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26560requires_config_enabled MBEDTLS_SSL_CLI_C
26561requires_config_enabled MBEDTLS_DEBUG_C
26562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26564run_test "TLS 1.3 m->m: HRR ffdhe2048 -> ffdhe4096" \
26565 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26566 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe4096" \
26567 0 \
26568 -s "Protocol is TLSv1.3" \
26569 -s "got named group: ffdhe4096(0102)" \
26570 -s "Certificate verification was skipped" \
26571 -c "Protocol is TLSv1.3" \
26572 -c "NamedGroup: ffdhe2048 ( 100 )" \
26573 -c "NamedGroup: ffdhe4096 ( 102 )" \
26574 -c "Verifying peer X.509 certificate... ok" \
26575 -s "HRR selected_group: ffdhe4096" \
26576 -c "received HelloRetryRequest message" \
26577 -c "selected_group ( 258 )"
26578
26579requires_config_enabled MBEDTLS_SSL_SRV_C
26580requires_config_enabled MBEDTLS_DEBUG_C
26581requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26582requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26583requires_config_enabled MBEDTLS_SSL_CLI_C
26584requires_config_enabled MBEDTLS_DEBUG_C
26585requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26586requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26587run_test "TLS 1.3 m->m: HRR ffdhe2048 -> ffdhe6144" \
26588 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26589 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe6144" \
26590 0 \
26591 -s "Protocol is TLSv1.3" \
26592 -s "got named group: ffdhe6144(0103)" \
26593 -s "Certificate verification was skipped" \
26594 -c "Protocol is TLSv1.3" \
26595 -c "NamedGroup: ffdhe2048 ( 100 )" \
26596 -c "NamedGroup: ffdhe6144 ( 103 )" \
26597 -c "Verifying peer X.509 certificate... ok" \
26598 -s "HRR selected_group: ffdhe6144" \
26599 -c "received HelloRetryRequest message" \
26600 -c "selected_group ( 259 )"
26601
26602requires_config_enabled MBEDTLS_SSL_SRV_C
26603requires_config_enabled MBEDTLS_DEBUG_C
26604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26605requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26606requires_config_enabled MBEDTLS_SSL_CLI_C
26607requires_config_enabled MBEDTLS_DEBUG_C
26608requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26609requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26610run_test "TLS 1.3 m->m: HRR ffdhe2048 -> ffdhe8192" \
26611 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26612 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \
26613 0 \
26614 -s "Protocol is TLSv1.3" \
26615 -s "got named group: ffdhe8192(0104)" \
26616 -s "Certificate verification was skipped" \
26617 -c "Protocol is TLSv1.3" \
26618 -c "NamedGroup: ffdhe2048 ( 100 )" \
26619 -c "NamedGroup: ffdhe8192 ( 104 )" \
26620 -c "Verifying peer X.509 certificate... ok" \
26621 -s "HRR selected_group: ffdhe8192" \
26622 -c "received HelloRetryRequest message" \
26623 -c "selected_group ( 260 )"
26624
26625requires_config_enabled MBEDTLS_SSL_SRV_C
26626requires_config_enabled MBEDTLS_DEBUG_C
26627requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26628requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26629requires_config_enabled MBEDTLS_SSL_CLI_C
26630requires_config_enabled MBEDTLS_DEBUG_C
26631requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26632requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26633run_test "TLS 1.3 m->m: HRR ffdhe3072 -> secp256r1" \
26634 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26635 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,secp256r1" \
26636 0 \
26637 -s "Protocol is TLSv1.3" \
26638 -s "got named group: secp256r1(0017)" \
26639 -s "Certificate verification was skipped" \
26640 -c "Protocol is TLSv1.3" \
26641 -c "NamedGroup: ffdhe3072 ( 101 )" \
26642 -c "NamedGroup: secp256r1 ( 17 )" \
26643 -c "Verifying peer X.509 certificate... ok" \
26644 -s "HRR selected_group: secp256r1" \
26645 -c "received HelloRetryRequest message" \
26646 -c "selected_group ( 23 )"
26647
26648requires_config_enabled MBEDTLS_SSL_SRV_C
26649requires_config_enabled MBEDTLS_DEBUG_C
26650requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26651requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26652requires_config_enabled MBEDTLS_SSL_CLI_C
26653requires_config_enabled MBEDTLS_DEBUG_C
26654requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26655requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26656run_test "TLS 1.3 m->m: HRR ffdhe3072 -> secp384r1" \
26657 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26658 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,secp384r1" \
26659 0 \
26660 -s "Protocol is TLSv1.3" \
26661 -s "got named group: secp384r1(0018)" \
26662 -s "Certificate verification was skipped" \
26663 -c "Protocol is TLSv1.3" \
26664 -c "NamedGroup: ffdhe3072 ( 101 )" \
26665 -c "NamedGroup: secp384r1 ( 18 )" \
26666 -c "Verifying peer X.509 certificate... ok" \
26667 -s "HRR selected_group: secp384r1" \
26668 -c "received HelloRetryRequest message" \
26669 -c "selected_group ( 24 )"
26670
26671requires_config_enabled MBEDTLS_SSL_SRV_C
26672requires_config_enabled MBEDTLS_DEBUG_C
26673requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26674requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26675requires_config_enabled MBEDTLS_SSL_CLI_C
26676requires_config_enabled MBEDTLS_DEBUG_C
26677requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26678requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26679run_test "TLS 1.3 m->m: HRR ffdhe3072 -> secp521r1" \
26680 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26681 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,secp521r1" \
26682 0 \
26683 -s "Protocol is TLSv1.3" \
26684 -s "got named group: secp521r1(0019)" \
26685 -s "Certificate verification was skipped" \
26686 -c "Protocol is TLSv1.3" \
26687 -c "NamedGroup: ffdhe3072 ( 101 )" \
26688 -c "NamedGroup: secp521r1 ( 19 )" \
26689 -c "Verifying peer X.509 certificate... ok" \
26690 -s "HRR selected_group: secp521r1" \
26691 -c "received HelloRetryRequest message" \
26692 -c "selected_group ( 25 )"
26693
26694requires_config_enabled MBEDTLS_SSL_SRV_C
26695requires_config_enabled MBEDTLS_DEBUG_C
26696requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26697requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26698requires_config_enabled MBEDTLS_SSL_CLI_C
26699requires_config_enabled MBEDTLS_DEBUG_C
26700requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26701requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26702run_test "TLS 1.3 m->m: HRR ffdhe3072 -> x25519" \
26703 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26704 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,x25519" \
26705 0 \
26706 -s "Protocol is TLSv1.3" \
26707 -s "got named group: x25519(001d)" \
26708 -s "Certificate verification was skipped" \
26709 -c "Protocol is TLSv1.3" \
26710 -c "NamedGroup: ffdhe3072 ( 101 )" \
26711 -c "NamedGroup: x25519 ( 1d )" \
26712 -c "Verifying peer X.509 certificate... ok" \
26713 -s "HRR selected_group: x25519" \
26714 -c "received HelloRetryRequest message" \
26715 -c "selected_group ( 29 )"
26716
26717requires_config_enabled MBEDTLS_SSL_SRV_C
26718requires_config_enabled MBEDTLS_DEBUG_C
26719requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26720requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26721requires_config_enabled MBEDTLS_SSL_CLI_C
26722requires_config_enabled MBEDTLS_DEBUG_C
26723requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26724requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26725run_test "TLS 1.3 m->m: HRR ffdhe3072 -> x448" \
26726 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26727 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,x448" \
26728 0 \
26729 -s "Protocol is TLSv1.3" \
26730 -s "got named group: x448(001e)" \
26731 -s "Certificate verification was skipped" \
26732 -c "Protocol is TLSv1.3" \
26733 -c "NamedGroup: ffdhe3072 ( 101 )" \
26734 -c "NamedGroup: x448 ( 1e )" \
26735 -c "Verifying peer X.509 certificate... ok" \
26736 -s "HRR selected_group: x448" \
26737 -c "received HelloRetryRequest message" \
26738 -c "selected_group ( 30 )"
26739
26740requires_config_enabled MBEDTLS_SSL_SRV_C
26741requires_config_enabled MBEDTLS_DEBUG_C
26742requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26743requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26744requires_config_enabled MBEDTLS_SSL_CLI_C
26745requires_config_enabled MBEDTLS_DEBUG_C
26746requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26747requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26748run_test "TLS 1.3 m->m: HRR ffdhe3072 -> ffdhe2048" \
26749 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26750 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,ffdhe2048" \
26751 0 \
26752 -s "Protocol is TLSv1.3" \
26753 -s "got named group: ffdhe2048(0100)" \
26754 -s "Certificate verification was skipped" \
26755 -c "Protocol is TLSv1.3" \
26756 -c "NamedGroup: ffdhe3072 ( 101 )" \
26757 -c "NamedGroup: ffdhe2048 ( 100 )" \
26758 -c "Verifying peer X.509 certificate... ok" \
26759 -s "HRR selected_group: ffdhe2048" \
26760 -c "received HelloRetryRequest message" \
26761 -c "selected_group ( 256 )"
26762
26763requires_config_enabled MBEDTLS_SSL_SRV_C
26764requires_config_enabled MBEDTLS_DEBUG_C
26765requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26766requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26767requires_config_enabled MBEDTLS_SSL_CLI_C
26768requires_config_enabled MBEDTLS_DEBUG_C
26769requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26770requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26771run_test "TLS 1.3 m->m: HRR ffdhe3072 -> ffdhe4096" \
26772 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26773 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,ffdhe4096" \
26774 0 \
26775 -s "Protocol is TLSv1.3" \
26776 -s "got named group: ffdhe4096(0102)" \
26777 -s "Certificate verification was skipped" \
26778 -c "Protocol is TLSv1.3" \
26779 -c "NamedGroup: ffdhe3072 ( 101 )" \
26780 -c "NamedGroup: ffdhe4096 ( 102 )" \
26781 -c "Verifying peer X.509 certificate... ok" \
26782 -s "HRR selected_group: ffdhe4096" \
26783 -c "received HelloRetryRequest message" \
26784 -c "selected_group ( 258 )"
26785
26786requires_config_enabled MBEDTLS_SSL_SRV_C
26787requires_config_enabled MBEDTLS_DEBUG_C
26788requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26789requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26790requires_config_enabled MBEDTLS_SSL_CLI_C
26791requires_config_enabled MBEDTLS_DEBUG_C
26792requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26793requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26794run_test "TLS 1.3 m->m: HRR ffdhe3072 -> ffdhe6144" \
26795 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26796 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,ffdhe6144" \
26797 0 \
26798 -s "Protocol is TLSv1.3" \
26799 -s "got named group: ffdhe6144(0103)" \
26800 -s "Certificate verification was skipped" \
26801 -c "Protocol is TLSv1.3" \
26802 -c "NamedGroup: ffdhe3072 ( 101 )" \
26803 -c "NamedGroup: ffdhe6144 ( 103 )" \
26804 -c "Verifying peer X.509 certificate... ok" \
26805 -s "HRR selected_group: ffdhe6144" \
26806 -c "received HelloRetryRequest message" \
26807 -c "selected_group ( 259 )"
26808
26809requires_config_enabled MBEDTLS_SSL_SRV_C
26810requires_config_enabled MBEDTLS_DEBUG_C
26811requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26812requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26813requires_config_enabled MBEDTLS_SSL_CLI_C
26814requires_config_enabled MBEDTLS_DEBUG_C
26815requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26816requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26817run_test "TLS 1.3 m->m: HRR ffdhe3072 -> ffdhe8192" \
26818 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26819 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072,ffdhe8192" \
26820 0 \
26821 -s "Protocol is TLSv1.3" \
26822 -s "got named group: ffdhe8192(0104)" \
26823 -s "Certificate verification was skipped" \
26824 -c "Protocol is TLSv1.3" \
26825 -c "NamedGroup: ffdhe3072 ( 101 )" \
26826 -c "NamedGroup: ffdhe8192 ( 104 )" \
26827 -c "Verifying peer X.509 certificate... ok" \
26828 -s "HRR selected_group: ffdhe8192" \
26829 -c "received HelloRetryRequest message" \
26830 -c "selected_group ( 260 )"
26831
26832requires_config_enabled MBEDTLS_SSL_SRV_C
26833requires_config_enabled MBEDTLS_DEBUG_C
26834requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26835requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26836requires_config_enabled MBEDTLS_SSL_CLI_C
26837requires_config_enabled MBEDTLS_DEBUG_C
26838requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26839requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26840run_test "TLS 1.3 m->m: HRR ffdhe4096 -> secp256r1" \
26841 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26842 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,secp256r1" \
26843 0 \
26844 -s "Protocol is TLSv1.3" \
26845 -s "got named group: secp256r1(0017)" \
26846 -s "Certificate verification was skipped" \
26847 -c "Protocol is TLSv1.3" \
26848 -c "NamedGroup: ffdhe4096 ( 102 )" \
26849 -c "NamedGroup: secp256r1 ( 17 )" \
26850 -c "Verifying peer X.509 certificate... ok" \
26851 -s "HRR selected_group: secp256r1" \
26852 -c "received HelloRetryRequest message" \
26853 -c "selected_group ( 23 )"
26854
26855requires_config_enabled MBEDTLS_SSL_SRV_C
26856requires_config_enabled MBEDTLS_DEBUG_C
26857requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26858requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26859requires_config_enabled MBEDTLS_SSL_CLI_C
26860requires_config_enabled MBEDTLS_DEBUG_C
26861requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26862requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26863run_test "TLS 1.3 m->m: HRR ffdhe4096 -> secp384r1" \
26864 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26865 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,secp384r1" \
26866 0 \
26867 -s "Protocol is TLSv1.3" \
26868 -s "got named group: secp384r1(0018)" \
26869 -s "Certificate verification was skipped" \
26870 -c "Protocol is TLSv1.3" \
26871 -c "NamedGroup: ffdhe4096 ( 102 )" \
26872 -c "NamedGroup: secp384r1 ( 18 )" \
26873 -c "Verifying peer X.509 certificate... ok" \
26874 -s "HRR selected_group: secp384r1" \
26875 -c "received HelloRetryRequest message" \
26876 -c "selected_group ( 24 )"
26877
26878requires_config_enabled MBEDTLS_SSL_SRV_C
26879requires_config_enabled MBEDTLS_DEBUG_C
26880requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26881requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26882requires_config_enabled MBEDTLS_SSL_CLI_C
26883requires_config_enabled MBEDTLS_DEBUG_C
26884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26886run_test "TLS 1.3 m->m: HRR ffdhe4096 -> secp521r1" \
26887 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26888 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,secp521r1" \
26889 0 \
26890 -s "Protocol is TLSv1.3" \
26891 -s "got named group: secp521r1(0019)" \
26892 -s "Certificate verification was skipped" \
26893 -c "Protocol is TLSv1.3" \
26894 -c "NamedGroup: ffdhe4096 ( 102 )" \
26895 -c "NamedGroup: secp521r1 ( 19 )" \
26896 -c "Verifying peer X.509 certificate... ok" \
26897 -s "HRR selected_group: secp521r1" \
26898 -c "received HelloRetryRequest message" \
26899 -c "selected_group ( 25 )"
26900
26901requires_config_enabled MBEDTLS_SSL_SRV_C
26902requires_config_enabled MBEDTLS_DEBUG_C
26903requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26904requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26905requires_config_enabled MBEDTLS_SSL_CLI_C
26906requires_config_enabled MBEDTLS_DEBUG_C
26907requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26908requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26909run_test "TLS 1.3 m->m: HRR ffdhe4096 -> x25519" \
26910 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26911 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,x25519" \
26912 0 \
26913 -s "Protocol is TLSv1.3" \
26914 -s "got named group: x25519(001d)" \
26915 -s "Certificate verification was skipped" \
26916 -c "Protocol is TLSv1.3" \
26917 -c "NamedGroup: ffdhe4096 ( 102 )" \
26918 -c "NamedGroup: x25519 ( 1d )" \
26919 -c "Verifying peer X.509 certificate... ok" \
26920 -s "HRR selected_group: x25519" \
26921 -c "received HelloRetryRequest message" \
26922 -c "selected_group ( 29 )"
26923
26924requires_config_enabled MBEDTLS_SSL_SRV_C
26925requires_config_enabled MBEDTLS_DEBUG_C
26926requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26927requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26928requires_config_enabled MBEDTLS_SSL_CLI_C
26929requires_config_enabled MBEDTLS_DEBUG_C
26930requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26931requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26932run_test "TLS 1.3 m->m: HRR ffdhe4096 -> x448" \
26933 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26934 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,x448" \
26935 0 \
26936 -s "Protocol is TLSv1.3" \
26937 -s "got named group: x448(001e)" \
26938 -s "Certificate verification was skipped" \
26939 -c "Protocol is TLSv1.3" \
26940 -c "NamedGroup: ffdhe4096 ( 102 )" \
26941 -c "NamedGroup: x448 ( 1e )" \
26942 -c "Verifying peer X.509 certificate... ok" \
26943 -s "HRR selected_group: x448" \
26944 -c "received HelloRetryRequest message" \
26945 -c "selected_group ( 30 )"
26946
26947requires_config_enabled MBEDTLS_SSL_SRV_C
26948requires_config_enabled MBEDTLS_DEBUG_C
26949requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26950requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26951requires_config_enabled MBEDTLS_SSL_CLI_C
26952requires_config_enabled MBEDTLS_DEBUG_C
26953requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26954requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26955run_test "TLS 1.3 m->m: HRR ffdhe4096 -> ffdhe2048" \
26956 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26957 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,ffdhe2048" \
26958 0 \
26959 -s "Protocol is TLSv1.3" \
26960 -s "got named group: ffdhe2048(0100)" \
26961 -s "Certificate verification was skipped" \
26962 -c "Protocol is TLSv1.3" \
26963 -c "NamedGroup: ffdhe4096 ( 102 )" \
26964 -c "NamedGroup: ffdhe2048 ( 100 )" \
26965 -c "Verifying peer X.509 certificate... ok" \
26966 -s "HRR selected_group: ffdhe2048" \
26967 -c "received HelloRetryRequest message" \
26968 -c "selected_group ( 256 )"
26969
26970requires_config_enabled MBEDTLS_SSL_SRV_C
26971requires_config_enabled MBEDTLS_DEBUG_C
26972requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26973requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26974requires_config_enabled MBEDTLS_SSL_CLI_C
26975requires_config_enabled MBEDTLS_DEBUG_C
26976requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26977requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26978run_test "TLS 1.3 m->m: HRR ffdhe4096 -> ffdhe3072" \
26979 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26980 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,ffdhe3072" \
26981 0 \
26982 -s "Protocol is TLSv1.3" \
26983 -s "got named group: ffdhe3072(0101)" \
26984 -s "Certificate verification was skipped" \
26985 -c "Protocol is TLSv1.3" \
26986 -c "NamedGroup: ffdhe4096 ( 102 )" \
26987 -c "NamedGroup: ffdhe3072 ( 101 )" \
26988 -c "Verifying peer X.509 certificate... ok" \
26989 -s "HRR selected_group: ffdhe3072" \
26990 -c "received HelloRetryRequest message" \
26991 -c "selected_group ( 257 )"
26992
26993requires_config_enabled MBEDTLS_SSL_SRV_C
26994requires_config_enabled MBEDTLS_DEBUG_C
26995requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
26996requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
26997requires_config_enabled MBEDTLS_SSL_CLI_C
26998requires_config_enabled MBEDTLS_DEBUG_C
26999requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27000requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27001run_test "TLS 1.3 m->m: HRR ffdhe4096 -> ffdhe6144" \
27002 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27003 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,ffdhe6144" \
27004 0 \
27005 -s "Protocol is TLSv1.3" \
27006 -s "got named group: ffdhe6144(0103)" \
27007 -s "Certificate verification was skipped" \
27008 -c "Protocol is TLSv1.3" \
27009 -c "NamedGroup: ffdhe4096 ( 102 )" \
27010 -c "NamedGroup: ffdhe6144 ( 103 )" \
27011 -c "Verifying peer X.509 certificate... ok" \
27012 -s "HRR selected_group: ffdhe6144" \
27013 -c "received HelloRetryRequest message" \
27014 -c "selected_group ( 259 )"
27015
27016requires_config_enabled MBEDTLS_SSL_SRV_C
27017requires_config_enabled MBEDTLS_DEBUG_C
27018requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27019requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27020requires_config_enabled MBEDTLS_SSL_CLI_C
27021requires_config_enabled MBEDTLS_DEBUG_C
27022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27023requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27024run_test "TLS 1.3 m->m: HRR ffdhe4096 -> ffdhe8192" \
27025 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27026 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096,ffdhe8192" \
27027 0 \
27028 -s "Protocol is TLSv1.3" \
27029 -s "got named group: ffdhe8192(0104)" \
27030 -s "Certificate verification was skipped" \
27031 -c "Protocol is TLSv1.3" \
27032 -c "NamedGroup: ffdhe4096 ( 102 )" \
27033 -c "NamedGroup: ffdhe8192 ( 104 )" \
27034 -c "Verifying peer X.509 certificate... ok" \
27035 -s "HRR selected_group: ffdhe8192" \
27036 -c "received HelloRetryRequest message" \
27037 -c "selected_group ( 260 )"
27038
27039requires_config_enabled MBEDTLS_SSL_SRV_C
27040requires_config_enabled MBEDTLS_DEBUG_C
27041requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27042requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27043requires_config_enabled MBEDTLS_SSL_CLI_C
27044requires_config_enabled MBEDTLS_DEBUG_C
27045requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27046requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27047run_test "TLS 1.3 m->m: HRR ffdhe6144 -> secp256r1" \
27048 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27049 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,secp256r1" \
27050 0 \
27051 -s "Protocol is TLSv1.3" \
27052 -s "got named group: secp256r1(0017)" \
27053 -s "Certificate verification was skipped" \
27054 -c "Protocol is TLSv1.3" \
27055 -c "NamedGroup: ffdhe6144 ( 103 )" \
27056 -c "NamedGroup: secp256r1 ( 17 )" \
27057 -c "Verifying peer X.509 certificate... ok" \
27058 -s "HRR selected_group: secp256r1" \
27059 -c "received HelloRetryRequest message" \
27060 -c "selected_group ( 23 )"
27061
27062requires_config_enabled MBEDTLS_SSL_SRV_C
27063requires_config_enabled MBEDTLS_DEBUG_C
27064requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27065requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27066requires_config_enabled MBEDTLS_SSL_CLI_C
27067requires_config_enabled MBEDTLS_DEBUG_C
27068requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27069requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27070run_test "TLS 1.3 m->m: HRR ffdhe6144 -> secp384r1" \
27071 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27072 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,secp384r1" \
27073 0 \
27074 -s "Protocol is TLSv1.3" \
27075 -s "got named group: secp384r1(0018)" \
27076 -s "Certificate verification was skipped" \
27077 -c "Protocol is TLSv1.3" \
27078 -c "NamedGroup: ffdhe6144 ( 103 )" \
27079 -c "NamedGroup: secp384r1 ( 18 )" \
27080 -c "Verifying peer X.509 certificate... ok" \
27081 -s "HRR selected_group: secp384r1" \
27082 -c "received HelloRetryRequest message" \
27083 -c "selected_group ( 24 )"
27084
27085requires_config_enabled MBEDTLS_SSL_SRV_C
27086requires_config_enabled MBEDTLS_DEBUG_C
27087requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27088requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27089requires_config_enabled MBEDTLS_SSL_CLI_C
27090requires_config_enabled MBEDTLS_DEBUG_C
27091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27092requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27093run_test "TLS 1.3 m->m: HRR ffdhe6144 -> secp521r1" \
27094 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27095 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,secp521r1" \
27096 0 \
27097 -s "Protocol is TLSv1.3" \
27098 -s "got named group: secp521r1(0019)" \
27099 -s "Certificate verification was skipped" \
27100 -c "Protocol is TLSv1.3" \
27101 -c "NamedGroup: ffdhe6144 ( 103 )" \
27102 -c "NamedGroup: secp521r1 ( 19 )" \
27103 -c "Verifying peer X.509 certificate... ok" \
27104 -s "HRR selected_group: secp521r1" \
27105 -c "received HelloRetryRequest message" \
27106 -c "selected_group ( 25 )"
27107
27108requires_config_enabled MBEDTLS_SSL_SRV_C
27109requires_config_enabled MBEDTLS_DEBUG_C
27110requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27111requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27112requires_config_enabled MBEDTLS_SSL_CLI_C
27113requires_config_enabled MBEDTLS_DEBUG_C
27114requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27115requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27116run_test "TLS 1.3 m->m: HRR ffdhe6144 -> x25519" \
27117 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27118 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,x25519" \
27119 0 \
27120 -s "Protocol is TLSv1.3" \
27121 -s "got named group: x25519(001d)" \
27122 -s "Certificate verification was skipped" \
27123 -c "Protocol is TLSv1.3" \
27124 -c "NamedGroup: ffdhe6144 ( 103 )" \
27125 -c "NamedGroup: x25519 ( 1d )" \
27126 -c "Verifying peer X.509 certificate... ok" \
27127 -s "HRR selected_group: x25519" \
27128 -c "received HelloRetryRequest message" \
27129 -c "selected_group ( 29 )"
27130
27131requires_config_enabled MBEDTLS_SSL_SRV_C
27132requires_config_enabled MBEDTLS_DEBUG_C
27133requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27134requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27135requires_config_enabled MBEDTLS_SSL_CLI_C
27136requires_config_enabled MBEDTLS_DEBUG_C
27137requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27138requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27139run_test "TLS 1.3 m->m: HRR ffdhe6144 -> x448" \
27140 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27141 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,x448" \
27142 0 \
27143 -s "Protocol is TLSv1.3" \
27144 -s "got named group: x448(001e)" \
27145 -s "Certificate verification was skipped" \
27146 -c "Protocol is TLSv1.3" \
27147 -c "NamedGroup: ffdhe6144 ( 103 )" \
27148 -c "NamedGroup: x448 ( 1e )" \
27149 -c "Verifying peer X.509 certificate... ok" \
27150 -s "HRR selected_group: x448" \
27151 -c "received HelloRetryRequest message" \
27152 -c "selected_group ( 30 )"
27153
27154requires_config_enabled MBEDTLS_SSL_SRV_C
27155requires_config_enabled MBEDTLS_DEBUG_C
27156requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27157requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27158requires_config_enabled MBEDTLS_SSL_CLI_C
27159requires_config_enabled MBEDTLS_DEBUG_C
27160requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27162run_test "TLS 1.3 m->m: HRR ffdhe6144 -> ffdhe2048" \
27163 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27164 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,ffdhe2048" \
27165 0 \
27166 -s "Protocol is TLSv1.3" \
27167 -s "got named group: ffdhe2048(0100)" \
27168 -s "Certificate verification was skipped" \
27169 -c "Protocol is TLSv1.3" \
27170 -c "NamedGroup: ffdhe6144 ( 103 )" \
27171 -c "NamedGroup: ffdhe2048 ( 100 )" \
27172 -c "Verifying peer X.509 certificate... ok" \
27173 -s "HRR selected_group: ffdhe2048" \
27174 -c "received HelloRetryRequest message" \
27175 -c "selected_group ( 256 )"
27176
27177requires_config_enabled MBEDTLS_SSL_SRV_C
27178requires_config_enabled MBEDTLS_DEBUG_C
27179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27180requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27181requires_config_enabled MBEDTLS_SSL_CLI_C
27182requires_config_enabled MBEDTLS_DEBUG_C
27183requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27184requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27185run_test "TLS 1.3 m->m: HRR ffdhe6144 -> ffdhe3072" \
27186 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27187 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,ffdhe3072" \
27188 0 \
27189 -s "Protocol is TLSv1.3" \
27190 -s "got named group: ffdhe3072(0101)" \
27191 -s "Certificate verification was skipped" \
27192 -c "Protocol is TLSv1.3" \
27193 -c "NamedGroup: ffdhe6144 ( 103 )" \
27194 -c "NamedGroup: ffdhe3072 ( 101 )" \
27195 -c "Verifying peer X.509 certificate... ok" \
27196 -s "HRR selected_group: ffdhe3072" \
27197 -c "received HelloRetryRequest message" \
27198 -c "selected_group ( 257 )"
27199
27200requires_config_enabled MBEDTLS_SSL_SRV_C
27201requires_config_enabled MBEDTLS_DEBUG_C
27202requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27203requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27204requires_config_enabled MBEDTLS_SSL_CLI_C
27205requires_config_enabled MBEDTLS_DEBUG_C
27206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27207requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27208run_test "TLS 1.3 m->m: HRR ffdhe6144 -> ffdhe4096" \
27209 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27210 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,ffdhe4096" \
27211 0 \
27212 -s "Protocol is TLSv1.3" \
27213 -s "got named group: ffdhe4096(0102)" \
27214 -s "Certificate verification was skipped" \
27215 -c "Protocol is TLSv1.3" \
27216 -c "NamedGroup: ffdhe6144 ( 103 )" \
27217 -c "NamedGroup: ffdhe4096 ( 102 )" \
27218 -c "Verifying peer X.509 certificate... ok" \
27219 -s "HRR selected_group: ffdhe4096" \
27220 -c "received HelloRetryRequest message" \
27221 -c "selected_group ( 258 )"
27222
27223requires_config_enabled MBEDTLS_SSL_SRV_C
27224requires_config_enabled MBEDTLS_DEBUG_C
27225requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27226requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27227requires_config_enabled MBEDTLS_SSL_CLI_C
27228requires_config_enabled MBEDTLS_DEBUG_C
27229requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27230requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27231run_test "TLS 1.3 m->m: HRR ffdhe6144 -> ffdhe8192" \
27232 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27233 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144,ffdhe8192" \
27234 0 \
27235 -s "Protocol is TLSv1.3" \
27236 -s "got named group: ffdhe8192(0104)" \
27237 -s "Certificate verification was skipped" \
27238 -c "Protocol is TLSv1.3" \
27239 -c "NamedGroup: ffdhe6144 ( 103 )" \
27240 -c "NamedGroup: ffdhe8192 ( 104 )" \
27241 -c "Verifying peer X.509 certificate... ok" \
27242 -s "HRR selected_group: ffdhe8192" \
27243 -c "received HelloRetryRequest message" \
27244 -c "selected_group ( 260 )"
27245
27246requires_config_enabled MBEDTLS_SSL_SRV_C
27247requires_config_enabled MBEDTLS_DEBUG_C
27248requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27249requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27250requires_config_enabled MBEDTLS_SSL_CLI_C
27251requires_config_enabled MBEDTLS_DEBUG_C
27252requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27253requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27254run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp256r1" \
27255 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27256 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \
27257 0 \
27258 -s "Protocol is TLSv1.3" \
27259 -s "got named group: secp256r1(0017)" \
27260 -s "Certificate verification was skipped" \
27261 -c "Protocol is TLSv1.3" \
27262 -c "NamedGroup: ffdhe8192 ( 104 )" \
27263 -c "NamedGroup: secp256r1 ( 17 )" \
27264 -c "Verifying peer X.509 certificate... ok" \
27265 -s "HRR selected_group: secp256r1" \
27266 -c "received HelloRetryRequest message" \
27267 -c "selected_group ( 23 )"
27268
27269requires_config_enabled MBEDTLS_SSL_SRV_C
27270requires_config_enabled MBEDTLS_DEBUG_C
27271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27272requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27273requires_config_enabled MBEDTLS_SSL_CLI_C
27274requires_config_enabled MBEDTLS_DEBUG_C
27275requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27276requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27277run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp384r1" \
27278 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27279 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \
27280 0 \
27281 -s "Protocol is TLSv1.3" \
27282 -s "got named group: secp384r1(0018)" \
27283 -s "Certificate verification was skipped" \
27284 -c "Protocol is TLSv1.3" \
27285 -c "NamedGroup: ffdhe8192 ( 104 )" \
27286 -c "NamedGroup: secp384r1 ( 18 )" \
27287 -c "Verifying peer X.509 certificate... ok" \
27288 -s "HRR selected_group: secp384r1" \
27289 -c "received HelloRetryRequest message" \
27290 -c "selected_group ( 24 )"
27291
27292requires_config_enabled MBEDTLS_SSL_SRV_C
27293requires_config_enabled MBEDTLS_DEBUG_C
27294requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27295requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27296requires_config_enabled MBEDTLS_SSL_CLI_C
27297requires_config_enabled MBEDTLS_DEBUG_C
27298requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27299requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27300run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp521r1" \
27301 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27302 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \
27303 0 \
27304 -s "Protocol is TLSv1.3" \
27305 -s "got named group: secp521r1(0019)" \
27306 -s "Certificate verification was skipped" \
27307 -c "Protocol is TLSv1.3" \
27308 -c "NamedGroup: ffdhe8192 ( 104 )" \
27309 -c "NamedGroup: secp521r1 ( 19 )" \
27310 -c "Verifying peer X.509 certificate... ok" \
27311 -s "HRR selected_group: secp521r1" \
27312 -c "received HelloRetryRequest message" \
27313 -c "selected_group ( 25 )"
27314
27315requires_config_enabled MBEDTLS_SSL_SRV_C
27316requires_config_enabled MBEDTLS_DEBUG_C
27317requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27318requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27319requires_config_enabled MBEDTLS_SSL_CLI_C
27320requires_config_enabled MBEDTLS_DEBUG_C
27321requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27322requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27323run_test "TLS 1.3 m->m: HRR ffdhe8192 -> x25519" \
27324 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27325 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \
27326 0 \
27327 -s "Protocol is TLSv1.3" \
27328 -s "got named group: x25519(001d)" \
27329 -s "Certificate verification was skipped" \
27330 -c "Protocol is TLSv1.3" \
27331 -c "NamedGroup: ffdhe8192 ( 104 )" \
27332 -c "NamedGroup: x25519 ( 1d )" \
27333 -c "Verifying peer X.509 certificate... ok" \
27334 -s "HRR selected_group: x25519" \
27335 -c "received HelloRetryRequest message" \
27336 -c "selected_group ( 29 )"
27337
27338requires_config_enabled MBEDTLS_SSL_SRV_C
27339requires_config_enabled MBEDTLS_DEBUG_C
27340requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27341requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27342requires_config_enabled MBEDTLS_SSL_CLI_C
27343requires_config_enabled MBEDTLS_DEBUG_C
27344requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27345requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27346run_test "TLS 1.3 m->m: HRR ffdhe8192 -> x448" \
27347 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27348 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \
27349 0 \
27350 -s "Protocol is TLSv1.3" \
27351 -s "got named group: x448(001e)" \
27352 -s "Certificate verification was skipped" \
27353 -c "Protocol is TLSv1.3" \
27354 -c "NamedGroup: ffdhe8192 ( 104 )" \
27355 -c "NamedGroup: x448 ( 1e )" \
27356 -c "Verifying peer X.509 certificate... ok" \
27357 -s "HRR selected_group: x448" \
27358 -c "received HelloRetryRequest message" \
27359 -c "selected_group ( 30 )"
27360
27361requires_config_enabled MBEDTLS_SSL_SRV_C
27362requires_config_enabled MBEDTLS_DEBUG_C
27363requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27364requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27365requires_config_enabled MBEDTLS_SSL_CLI_C
27366requires_config_enabled MBEDTLS_DEBUG_C
27367requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27368requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27369run_test "TLS 1.3 m->m: HRR ffdhe8192 -> ffdhe2048" \
27370 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27371 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \
27372 0 \
27373 -s "Protocol is TLSv1.3" \
27374 -s "got named group: ffdhe2048(0100)" \
27375 -s "Certificate verification was skipped" \
27376 -c "Protocol is TLSv1.3" \
27377 -c "NamedGroup: ffdhe8192 ( 104 )" \
27378 -c "NamedGroup: ffdhe2048 ( 100 )" \
27379 -c "Verifying peer X.509 certificate... ok" \
27380 -s "HRR selected_group: ffdhe2048" \
27381 -c "received HelloRetryRequest message" \
27382 -c "selected_group ( 256 )"
27383
27384requires_config_enabled MBEDTLS_SSL_SRV_C
27385requires_config_enabled MBEDTLS_DEBUG_C
27386requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27387requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27388requires_config_enabled MBEDTLS_SSL_CLI_C
27389requires_config_enabled MBEDTLS_DEBUG_C
27390requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27391requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27392run_test "TLS 1.3 m->m: HRR ffdhe8192 -> ffdhe3072" \
27393 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27394 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe3072" \
27395 0 \
27396 -s "Protocol is TLSv1.3" \
27397 -s "got named group: ffdhe3072(0101)" \
27398 -s "Certificate verification was skipped" \
27399 -c "Protocol is TLSv1.3" \
27400 -c "NamedGroup: ffdhe8192 ( 104 )" \
27401 -c "NamedGroup: ffdhe3072 ( 101 )" \
27402 -c "Verifying peer X.509 certificate... ok" \
27403 -s "HRR selected_group: ffdhe3072" \
27404 -c "received HelloRetryRequest message" \
27405 -c "selected_group ( 257 )"
27406
27407requires_config_enabled MBEDTLS_SSL_SRV_C
27408requires_config_enabled MBEDTLS_DEBUG_C
27409requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27410requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27411requires_config_enabled MBEDTLS_SSL_CLI_C
27412requires_config_enabled MBEDTLS_DEBUG_C
27413requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27414requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27415run_test "TLS 1.3 m->m: HRR ffdhe8192 -> ffdhe4096" \
27416 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27417 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe4096" \
27418 0 \
27419 -s "Protocol is TLSv1.3" \
27420 -s "got named group: ffdhe4096(0102)" \
27421 -s "Certificate verification was skipped" \
27422 -c "Protocol is TLSv1.3" \
27423 -c "NamedGroup: ffdhe8192 ( 104 )" \
27424 -c "NamedGroup: ffdhe4096 ( 102 )" \
27425 -c "Verifying peer X.509 certificate... ok" \
27426 -s "HRR selected_group: ffdhe4096" \
27427 -c "received HelloRetryRequest message" \
27428 -c "selected_group ( 258 )"
27429
27430requires_config_enabled MBEDTLS_SSL_SRV_C
27431requires_config_enabled MBEDTLS_DEBUG_C
27432requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27433requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27434requires_config_enabled MBEDTLS_SSL_CLI_C
27435requires_config_enabled MBEDTLS_DEBUG_C
27436requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
27437requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
27438run_test "TLS 1.3 m->m: HRR ffdhe8192 -> ffdhe6144" \
27439 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
27440 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe6144" \
27441 0 \
27442 -s "Protocol is TLSv1.3" \
27443 -s "got named group: ffdhe6144(0103)" \
27444 -s "Certificate verification was skipped" \
27445 -c "Protocol is TLSv1.3" \
27446 -c "NamedGroup: ffdhe8192 ( 104 )" \
27447 -c "NamedGroup: ffdhe6144 ( 103 )" \
27448 -c "Verifying peer X.509 certificate... ok" \
27449 -s "HRR selected_group: ffdhe6144" \
27450 -c "received HelloRetryRequest message" \
27451 -c "selected_group ( 259 )"