TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 6f135e1148ddb5402c73542a2246d1f51f8da9b8 / . / tests / opt-testcases / tls13-compat.sh
blob: ed606860d997ee90a235c811df6718ba8ef1b62f [file] [log] [blame]
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1#!/bin/sh
2
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3# tls13-compat.sh
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# Purpose
21#
22# List TLS1.3 compat test cases. They are generated by
23# `generate_tls13_compat_tests.py -a`.
24#
25# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
26# AND REGENERATE THIS FILE.
27#
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]28requires_openssl_tls1_3
29requires_config_enabled MBEDTLS_DEBUG_C
30requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]31requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]32requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]33requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]34run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]35 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]36 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]37 0 \
38 -c "HTTP/1.0 200 ok" \
39 -c "ECDH curve: secp256r1" \
40 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
41 -c "Certificate Verify: Signature algorithm ( 0403 )" \
42 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]43
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]44requires_gnutls_tls1_3
45requires_gnutls_next_no_ticket
46requires_gnutls_next_disable_tls13_compat
47requires_config_enabled MBEDTLS_DEBUG_C
48requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]49requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]50requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]51requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]52run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]53 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]54 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]55 0 \
56 -c "HTTP/1.0 200 OK" \
57 -c "ECDH curve: secp256r1" \
58 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
59 -c "Certificate Verify: Signature algorithm ( 0403 )" \
60 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]61
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]62requires_openssl_tls1_3
63requires_config_enabled MBEDTLS_DEBUG_C
64requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]65requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]66requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]67requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]68run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]69 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]70 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]71 0 \
72 -c "HTTP/1.0 200 ok" \
73 -c "ECDH curve: secp384r1" \
74 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
75 -c "Certificate Verify: Signature algorithm ( 0403 )" \
76 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]77
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]78requires_gnutls_tls1_3
79requires_gnutls_next_no_ticket
80requires_gnutls_next_disable_tls13_compat
81requires_config_enabled MBEDTLS_DEBUG_C
82requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]83requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]84requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]85requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]86run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]87 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]88 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]89 0 \
90 -c "HTTP/1.0 200 OK" \
91 -c "ECDH curve: secp384r1" \
92 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
93 -c "Certificate Verify: Signature algorithm ( 0403 )" \
94 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]95
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]96requires_openssl_tls1_3
97requires_config_enabled MBEDTLS_DEBUG_C
98requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]99requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]100requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]102run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]103 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]104 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]105 0 \
106 -c "HTTP/1.0 200 ok" \
107 -c "ECDH curve: secp521r1" \
108 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
109 -c "Certificate Verify: Signature algorithm ( 0403 )" \
110 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]111
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]112requires_gnutls_tls1_3
113requires_gnutls_next_no_ticket
114requires_gnutls_next_disable_tls13_compat
115requires_config_enabled MBEDTLS_DEBUG_C
116requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]117requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]118requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]119requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]120run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]121 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]122 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]123 0 \
124 -c "HTTP/1.0 200 OK" \
125 -c "ECDH curve: secp521r1" \
126 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
127 -c "Certificate Verify: Signature algorithm ( 0403 )" \
128 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]129
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]130requires_openssl_tls1_3
131requires_config_enabled MBEDTLS_DEBUG_C
132requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]133requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]134requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]136run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]137 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]138 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]139 0 \
140 -c "HTTP/1.0 200 ok" \
141 -c "ECDH curve: x25519" \
142 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
143 -c "Certificate Verify: Signature algorithm ( 0403 )" \
144 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]145
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]146requires_gnutls_tls1_3
147requires_gnutls_next_no_ticket
148requires_gnutls_next_disable_tls13_compat
149requires_config_enabled MBEDTLS_DEBUG_C
150requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]151requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]152requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]153requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]154run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]155 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]156 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]157 0 \
158 -c "HTTP/1.0 200 OK" \
159 -c "ECDH curve: x25519" \
160 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
161 -c "Certificate Verify: Signature algorithm ( 0403 )" \
162 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]163
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]164requires_openssl_tls1_3
165requires_config_enabled MBEDTLS_DEBUG_C
166requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]167requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]168requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]169requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]170run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]171 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]172 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]173 0 \
174 -c "HTTP/1.0 200 ok" \
175 -c "ECDH curve: x448" \
176 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
177 -c "Certificate Verify: Signature algorithm ( 0403 )" \
178 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]179
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]180requires_gnutls_tls1_3
181requires_gnutls_next_no_ticket
182requires_gnutls_next_disable_tls13_compat
183requires_config_enabled MBEDTLS_DEBUG_C
184requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]185requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]186requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]188run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]189 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]190 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]191 0 \
192 -c "HTTP/1.0 200 OK" \
193 -c "ECDH curve: x448" \
194 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
195 -c "Certificate Verify: Signature algorithm ( 0403 )" \
196 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]197
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]198requires_openssl_tls1_3
199requires_config_enabled MBEDTLS_DEBUG_C
200requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]201requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]202requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]203requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]204run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]205 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]206 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]207 0 \
208 -c "HTTP/1.0 200 ok" \
209 -c "ECDH curve: secp256r1" \
210 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
211 -c "Certificate Verify: Signature algorithm ( 0503 )" \
212 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]213
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]214requires_gnutls_tls1_3
215requires_gnutls_next_no_ticket
216requires_gnutls_next_disable_tls13_compat
217requires_config_enabled MBEDTLS_DEBUG_C
218requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]219requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]220requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]222run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]223 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]224 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]225 0 \
226 -c "HTTP/1.0 200 OK" \
227 -c "ECDH curve: secp256r1" \
228 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
229 -c "Certificate Verify: Signature algorithm ( 0503 )" \
230 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]231
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]232requires_openssl_tls1_3
233requires_config_enabled MBEDTLS_DEBUG_C
234requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]235requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]236requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]237requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]238run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]239 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]240 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]241 0 \
242 -c "HTTP/1.0 200 ok" \
243 -c "ECDH curve: secp384r1" \
244 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
245 -c "Certificate Verify: Signature algorithm ( 0503 )" \
246 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]247
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]248requires_gnutls_tls1_3
249requires_gnutls_next_no_ticket
250requires_gnutls_next_disable_tls13_compat
251requires_config_enabled MBEDTLS_DEBUG_C
252requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]253requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]254requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]255requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]256run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]257 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]258 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]259 0 \
260 -c "HTTP/1.0 200 OK" \
261 -c "ECDH curve: secp384r1" \
262 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
263 -c "Certificate Verify: Signature algorithm ( 0503 )" \
264 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]265
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]266requires_openssl_tls1_3
267requires_config_enabled MBEDTLS_DEBUG_C
268requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]269requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]270requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]271requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]272run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]273 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]274 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]275 0 \
276 -c "HTTP/1.0 200 ok" \
277 -c "ECDH curve: secp521r1" \
278 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
279 -c "Certificate Verify: Signature algorithm ( 0503 )" \
280 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]281
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]282requires_gnutls_tls1_3
283requires_gnutls_next_no_ticket
284requires_gnutls_next_disable_tls13_compat
285requires_config_enabled MBEDTLS_DEBUG_C
286requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]287requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]288requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]289requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]290run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]291 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]292 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]293 0 \
294 -c "HTTP/1.0 200 OK" \
295 -c "ECDH curve: secp521r1" \
296 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
297 -c "Certificate Verify: Signature algorithm ( 0503 )" \
298 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]299
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]300requires_openssl_tls1_3
301requires_config_enabled MBEDTLS_DEBUG_C
302requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]303requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]304requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]305requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]306run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]307 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]308 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]309 0 \
310 -c "HTTP/1.0 200 ok" \
311 -c "ECDH curve: x25519" \
312 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
313 -c "Certificate Verify: Signature algorithm ( 0503 )" \
314 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]315
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]316requires_gnutls_tls1_3
317requires_gnutls_next_no_ticket
318requires_gnutls_next_disable_tls13_compat
319requires_config_enabled MBEDTLS_DEBUG_C
320requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]321requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]322requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]323requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]324run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]325 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]326 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]327 0 \
328 -c "HTTP/1.0 200 OK" \
329 -c "ECDH curve: x25519" \
330 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
331 -c "Certificate Verify: Signature algorithm ( 0503 )" \
332 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]333
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]334requires_openssl_tls1_3
335requires_config_enabled MBEDTLS_DEBUG_C
336requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]337requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]338requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]340run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]341 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]342 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]343 0 \
344 -c "HTTP/1.0 200 ok" \
345 -c "ECDH curve: x448" \
346 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
347 -c "Certificate Verify: Signature algorithm ( 0503 )" \
348 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]349
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]350requires_gnutls_tls1_3
351requires_gnutls_next_no_ticket
352requires_gnutls_next_disable_tls13_compat
353requires_config_enabled MBEDTLS_DEBUG_C
354requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]355requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]356requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]357requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]358run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]359 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]360 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]361 0 \
362 -c "HTTP/1.0 200 OK" \
363 -c "ECDH curve: x448" \
364 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
365 -c "Certificate Verify: Signature algorithm ( 0503 )" \
366 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]367
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]368requires_openssl_tls1_3
369requires_config_enabled MBEDTLS_DEBUG_C
370requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]371requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]372requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]373requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]374run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]375 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]376 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]377 0 \
378 -c "HTTP/1.0 200 ok" \
379 -c "ECDH curve: secp256r1" \
380 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
381 -c "Certificate Verify: Signature algorithm ( 0603 )" \
382 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]383
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]384requires_gnutls_tls1_3
385requires_gnutls_next_no_ticket
386requires_gnutls_next_disable_tls13_compat
387requires_config_enabled MBEDTLS_DEBUG_C
388requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]389requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]390requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]391requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]392run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]393 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]394 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]395 0 \
396 -c "HTTP/1.0 200 OK" \
397 -c "ECDH curve: secp256r1" \
398 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
399 -c "Certificate Verify: Signature algorithm ( 0603 )" \
400 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]401
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]402requires_openssl_tls1_3
403requires_config_enabled MBEDTLS_DEBUG_C
404requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]405requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]406requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]407requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]408run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]409 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]410 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]411 0 \
412 -c "HTTP/1.0 200 ok" \
413 -c "ECDH curve: secp384r1" \
414 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
415 -c "Certificate Verify: Signature algorithm ( 0603 )" \
416 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]417
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]418requires_gnutls_tls1_3
419requires_gnutls_next_no_ticket
420requires_gnutls_next_disable_tls13_compat
421requires_config_enabled MBEDTLS_DEBUG_C
422requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]423requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]424requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]425requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]426run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]427 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]428 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]429 0 \
430 -c "HTTP/1.0 200 OK" \
431 -c "ECDH curve: secp384r1" \
432 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
433 -c "Certificate Verify: Signature algorithm ( 0603 )" \
434 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]435
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]436requires_openssl_tls1_3
437requires_config_enabled MBEDTLS_DEBUG_C
438requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]439requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]440requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]441requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]442run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]443 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]444 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]445 0 \
446 -c "HTTP/1.0 200 ok" \
447 -c "ECDH curve: secp521r1" \
448 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
449 -c "Certificate Verify: Signature algorithm ( 0603 )" \
450 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]451
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]452requires_gnutls_tls1_3
453requires_gnutls_next_no_ticket
454requires_gnutls_next_disable_tls13_compat
455requires_config_enabled MBEDTLS_DEBUG_C
456requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]457requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]458requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]459requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]460run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]461 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]462 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]463 0 \
464 -c "HTTP/1.0 200 OK" \
465 -c "ECDH curve: secp521r1" \
466 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
467 -c "Certificate Verify: Signature algorithm ( 0603 )" \
468 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]469
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]470requires_openssl_tls1_3
471requires_config_enabled MBEDTLS_DEBUG_C
472requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]473requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]474requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]475requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]476run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]477 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]478 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]479 0 \
480 -c "HTTP/1.0 200 ok" \
481 -c "ECDH curve: x25519" \
482 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
483 -c "Certificate Verify: Signature algorithm ( 0603 )" \
484 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]485
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]486requires_gnutls_tls1_3
487requires_gnutls_next_no_ticket
488requires_gnutls_next_disable_tls13_compat
489requires_config_enabled MBEDTLS_DEBUG_C
490requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]491requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]492requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]493requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]494run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]495 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]496 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]497 0 \
498 -c "HTTP/1.0 200 OK" \
499 -c "ECDH curve: x25519" \
500 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
501 -c "Certificate Verify: Signature algorithm ( 0603 )" \
502 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]503
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]504requires_openssl_tls1_3
505requires_config_enabled MBEDTLS_DEBUG_C
506requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]507requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]508requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]509requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]510run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]511 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]512 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]513 0 \
514 -c "HTTP/1.0 200 ok" \
515 -c "ECDH curve: x448" \
516 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
517 -c "Certificate Verify: Signature algorithm ( 0603 )" \
518 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]519
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]520requires_gnutls_tls1_3
521requires_gnutls_next_no_ticket
522requires_gnutls_next_disable_tls13_compat
523requires_config_enabled MBEDTLS_DEBUG_C
524requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]525requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]526requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]527requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]528run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]529 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]530 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]531 0 \
532 -c "HTTP/1.0 200 OK" \
533 -c "ECDH curve: x448" \
534 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
535 -c "Certificate Verify: Signature algorithm ( 0603 )" \
536 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]537
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]538requires_openssl_tls1_3
539requires_config_enabled MBEDTLS_DEBUG_C
540requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]541requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]542requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]543requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]544requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]545run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]546 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]547 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]548 0 \
549 -c "HTTP/1.0 200 ok" \
550 -c "ECDH curve: secp256r1" \
551 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
552 -c "Certificate Verify: Signature algorithm ( 0804 )" \
553 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]554
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]555requires_gnutls_tls1_3
556requires_gnutls_next_no_ticket
557requires_gnutls_next_disable_tls13_compat
558requires_config_enabled MBEDTLS_DEBUG_C
559requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]560requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]561requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]562requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]563requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]564run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]565 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]566 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]567 0 \
568 -c "HTTP/1.0 200 OK" \
569 -c "ECDH curve: secp256r1" \
570 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
571 -c "Certificate Verify: Signature algorithm ( 0804 )" \
572 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]573
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]574requires_openssl_tls1_3
575requires_config_enabled MBEDTLS_DEBUG_C
576requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]577requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]578requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]579requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]580requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]581run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]582 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]583 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]584 0 \
585 -c "HTTP/1.0 200 ok" \
586 -c "ECDH curve: secp384r1" \
587 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
588 -c "Certificate Verify: Signature algorithm ( 0804 )" \
589 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]590
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]591requires_gnutls_tls1_3
592requires_gnutls_next_no_ticket
593requires_gnutls_next_disable_tls13_compat
594requires_config_enabled MBEDTLS_DEBUG_C
595requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]596requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]597requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]598requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]599requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]600run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]601 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]602 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]603 0 \
604 -c "HTTP/1.0 200 OK" \
605 -c "ECDH curve: secp384r1" \
606 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
607 -c "Certificate Verify: Signature algorithm ( 0804 )" \
608 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]609
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]610requires_openssl_tls1_3
611requires_config_enabled MBEDTLS_DEBUG_C
612requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]613requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]614requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]615requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]616requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]617run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]618 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]619 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]620 0 \
621 -c "HTTP/1.0 200 ok" \
622 -c "ECDH curve: secp521r1" \
623 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
624 -c "Certificate Verify: Signature algorithm ( 0804 )" \
625 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]626
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]627requires_gnutls_tls1_3
628requires_gnutls_next_no_ticket
629requires_gnutls_next_disable_tls13_compat
630requires_config_enabled MBEDTLS_DEBUG_C
631requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]632requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]633requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]634requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]635requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]636run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]637 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]638 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]639 0 \
640 -c "HTTP/1.0 200 OK" \
641 -c "ECDH curve: secp521r1" \
642 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
643 -c "Certificate Verify: Signature algorithm ( 0804 )" \
644 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]645
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]646requires_openssl_tls1_3
647requires_config_enabled MBEDTLS_DEBUG_C
648requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]649requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]650requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]651requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]652requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]653run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]654 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]655 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]656 0 \
657 -c "HTTP/1.0 200 ok" \
658 -c "ECDH curve: x25519" \
659 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
660 -c "Certificate Verify: Signature algorithm ( 0804 )" \
661 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]662
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]663requires_gnutls_tls1_3
664requires_gnutls_next_no_ticket
665requires_gnutls_next_disable_tls13_compat
666requires_config_enabled MBEDTLS_DEBUG_C
667requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]668requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]669requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]670requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]671requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]672run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]673 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]674 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]675 0 \
676 -c "HTTP/1.0 200 OK" \
677 -c "ECDH curve: x25519" \
678 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
679 -c "Certificate Verify: Signature algorithm ( 0804 )" \
680 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]681
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]682requires_openssl_tls1_3
683requires_config_enabled MBEDTLS_DEBUG_C
684requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]685requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]686requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]687requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]688requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]689run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]690 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]691 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]692 0 \
693 -c "HTTP/1.0 200 ok" \
694 -c "ECDH curve: x448" \
695 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
696 -c "Certificate Verify: Signature algorithm ( 0804 )" \
697 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]698
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]699requires_gnutls_tls1_3
700requires_gnutls_next_no_ticket
701requires_gnutls_next_disable_tls13_compat
702requires_config_enabled MBEDTLS_DEBUG_C
703requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]704requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]705requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]706requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]707requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]708run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]709 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]710 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]711 0 \
712 -c "HTTP/1.0 200 OK" \
713 -c "ECDH curve: x448" \
714 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
715 -c "Certificate Verify: Signature algorithm ( 0804 )" \
716 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]717
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]718requires_openssl_tls1_3
719requires_config_enabled MBEDTLS_DEBUG_C
720requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]721requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]722requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]723requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]724run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]725 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]726 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]727 0 \
728 -c "HTTP/1.0 200 ok" \
729 -c "ECDH curve: secp256r1" \
730 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
731 -c "Certificate Verify: Signature algorithm ( 0403 )" \
732 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]733
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]734requires_gnutls_tls1_3
735requires_gnutls_next_no_ticket
736requires_gnutls_next_disable_tls13_compat
737requires_config_enabled MBEDTLS_DEBUG_C
738requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]739requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]740requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]741requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]742run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]743 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]744 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]745 0 \
746 -c "HTTP/1.0 200 OK" \
747 -c "ECDH curve: secp256r1" \
748 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
749 -c "Certificate Verify: Signature algorithm ( 0403 )" \
750 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]751
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]752requires_openssl_tls1_3
753requires_config_enabled MBEDTLS_DEBUG_C
754requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]755requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]756requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]758run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]759 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]760 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]761 0 \
762 -c "HTTP/1.0 200 ok" \
763 -c "ECDH curve: secp384r1" \
764 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
765 -c "Certificate Verify: Signature algorithm ( 0403 )" \
766 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]767
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]768requires_gnutls_tls1_3
769requires_gnutls_next_no_ticket
770requires_gnutls_next_disable_tls13_compat
771requires_config_enabled MBEDTLS_DEBUG_C
772requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]773requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]774requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]775requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]776run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]777 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]778 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]779 0 \
780 -c "HTTP/1.0 200 OK" \
781 -c "ECDH curve: secp384r1" \
782 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
783 -c "Certificate Verify: Signature algorithm ( 0403 )" \
784 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]785
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]786requires_openssl_tls1_3
787requires_config_enabled MBEDTLS_DEBUG_C
788requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]789requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]790requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]791requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]792run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]793 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]794 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]795 0 \
796 -c "HTTP/1.0 200 ok" \
797 -c "ECDH curve: secp521r1" \
798 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
799 -c "Certificate Verify: Signature algorithm ( 0403 )" \
800 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]801
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]802requires_gnutls_tls1_3
803requires_gnutls_next_no_ticket
804requires_gnutls_next_disable_tls13_compat
805requires_config_enabled MBEDTLS_DEBUG_C
806requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]807requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]808requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]809requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]810run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]811 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]812 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]813 0 \
814 -c "HTTP/1.0 200 OK" \
815 -c "ECDH curve: secp521r1" \
816 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
817 -c "Certificate Verify: Signature algorithm ( 0403 )" \
818 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]819
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]820requires_openssl_tls1_3
821requires_config_enabled MBEDTLS_DEBUG_C
822requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]823requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]824requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]825requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]826run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]827 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]828 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]829 0 \
830 -c "HTTP/1.0 200 ok" \
831 -c "ECDH curve: x25519" \
832 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
833 -c "Certificate Verify: Signature algorithm ( 0403 )" \
834 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]835
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]836requires_gnutls_tls1_3
837requires_gnutls_next_no_ticket
838requires_gnutls_next_disable_tls13_compat
839requires_config_enabled MBEDTLS_DEBUG_C
840requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]841requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]842requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]843requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]844run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]845 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]846 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]847 0 \
848 -c "HTTP/1.0 200 OK" \
849 -c "ECDH curve: x25519" \
850 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
851 -c "Certificate Verify: Signature algorithm ( 0403 )" \
852 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]853
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]854requires_openssl_tls1_3
855requires_config_enabled MBEDTLS_DEBUG_C
856requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]857requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]858requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]860run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]861 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]862 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]863 0 \
864 -c "HTTP/1.0 200 ok" \
865 -c "ECDH curve: x448" \
866 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
867 -c "Certificate Verify: Signature algorithm ( 0403 )" \
868 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]869
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]870requires_gnutls_tls1_3
871requires_gnutls_next_no_ticket
872requires_gnutls_next_disable_tls13_compat
873requires_config_enabled MBEDTLS_DEBUG_C
874requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]875requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]876requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]877requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]878run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]879 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]880 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]881 0 \
882 -c "HTTP/1.0 200 OK" \
883 -c "ECDH curve: x448" \
884 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
885 -c "Certificate Verify: Signature algorithm ( 0403 )" \
886 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]887
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]888requires_openssl_tls1_3
889requires_config_enabled MBEDTLS_DEBUG_C
890requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]891requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]892requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]893requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]894run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]895 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]896 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]897 0 \
898 -c "HTTP/1.0 200 ok" \
899 -c "ECDH curve: secp256r1" \
900 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
901 -c "Certificate Verify: Signature algorithm ( 0503 )" \
902 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]903
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]904requires_gnutls_tls1_3
905requires_gnutls_next_no_ticket
906requires_gnutls_next_disable_tls13_compat
907requires_config_enabled MBEDTLS_DEBUG_C
908requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]909requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]910requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]912run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]913 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]914 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]915 0 \
916 -c "HTTP/1.0 200 OK" \
917 -c "ECDH curve: secp256r1" \
918 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
919 -c "Certificate Verify: Signature algorithm ( 0503 )" \
920 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]921
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]922requires_openssl_tls1_3
923requires_config_enabled MBEDTLS_DEBUG_C
924requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]925requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]926requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]927requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]928run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]929 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]930 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]931 0 \
932 -c "HTTP/1.0 200 ok" \
933 -c "ECDH curve: secp384r1" \
934 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
935 -c "Certificate Verify: Signature algorithm ( 0503 )" \
936 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]937
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]938requires_gnutls_tls1_3
939requires_gnutls_next_no_ticket
940requires_gnutls_next_disable_tls13_compat
941requires_config_enabled MBEDTLS_DEBUG_C
942requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]943requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]944requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]945requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]946run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]947 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]948 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]949 0 \
950 -c "HTTP/1.0 200 OK" \
951 -c "ECDH curve: secp384r1" \
952 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
953 -c "Certificate Verify: Signature algorithm ( 0503 )" \
954 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]955
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]956requires_openssl_tls1_3
957requires_config_enabled MBEDTLS_DEBUG_C
958requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]959requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]960requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]961requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]962run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]963 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]964 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]965 0 \
966 -c "HTTP/1.0 200 ok" \
967 -c "ECDH curve: secp521r1" \
968 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
969 -c "Certificate Verify: Signature algorithm ( 0503 )" \
970 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]971
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]972requires_gnutls_tls1_3
973requires_gnutls_next_no_ticket
974requires_gnutls_next_disable_tls13_compat
975requires_config_enabled MBEDTLS_DEBUG_C
976requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]977requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]978requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]979requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]980run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]981 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]982 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]983 0 \
984 -c "HTTP/1.0 200 OK" \
985 -c "ECDH curve: secp521r1" \
986 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
987 -c "Certificate Verify: Signature algorithm ( 0503 )" \
988 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]989
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]990requires_openssl_tls1_3
991requires_config_enabled MBEDTLS_DEBUG_C
992requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]993requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]994requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]995requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]996run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]997 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]998 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]999 0 \
1000 -c "HTTP/1.0 200 ok" \
1001 -c "ECDH curve: x25519" \
1002 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1003 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1004 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1005
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1006requires_gnutls_tls1_3
1007requires_gnutls_next_no_ticket
1008requires_gnutls_next_disable_tls13_compat
1009requires_config_enabled MBEDTLS_DEBUG_C
1010requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1011requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1012requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1013requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1014run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1015 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1016 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1017 0 \
1018 -c "HTTP/1.0 200 OK" \
1019 -c "ECDH curve: x25519" \
1020 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1021 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1022 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1023
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1024requires_openssl_tls1_3
1025requires_config_enabled MBEDTLS_DEBUG_C
1026requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1027requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1028requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1029requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1030run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1031 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1032 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1033 0 \
1034 -c "HTTP/1.0 200 ok" \
1035 -c "ECDH curve: x448" \
1036 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1037 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1038 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1039
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1040requires_gnutls_tls1_3
1041requires_gnutls_next_no_ticket
1042requires_gnutls_next_disable_tls13_compat
1043requires_config_enabled MBEDTLS_DEBUG_C
1044requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1045requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1046requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1047requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1048run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1049 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1050 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1051 0 \
1052 -c "HTTP/1.0 200 OK" \
1053 -c "ECDH curve: x448" \
1054 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1055 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1056 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1057
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1058requires_openssl_tls1_3
1059requires_config_enabled MBEDTLS_DEBUG_C
1060requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1061requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1062requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1063requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1064run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1065 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1066 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1067 0 \
1068 -c "HTTP/1.0 200 ok" \
1069 -c "ECDH curve: secp256r1" \
1070 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1071 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1072 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1073
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1074requires_gnutls_tls1_3
1075requires_gnutls_next_no_ticket
1076requires_gnutls_next_disable_tls13_compat
1077requires_config_enabled MBEDTLS_DEBUG_C
1078requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1079requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1080requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1081requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1082run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1083 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1084 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1085 0 \
1086 -c "HTTP/1.0 200 OK" \
1087 -c "ECDH curve: secp256r1" \
1088 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1089 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1090 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1091
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1092requires_openssl_tls1_3
1093requires_config_enabled MBEDTLS_DEBUG_C
1094requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1095requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1096requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1097requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1098run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1099 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1100 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1101 0 \
1102 -c "HTTP/1.0 200 ok" \
1103 -c "ECDH curve: secp384r1" \
1104 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1105 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1106 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1107
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1108requires_gnutls_tls1_3
1109requires_gnutls_next_no_ticket
1110requires_gnutls_next_disable_tls13_compat
1111requires_config_enabled MBEDTLS_DEBUG_C
1112requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1113requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1114requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1115requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1116run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1117 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1118 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1119 0 \
1120 -c "HTTP/1.0 200 OK" \
1121 -c "ECDH curve: secp384r1" \
1122 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1123 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1124 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1125
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1126requires_openssl_tls1_3
1127requires_config_enabled MBEDTLS_DEBUG_C
1128requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1129requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1130requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1131requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1132run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1133 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1134 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1135 0 \
1136 -c "HTTP/1.0 200 ok" \
1137 -c "ECDH curve: secp521r1" \
1138 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1139 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1140 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1141
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1142requires_gnutls_tls1_3
1143requires_gnutls_next_no_ticket
1144requires_gnutls_next_disable_tls13_compat
1145requires_config_enabled MBEDTLS_DEBUG_C
1146requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1147requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1148requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1149requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1150run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1151 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1152 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1153 0 \
1154 -c "HTTP/1.0 200 OK" \
1155 -c "ECDH curve: secp521r1" \
1156 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1157 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1158 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1159
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1160requires_openssl_tls1_3
1161requires_config_enabled MBEDTLS_DEBUG_C
1162requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1163requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1164requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1165requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1166run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1167 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1168 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1169 0 \
1170 -c "HTTP/1.0 200 ok" \
1171 -c "ECDH curve: x25519" \
1172 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1173 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1174 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1175
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1176requires_gnutls_tls1_3
1177requires_gnutls_next_no_ticket
1178requires_gnutls_next_disable_tls13_compat
1179requires_config_enabled MBEDTLS_DEBUG_C
1180requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1181requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1182requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1183requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1184run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1185 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1186 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1187 0 \
1188 -c "HTTP/1.0 200 OK" \
1189 -c "ECDH curve: x25519" \
1190 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1191 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1192 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1193
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1194requires_openssl_tls1_3
1195requires_config_enabled MBEDTLS_DEBUG_C
1196requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1197requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1198requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1199requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1200run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1201 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1202 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1203 0 \
1204 -c "HTTP/1.0 200 ok" \
1205 -c "ECDH curve: x448" \
1206 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1207 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1208 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1209
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1210requires_gnutls_tls1_3
1211requires_gnutls_next_no_ticket
1212requires_gnutls_next_disable_tls13_compat
1213requires_config_enabled MBEDTLS_DEBUG_C
1214requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1215requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1216requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1217requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1218run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1219 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1220 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1221 0 \
1222 -c "HTTP/1.0 200 OK" \
1223 -c "ECDH curve: x448" \
1224 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1225 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1226 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1227
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1228requires_openssl_tls1_3
1229requires_config_enabled MBEDTLS_DEBUG_C
1230requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1231requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1232requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1233requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1234requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1235run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1236 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1237 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1238 0 \
1239 -c "HTTP/1.0 200 ok" \
1240 -c "ECDH curve: secp256r1" \
1241 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1242 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1243 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1244
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1245requires_gnutls_tls1_3
1246requires_gnutls_next_no_ticket
1247requires_gnutls_next_disable_tls13_compat
1248requires_config_enabled MBEDTLS_DEBUG_C
1249requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1250requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1251requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1252requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1253requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1254run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1255 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1256 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1257 0 \
1258 -c "HTTP/1.0 200 OK" \
1259 -c "ECDH curve: secp256r1" \
1260 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1261 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1262 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1263
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1264requires_openssl_tls1_3
1265requires_config_enabled MBEDTLS_DEBUG_C
1266requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1267requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1268requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1269requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1270requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1271run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1272 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1273 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1274 0 \
1275 -c "HTTP/1.0 200 ok" \
1276 -c "ECDH curve: secp384r1" \
1277 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1278 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1279 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1280
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1281requires_gnutls_tls1_3
1282requires_gnutls_next_no_ticket
1283requires_gnutls_next_disable_tls13_compat
1284requires_config_enabled MBEDTLS_DEBUG_C
1285requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1286requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1287requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1288requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1289requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1290run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1291 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1292 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1293 0 \
1294 -c "HTTP/1.0 200 OK" \
1295 -c "ECDH curve: secp384r1" \
1296 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1297 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1298 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1299
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1300requires_openssl_tls1_3
1301requires_config_enabled MBEDTLS_DEBUG_C
1302requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1303requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1304requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1305requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1306requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1307run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1308 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1309 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1310 0 \
1311 -c "HTTP/1.0 200 ok" \
1312 -c "ECDH curve: secp521r1" \
1313 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1314 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1315 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1316
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1317requires_gnutls_tls1_3
1318requires_gnutls_next_no_ticket
1319requires_gnutls_next_disable_tls13_compat
1320requires_config_enabled MBEDTLS_DEBUG_C
1321requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1322requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1323requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1324requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1325requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1326run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1327 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1328 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1329 0 \
1330 -c "HTTP/1.0 200 OK" \
1331 -c "ECDH curve: secp521r1" \
1332 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1333 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1334 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1335
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1336requires_openssl_tls1_3
1337requires_config_enabled MBEDTLS_DEBUG_C
1338requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1339requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1340requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1341requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1342requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1343run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1344 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1345 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1346 0 \
1347 -c "HTTP/1.0 200 ok" \
1348 -c "ECDH curve: x25519" \
1349 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1350 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1351 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1352
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1353requires_gnutls_tls1_3
1354requires_gnutls_next_no_ticket
1355requires_gnutls_next_disable_tls13_compat
1356requires_config_enabled MBEDTLS_DEBUG_C
1357requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1358requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1359requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1360requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1361requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1362run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1363 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1364 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1365 0 \
1366 -c "HTTP/1.0 200 OK" \
1367 -c "ECDH curve: x25519" \
1368 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1369 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1370 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1371
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1372requires_openssl_tls1_3
1373requires_config_enabled MBEDTLS_DEBUG_C
1374requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1375requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1376requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1377requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1378requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1379run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1380 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1381 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1382 0 \
1383 -c "HTTP/1.0 200 ok" \
1384 -c "ECDH curve: x448" \
1385 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1386 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1387 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1388
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1389requires_gnutls_tls1_3
1390requires_gnutls_next_no_ticket
1391requires_gnutls_next_disable_tls13_compat
1392requires_config_enabled MBEDTLS_DEBUG_C
1393requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1394requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1395requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1396requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1397requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1398run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1399 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1400 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1401 0 \
1402 -c "HTTP/1.0 200 OK" \
1403 -c "ECDH curve: x448" \
1404 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1405 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1406 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1407
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1408requires_openssl_tls1_3
1409requires_config_enabled MBEDTLS_DEBUG_C
1410requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1411requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1412requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1413requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1414run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1415 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1416 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1417 0 \
1418 -c "HTTP/1.0 200 ok" \
1419 -c "ECDH curve: secp256r1" \
1420 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1421 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1422 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1423
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1424requires_gnutls_tls1_3
1425requires_gnutls_next_no_ticket
1426requires_gnutls_next_disable_tls13_compat
1427requires_config_enabled MBEDTLS_DEBUG_C
1428requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1429requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1430requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1431requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1432run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1433 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1434 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1435 0 \
1436 -c "HTTP/1.0 200 OK" \
1437 -c "ECDH curve: secp256r1" \
1438 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1439 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1440 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1441
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1442requires_openssl_tls1_3
1443requires_config_enabled MBEDTLS_DEBUG_C
1444requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1445requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1446requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1447requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1448run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1449 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1450 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1451 0 \
1452 -c "HTTP/1.0 200 ok" \
1453 -c "ECDH curve: secp384r1" \
1454 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1455 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1456 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1457
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1458requires_gnutls_tls1_3
1459requires_gnutls_next_no_ticket
1460requires_gnutls_next_disable_tls13_compat
1461requires_config_enabled MBEDTLS_DEBUG_C
1462requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1463requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1464requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1465requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1466run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1467 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1468 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1469 0 \
1470 -c "HTTP/1.0 200 OK" \
1471 -c "ECDH curve: secp384r1" \
1472 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1473 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1474 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1475
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1476requires_openssl_tls1_3
1477requires_config_enabled MBEDTLS_DEBUG_C
1478requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1479requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1480requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1481requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1482run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1483 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1484 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1485 0 \
1486 -c "HTTP/1.0 200 ok" \
1487 -c "ECDH curve: secp521r1" \
1488 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1489 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1490 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1491
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1492requires_gnutls_tls1_3
1493requires_gnutls_next_no_ticket
1494requires_gnutls_next_disable_tls13_compat
1495requires_config_enabled MBEDTLS_DEBUG_C
1496requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1497requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1498requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1499requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1500run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1501 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1502 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1503 0 \
1504 -c "HTTP/1.0 200 OK" \
1505 -c "ECDH curve: secp521r1" \
1506 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1507 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1508 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1509
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1510requires_openssl_tls1_3
1511requires_config_enabled MBEDTLS_DEBUG_C
1512requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1513requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1514requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1515requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1516run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1517 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1518 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1519 0 \
1520 -c "HTTP/1.0 200 ok" \
1521 -c "ECDH curve: x25519" \
1522 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1523 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1524 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1525
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1526requires_gnutls_tls1_3
1527requires_gnutls_next_no_ticket
1528requires_gnutls_next_disable_tls13_compat
1529requires_config_enabled MBEDTLS_DEBUG_C
1530requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1531requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1532requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1533requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1534run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1535 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1536 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1537 0 \
1538 -c "HTTP/1.0 200 OK" \
1539 -c "ECDH curve: x25519" \
1540 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1541 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1542 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1543
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1544requires_openssl_tls1_3
1545requires_config_enabled MBEDTLS_DEBUG_C
1546requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1547requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1548requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1549requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1550run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1551 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1552 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1553 0 \
1554 -c "HTTP/1.0 200 ok" \
1555 -c "ECDH curve: x448" \
1556 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1557 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1558 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1559
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1560requires_gnutls_tls1_3
1561requires_gnutls_next_no_ticket
1562requires_gnutls_next_disable_tls13_compat
1563requires_config_enabled MBEDTLS_DEBUG_C
1564requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1565requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1566requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1567requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1568run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1569 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1570 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1571 0 \
1572 -c "HTTP/1.0 200 OK" \
1573 -c "ECDH curve: x448" \
1574 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1575 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1576 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1577
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1578requires_openssl_tls1_3
1579requires_config_enabled MBEDTLS_DEBUG_C
1580requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1581requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1582requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1583requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1584run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1585 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1586 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1587 0 \
1588 -c "HTTP/1.0 200 ok" \
1589 -c "ECDH curve: secp256r1" \
1590 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1591 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1592 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1593
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1594requires_gnutls_tls1_3
1595requires_gnutls_next_no_ticket
1596requires_gnutls_next_disable_tls13_compat
1597requires_config_enabled MBEDTLS_DEBUG_C
1598requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1599requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1600requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1601requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1602run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1603 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1604 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1605 0 \
1606 -c "HTTP/1.0 200 OK" \
1607 -c "ECDH curve: secp256r1" \
1608 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1609 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1610 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1611
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1612requires_openssl_tls1_3
1613requires_config_enabled MBEDTLS_DEBUG_C
1614requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1615requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1616requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1617requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1618run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1619 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1620 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1621 0 \
1622 -c "HTTP/1.0 200 ok" \
1623 -c "ECDH curve: secp384r1" \
1624 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1625 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1626 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1627
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1628requires_gnutls_tls1_3
1629requires_gnutls_next_no_ticket
1630requires_gnutls_next_disable_tls13_compat
1631requires_config_enabled MBEDTLS_DEBUG_C
1632requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1633requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1634requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1635requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1636run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1637 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1638 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1639 0 \
1640 -c "HTTP/1.0 200 OK" \
1641 -c "ECDH curve: secp384r1" \
1642 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1643 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1644 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1645
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1646requires_openssl_tls1_3
1647requires_config_enabled MBEDTLS_DEBUG_C
1648requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1649requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1650requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1651requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1652run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1653 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1654 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1655 0 \
1656 -c "HTTP/1.0 200 ok" \
1657 -c "ECDH curve: secp521r1" \
1658 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1659 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1660 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1661
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1662requires_gnutls_tls1_3
1663requires_gnutls_next_no_ticket
1664requires_gnutls_next_disable_tls13_compat
1665requires_config_enabled MBEDTLS_DEBUG_C
1666requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1667requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1668requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1670run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1671 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1672 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1673 0 \
1674 -c "HTTP/1.0 200 OK" \
1675 -c "ECDH curve: secp521r1" \
1676 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1677 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1678 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1679
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1680requires_openssl_tls1_3
1681requires_config_enabled MBEDTLS_DEBUG_C
1682requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1683requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1684requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1685requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1686run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1687 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1688 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1689 0 \
1690 -c "HTTP/1.0 200 ok" \
1691 -c "ECDH curve: x25519" \
1692 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1693 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1694 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1695
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1696requires_gnutls_tls1_3
1697requires_gnutls_next_no_ticket
1698requires_gnutls_next_disable_tls13_compat
1699requires_config_enabled MBEDTLS_DEBUG_C
1700requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1701requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1702requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1703requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1704run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1705 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1706 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1707 0 \
1708 -c "HTTP/1.0 200 OK" \
1709 -c "ECDH curve: x25519" \
1710 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1711 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1712 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1713
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1714requires_openssl_tls1_3
1715requires_config_enabled MBEDTLS_DEBUG_C
1716requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1717requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1718requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1719requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1720run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1721 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1722 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1723 0 \
1724 -c "HTTP/1.0 200 ok" \
1725 -c "ECDH curve: x448" \
1726 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1727 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1728 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1729
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1730requires_gnutls_tls1_3
1731requires_gnutls_next_no_ticket
1732requires_gnutls_next_disable_tls13_compat
1733requires_config_enabled MBEDTLS_DEBUG_C
1734requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1735requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1736requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1737requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1738run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1739 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1740 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1741 0 \
1742 -c "HTTP/1.0 200 OK" \
1743 -c "ECDH curve: x448" \
1744 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1745 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1746 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1747
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1748requires_openssl_tls1_3
1749requires_config_enabled MBEDTLS_DEBUG_C
1750requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1751requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1752requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1753requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1754run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1755 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1756 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1757 0 \
1758 -c "HTTP/1.0 200 ok" \
1759 -c "ECDH curve: secp256r1" \
1760 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1761 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1762 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1763
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1764requires_gnutls_tls1_3
1765requires_gnutls_next_no_ticket
1766requires_gnutls_next_disable_tls13_compat
1767requires_config_enabled MBEDTLS_DEBUG_C
1768requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1769requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1770requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1771requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1772run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1773 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1774 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1775 0 \
1776 -c "HTTP/1.0 200 OK" \
1777 -c "ECDH curve: secp256r1" \
1778 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1779 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1780 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1781
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1782requires_openssl_tls1_3
1783requires_config_enabled MBEDTLS_DEBUG_C
1784requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1785requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1786requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1787requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1788run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1789 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1790 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1791 0 \
1792 -c "HTTP/1.0 200 ok" \
1793 -c "ECDH curve: secp384r1" \
1794 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1795 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1796 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1797
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1798requires_gnutls_tls1_3
1799requires_gnutls_next_no_ticket
1800requires_gnutls_next_disable_tls13_compat
1801requires_config_enabled MBEDTLS_DEBUG_C
1802requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1803requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1804requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1805requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1806run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1807 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1808 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1809 0 \
1810 -c "HTTP/1.0 200 OK" \
1811 -c "ECDH curve: secp384r1" \
1812 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1813 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1814 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1815
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1816requires_openssl_tls1_3
1817requires_config_enabled MBEDTLS_DEBUG_C
1818requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1819requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1820requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1822run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1823 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1824 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1825 0 \
1826 -c "HTTP/1.0 200 ok" \
1827 -c "ECDH curve: secp521r1" \
1828 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1829 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1830 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1831
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1832requires_gnutls_tls1_3
1833requires_gnutls_next_no_ticket
1834requires_gnutls_next_disable_tls13_compat
1835requires_config_enabled MBEDTLS_DEBUG_C
1836requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1837requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1838requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1839requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1840run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1841 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1842 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1843 0 \
1844 -c "HTTP/1.0 200 OK" \
1845 -c "ECDH curve: secp521r1" \
1846 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1847 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1848 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1849
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1850requires_openssl_tls1_3
1851requires_config_enabled MBEDTLS_DEBUG_C
1852requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1853requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1854requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1856run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1857 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1858 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1859 0 \
1860 -c "HTTP/1.0 200 ok" \
1861 -c "ECDH curve: x25519" \
1862 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1863 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1864 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1865
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1866requires_gnutls_tls1_3
1867requires_gnutls_next_no_ticket
1868requires_gnutls_next_disable_tls13_compat
1869requires_config_enabled MBEDTLS_DEBUG_C
1870requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1871requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1872requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1873requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1874run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1875 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1876 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1877 0 \
1878 -c "HTTP/1.0 200 OK" \
1879 -c "ECDH curve: x25519" \
1880 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1881 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1882 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1883
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1884requires_openssl_tls1_3
1885requires_config_enabled MBEDTLS_DEBUG_C
1886requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1887requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1888requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1889requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1890run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1891 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1892 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1893 0 \
1894 -c "HTTP/1.0 200 ok" \
1895 -c "ECDH curve: x448" \
1896 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1897 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1898 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1899
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1900requires_gnutls_tls1_3
1901requires_gnutls_next_no_ticket
1902requires_gnutls_next_disable_tls13_compat
1903requires_config_enabled MBEDTLS_DEBUG_C
1904requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1905requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1906requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1907requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1908run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1909 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1910 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1911 0 \
1912 -c "HTTP/1.0 200 OK" \
1913 -c "ECDH curve: x448" \
1914 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1915 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1916 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1917
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1918requires_openssl_tls1_3
1919requires_config_enabled MBEDTLS_DEBUG_C
1920requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1921requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1922requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1923requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1924requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1925run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1926 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1927 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1928 0 \
1929 -c "HTTP/1.0 200 ok" \
1930 -c "ECDH curve: secp256r1" \
1931 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1932 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1933 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1934
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1935requires_gnutls_tls1_3
1936requires_gnutls_next_no_ticket
1937requires_gnutls_next_disable_tls13_compat
1938requires_config_enabled MBEDTLS_DEBUG_C
1939requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1940requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1941requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1942requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1943requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1944run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1945 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1946 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1947 0 \
1948 -c "HTTP/1.0 200 OK" \
1949 -c "ECDH curve: secp256r1" \
1950 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1951 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1952 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1953
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1954requires_openssl_tls1_3
1955requires_config_enabled MBEDTLS_DEBUG_C
1956requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1957requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1958requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1959requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1960requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1961run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1962 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1963 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1964 0 \
1965 -c "HTTP/1.0 200 ok" \
1966 -c "ECDH curve: secp384r1" \
1967 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1968 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1969 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1970
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1971requires_gnutls_tls1_3
1972requires_gnutls_next_no_ticket
1973requires_gnutls_next_disable_tls13_compat
1974requires_config_enabled MBEDTLS_DEBUG_C
1975requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1976requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1977requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1978requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1979requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1980run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1981 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1982 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1983 0 \
1984 -c "HTTP/1.0 200 OK" \
1985 -c "ECDH curve: secp384r1" \
1986 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1987 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1988 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1989
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1990requires_openssl_tls1_3
1991requires_config_enabled MBEDTLS_DEBUG_C
1992requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]1993requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1994requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1995requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1996requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1997run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1998 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]1999 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2000 0 \
2001 -c "HTTP/1.0 200 ok" \
2002 -c "ECDH curve: secp521r1" \
2003 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2004 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2005 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2006
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2007requires_gnutls_tls1_3
2008requires_gnutls_next_no_ticket
2009requires_gnutls_next_disable_tls13_compat
2010requires_config_enabled MBEDTLS_DEBUG_C
2011requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2012requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2013requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2014requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2015requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2016run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2017 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2018 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2019 0 \
2020 -c "HTTP/1.0 200 OK" \
2021 -c "ECDH curve: secp521r1" \
2022 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2023 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2024 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2025
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2026requires_openssl_tls1_3
2027requires_config_enabled MBEDTLS_DEBUG_C
2028requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2029requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2030requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2031requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2032requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2033run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2034 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2035 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2036 0 \
2037 -c "HTTP/1.0 200 ok" \
2038 -c "ECDH curve: x25519" \
2039 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2040 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2041 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2042
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2043requires_gnutls_tls1_3
2044requires_gnutls_next_no_ticket
2045requires_gnutls_next_disable_tls13_compat
2046requires_config_enabled MBEDTLS_DEBUG_C
2047requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2048requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2049requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2050requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2051requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2052run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2053 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2054 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2055 0 \
2056 -c "HTTP/1.0 200 OK" \
2057 -c "ECDH curve: x25519" \
2058 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2059 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2060 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2061
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2062requires_openssl_tls1_3
2063requires_config_enabled MBEDTLS_DEBUG_C
2064requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2065requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2066requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2067requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2068requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2069run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2070 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2071 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2072 0 \
2073 -c "HTTP/1.0 200 ok" \
2074 -c "ECDH curve: x448" \
2075 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2076 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2077 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2078
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2079requires_gnutls_tls1_3
2080requires_gnutls_next_no_ticket
2081requires_gnutls_next_disable_tls13_compat
2082requires_config_enabled MBEDTLS_DEBUG_C
2083requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2084requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2085requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2086requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2087requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2088run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2089 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2090 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2091 0 \
2092 -c "HTTP/1.0 200 OK" \
2093 -c "ECDH curve: x448" \
2094 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2095 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2096 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2097
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2098requires_openssl_tls1_3
2099requires_config_enabled MBEDTLS_DEBUG_C
2100requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2101requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2102requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2103requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2104run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2105 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2106 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2107 0 \
2108 -c "HTTP/1.0 200 ok" \
2109 -c "ECDH curve: secp256r1" \
2110 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2111 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2112 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2113
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2114requires_gnutls_tls1_3
2115requires_gnutls_next_no_ticket
2116requires_gnutls_next_disable_tls13_compat
2117requires_config_enabled MBEDTLS_DEBUG_C
2118requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2119requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2120requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2122run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2123 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2124 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2125 0 \
2126 -c "HTTP/1.0 200 OK" \
2127 -c "ECDH curve: secp256r1" \
2128 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2129 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2130 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2131
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2132requires_openssl_tls1_3
2133requires_config_enabled MBEDTLS_DEBUG_C
2134requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2135requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2136requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2137requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2138run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2139 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2140 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2141 0 \
2142 -c "HTTP/1.0 200 ok" \
2143 -c "ECDH curve: secp384r1" \
2144 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2145 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2146 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2147
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2148requires_gnutls_tls1_3
2149requires_gnutls_next_no_ticket
2150requires_gnutls_next_disable_tls13_compat
2151requires_config_enabled MBEDTLS_DEBUG_C
2152requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2153requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2154requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2155requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2156run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2157 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2158 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2159 0 \
2160 -c "HTTP/1.0 200 OK" \
2161 -c "ECDH curve: secp384r1" \
2162 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2163 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2164 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2165
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2166requires_openssl_tls1_3
2167requires_config_enabled MBEDTLS_DEBUG_C
2168requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2169requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2170requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2171requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2172run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2173 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2174 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2175 0 \
2176 -c "HTTP/1.0 200 ok" \
2177 -c "ECDH curve: secp521r1" \
2178 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2179 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2180 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2181
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2182requires_gnutls_tls1_3
2183requires_gnutls_next_no_ticket
2184requires_gnutls_next_disable_tls13_compat
2185requires_config_enabled MBEDTLS_DEBUG_C
2186requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2187requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2188requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2189requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2190run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2191 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2192 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2193 0 \
2194 -c "HTTP/1.0 200 OK" \
2195 -c "ECDH curve: secp521r1" \
2196 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2197 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2198 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2199
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2200requires_openssl_tls1_3
2201requires_config_enabled MBEDTLS_DEBUG_C
2202requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2203requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2204requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2205requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2206run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2207 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2208 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2209 0 \
2210 -c "HTTP/1.0 200 ok" \
2211 -c "ECDH curve: x25519" \
2212 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2213 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2214 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2215
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2216requires_gnutls_tls1_3
2217requires_gnutls_next_no_ticket
2218requires_gnutls_next_disable_tls13_compat
2219requires_config_enabled MBEDTLS_DEBUG_C
2220requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2221requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2222requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2223requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2224run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2225 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2226 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2227 0 \
2228 -c "HTTP/1.0 200 OK" \
2229 -c "ECDH curve: x25519" \
2230 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2231 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2232 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2233
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2234requires_openssl_tls1_3
2235requires_config_enabled MBEDTLS_DEBUG_C
2236requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2238requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2240run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2241 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2242 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2243 0 \
2244 -c "HTTP/1.0 200 ok" \
2245 -c "ECDH curve: x448" \
2246 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2247 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2248 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2249
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2250requires_gnutls_tls1_3
2251requires_gnutls_next_no_ticket
2252requires_gnutls_next_disable_tls13_compat
2253requires_config_enabled MBEDTLS_DEBUG_C
2254requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2255requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2256requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2258run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2259 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2260 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2261 0 \
2262 -c "HTTP/1.0 200 OK" \
2263 -c "ECDH curve: x448" \
2264 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2265 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2266 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2267
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2268requires_openssl_tls1_3
2269requires_config_enabled MBEDTLS_DEBUG_C
2270requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2271requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2272requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2273requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2274run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2275 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2276 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2277 0 \
2278 -c "HTTP/1.0 200 ok" \
2279 -c "ECDH curve: secp256r1" \
2280 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2281 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2282 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2283
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2284requires_gnutls_tls1_3
2285requires_gnutls_next_no_ticket
2286requires_gnutls_next_disable_tls13_compat
2287requires_config_enabled MBEDTLS_DEBUG_C
2288requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2289requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2290requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2291requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2292run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2293 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2294 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2295 0 \
2296 -c "HTTP/1.0 200 OK" \
2297 -c "ECDH curve: secp256r1" \
2298 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2299 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2300 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2301
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2302requires_openssl_tls1_3
2303requires_config_enabled MBEDTLS_DEBUG_C
2304requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2305requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2306requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2307requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2308run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2309 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2310 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2311 0 \
2312 -c "HTTP/1.0 200 ok" \
2313 -c "ECDH curve: secp384r1" \
2314 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2315 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2316 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2317
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2318requires_gnutls_tls1_3
2319requires_gnutls_next_no_ticket
2320requires_gnutls_next_disable_tls13_compat
2321requires_config_enabled MBEDTLS_DEBUG_C
2322requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2323requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2324requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2326run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2327 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2328 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2329 0 \
2330 -c "HTTP/1.0 200 OK" \
2331 -c "ECDH curve: secp384r1" \
2332 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2333 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2334 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2335
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2336requires_openssl_tls1_3
2337requires_config_enabled MBEDTLS_DEBUG_C
2338requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2339requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2340requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2341requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2342run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2343 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2344 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2345 0 \
2346 -c "HTTP/1.0 200 ok" \
2347 -c "ECDH curve: secp521r1" \
2348 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2349 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2350 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2351
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2352requires_gnutls_tls1_3
2353requires_gnutls_next_no_ticket
2354requires_gnutls_next_disable_tls13_compat
2355requires_config_enabled MBEDTLS_DEBUG_C
2356requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2357requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2358requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2360run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2361 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2362 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2363 0 \
2364 -c "HTTP/1.0 200 OK" \
2365 -c "ECDH curve: secp521r1" \
2366 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2367 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2368 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2369
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2370requires_openssl_tls1_3
2371requires_config_enabled MBEDTLS_DEBUG_C
2372requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2373requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2374requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2375requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2376run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2377 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2378 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2379 0 \
2380 -c "HTTP/1.0 200 ok" \
2381 -c "ECDH curve: x25519" \
2382 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2383 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2384 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2385
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2386requires_gnutls_tls1_3
2387requires_gnutls_next_no_ticket
2388requires_gnutls_next_disable_tls13_compat
2389requires_config_enabled MBEDTLS_DEBUG_C
2390requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2391requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2392requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2393requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2394run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2395 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2396 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2397 0 \
2398 -c "HTTP/1.0 200 OK" \
2399 -c "ECDH curve: x25519" \
2400 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2401 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2402 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2403
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2404requires_openssl_tls1_3
2405requires_config_enabled MBEDTLS_DEBUG_C
2406requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2407requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2408requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2409requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2410run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2411 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2412 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2413 0 \
2414 -c "HTTP/1.0 200 ok" \
2415 -c "ECDH curve: x448" \
2416 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2417 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2418 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2419
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2420requires_gnutls_tls1_3
2421requires_gnutls_next_no_ticket
2422requires_gnutls_next_disable_tls13_compat
2423requires_config_enabled MBEDTLS_DEBUG_C
2424requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2425requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2426requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2427requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2428run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2429 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2430 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2431 0 \
2432 -c "HTTP/1.0 200 OK" \
2433 -c "ECDH curve: x448" \
2434 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2435 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2436 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2437
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2438requires_openssl_tls1_3
2439requires_config_enabled MBEDTLS_DEBUG_C
2440requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2441requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2442requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2443requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2444run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2445 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2446 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2447 0 \
2448 -c "HTTP/1.0 200 ok" \
2449 -c "ECDH curve: secp256r1" \
2450 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2451 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2452 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2453
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2454requires_gnutls_tls1_3
2455requires_gnutls_next_no_ticket
2456requires_gnutls_next_disable_tls13_compat
2457requires_config_enabled MBEDTLS_DEBUG_C
2458requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2459requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2460requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2461requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2462run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2463 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2464 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2465 0 \
2466 -c "HTTP/1.0 200 OK" \
2467 -c "ECDH curve: secp256r1" \
2468 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2469 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2470 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2471
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2472requires_openssl_tls1_3
2473requires_config_enabled MBEDTLS_DEBUG_C
2474requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2475requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2476requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2477requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2478run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2479 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2480 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2481 0 \
2482 -c "HTTP/1.0 200 ok" \
2483 -c "ECDH curve: secp384r1" \
2484 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2485 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2486 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2487
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2488requires_gnutls_tls1_3
2489requires_gnutls_next_no_ticket
2490requires_gnutls_next_disable_tls13_compat
2491requires_config_enabled MBEDTLS_DEBUG_C
2492requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2493requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2494requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2495requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2496run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2497 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2498 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2499 0 \
2500 -c "HTTP/1.0 200 OK" \
2501 -c "ECDH curve: secp384r1" \
2502 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2503 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2504 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2505
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2506requires_openssl_tls1_3
2507requires_config_enabled MBEDTLS_DEBUG_C
2508requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2509requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2510requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2511requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2512run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2513 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2514 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2515 0 \
2516 -c "HTTP/1.0 200 ok" \
2517 -c "ECDH curve: secp521r1" \
2518 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2519 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2520 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2521
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2522requires_gnutls_tls1_3
2523requires_gnutls_next_no_ticket
2524requires_gnutls_next_disable_tls13_compat
2525requires_config_enabled MBEDTLS_DEBUG_C
2526requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2527requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2528requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2529requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2530run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2531 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2532 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2533 0 \
2534 -c "HTTP/1.0 200 OK" \
2535 -c "ECDH curve: secp521r1" \
2536 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2537 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2538 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2539
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2540requires_openssl_tls1_3
2541requires_config_enabled MBEDTLS_DEBUG_C
2542requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2543requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2544requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2545requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2546run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2547 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2548 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2549 0 \
2550 -c "HTTP/1.0 200 ok" \
2551 -c "ECDH curve: x25519" \
2552 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2553 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2554 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2555
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2556requires_gnutls_tls1_3
2557requires_gnutls_next_no_ticket
2558requires_gnutls_next_disable_tls13_compat
2559requires_config_enabled MBEDTLS_DEBUG_C
2560requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2561requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2562requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2564run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2565 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2566 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2567 0 \
2568 -c "HTTP/1.0 200 OK" \
2569 -c "ECDH curve: x25519" \
2570 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2571 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2572 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2573
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2574requires_openssl_tls1_3
2575requires_config_enabled MBEDTLS_DEBUG_C
2576requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2577requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2578requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2579requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2580run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2581 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2582 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2583 0 \
2584 -c "HTTP/1.0 200 ok" \
2585 -c "ECDH curve: x448" \
2586 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2587 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2588 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2589
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2590requires_gnutls_tls1_3
2591requires_gnutls_next_no_ticket
2592requires_gnutls_next_disable_tls13_compat
2593requires_config_enabled MBEDTLS_DEBUG_C
2594requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2595requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2596requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2597requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2598run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2599 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2600 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2601 0 \
2602 -c "HTTP/1.0 200 OK" \
2603 -c "ECDH curve: x448" \
2604 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2605 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2606 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2607
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2608requires_openssl_tls1_3
2609requires_config_enabled MBEDTLS_DEBUG_C
2610requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2611requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2612requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2613requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2614requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2615run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2616 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2617 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2618 0 \
2619 -c "HTTP/1.0 200 ok" \
2620 -c "ECDH curve: secp256r1" \
2621 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2622 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2623 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2624
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2625requires_gnutls_tls1_3
2626requires_gnutls_next_no_ticket
2627requires_gnutls_next_disable_tls13_compat
2628requires_config_enabled MBEDTLS_DEBUG_C
2629requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2630requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2631requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2632requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2633requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2634run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2635 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2636 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2637 0 \
2638 -c "HTTP/1.0 200 OK" \
2639 -c "ECDH curve: secp256r1" \
2640 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2641 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2642 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2643
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2644requires_openssl_tls1_3
2645requires_config_enabled MBEDTLS_DEBUG_C
2646requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2647requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2648requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2649requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2650requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2651run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2652 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2653 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2654 0 \
2655 -c "HTTP/1.0 200 ok" \
2656 -c "ECDH curve: secp384r1" \
2657 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2658 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2659 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2660
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2661requires_gnutls_tls1_3
2662requires_gnutls_next_no_ticket
2663requires_gnutls_next_disable_tls13_compat
2664requires_config_enabled MBEDTLS_DEBUG_C
2665requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2666requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2667requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2668requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2669requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2670run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2671 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2672 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2673 0 \
2674 -c "HTTP/1.0 200 OK" \
2675 -c "ECDH curve: secp384r1" \
2676 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2677 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2678 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2679
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2680requires_openssl_tls1_3
2681requires_config_enabled MBEDTLS_DEBUG_C
2682requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2683requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2684requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2685requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2686requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2687run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2688 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2689 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2690 0 \
2691 -c "HTTP/1.0 200 ok" \
2692 -c "ECDH curve: secp521r1" \
2693 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2694 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2695 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2696
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2697requires_gnutls_tls1_3
2698requires_gnutls_next_no_ticket
2699requires_gnutls_next_disable_tls13_compat
2700requires_config_enabled MBEDTLS_DEBUG_C
2701requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2702requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2703requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2704requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2705requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2706run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2707 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2708 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2709 0 \
2710 -c "HTTP/1.0 200 OK" \
2711 -c "ECDH curve: secp521r1" \
2712 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2713 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2714 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2715
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2716requires_openssl_tls1_3
2717requires_config_enabled MBEDTLS_DEBUG_C
2718requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2719requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2720requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2722requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2723run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2724 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2725 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2726 0 \
2727 -c "HTTP/1.0 200 ok" \
2728 -c "ECDH curve: x25519" \
2729 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2730 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2731 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2732
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2733requires_gnutls_tls1_3
2734requires_gnutls_next_no_ticket
2735requires_gnutls_next_disable_tls13_compat
2736requires_config_enabled MBEDTLS_DEBUG_C
2737requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2738requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2739requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2740requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2741requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2742run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2743 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2744 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2745 0 \
2746 -c "HTTP/1.0 200 OK" \
2747 -c "ECDH curve: x25519" \
2748 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2749 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2750 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2751
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2752requires_openssl_tls1_3
2753requires_config_enabled MBEDTLS_DEBUG_C
2754requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2755requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2756requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2758requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2759run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2760 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2761 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2762 0 \
2763 -c "HTTP/1.0 200 ok" \
2764 -c "ECDH curve: x448" \
2765 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2766 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2767 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2768
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2769requires_gnutls_tls1_3
2770requires_gnutls_next_no_ticket
2771requires_gnutls_next_disable_tls13_compat
2772requires_config_enabled MBEDTLS_DEBUG_C
2773requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2774requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2775requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2776requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2777requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2778run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2779 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2780 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2781 0 \
2782 -c "HTTP/1.0 200 OK" \
2783 -c "ECDH curve: x448" \
2784 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2785 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2786 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2787
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2788requires_openssl_tls1_3
2789requires_config_enabled MBEDTLS_DEBUG_C
2790requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2791requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2792requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2793requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2794run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2795 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2796 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2797 0 \
2798 -c "HTTP/1.0 200 ok" \
2799 -c "ECDH curve: secp256r1" \
2800 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2801 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2802 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2803
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2804requires_gnutls_tls1_3
2805requires_gnutls_next_no_ticket
2806requires_gnutls_next_disable_tls13_compat
2807requires_config_enabled MBEDTLS_DEBUG_C
2808requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2809requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2810requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2811requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2812run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2813 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2814 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2815 0 \
2816 -c "HTTP/1.0 200 OK" \
2817 -c "ECDH curve: secp256r1" \
2818 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2819 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2820 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2821
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2822requires_openssl_tls1_3
2823requires_config_enabled MBEDTLS_DEBUG_C
2824requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2825requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2826requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2827requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2828run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2829 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2830 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2831 0 \
2832 -c "HTTP/1.0 200 ok" \
2833 -c "ECDH curve: secp384r1" \
2834 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2835 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2836 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2837
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2838requires_gnutls_tls1_3
2839requires_gnutls_next_no_ticket
2840requires_gnutls_next_disable_tls13_compat
2841requires_config_enabled MBEDTLS_DEBUG_C
2842requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2843requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2844requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2845requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2846run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2847 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2848 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2849 0 \
2850 -c "HTTP/1.0 200 OK" \
2851 -c "ECDH curve: secp384r1" \
2852 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2853 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2854 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2855
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2856requires_openssl_tls1_3
2857requires_config_enabled MBEDTLS_DEBUG_C
2858requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2859requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2860requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2861requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2862run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2863 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2864 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2865 0 \
2866 -c "HTTP/1.0 200 ok" \
2867 -c "ECDH curve: secp521r1" \
2868 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2869 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2870 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2871
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2872requires_gnutls_tls1_3
2873requires_gnutls_next_no_ticket
2874requires_gnutls_next_disable_tls13_compat
2875requires_config_enabled MBEDTLS_DEBUG_C
2876requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2877requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2878requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2879requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2880run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2881 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2882 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2883 0 \
2884 -c "HTTP/1.0 200 OK" \
2885 -c "ECDH curve: secp521r1" \
2886 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2887 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2888 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2889
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2890requires_openssl_tls1_3
2891requires_config_enabled MBEDTLS_DEBUG_C
2892requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2893requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2894requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2895requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2896run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2897 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2898 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2899 0 \
2900 -c "HTTP/1.0 200 ok" \
2901 -c "ECDH curve: x25519" \
2902 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2903 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2904 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2905
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2906requires_gnutls_tls1_3
2907requires_gnutls_next_no_ticket
2908requires_gnutls_next_disable_tls13_compat
2909requires_config_enabled MBEDTLS_DEBUG_C
2910requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2911requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2912requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2913requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2914run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2915 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2916 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2917 0 \
2918 -c "HTTP/1.0 200 OK" \
2919 -c "ECDH curve: x25519" \
2920 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2921 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2922 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2923
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2924requires_openssl_tls1_3
2925requires_config_enabled MBEDTLS_DEBUG_C
2926requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2927requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2928requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2929requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2930run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2931 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2932 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2933 0 \
2934 -c "HTTP/1.0 200 ok" \
2935 -c "ECDH curve: x448" \
2936 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2937 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2938 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2939
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2940requires_gnutls_tls1_3
2941requires_gnutls_next_no_ticket
2942requires_gnutls_next_disable_tls13_compat
2943requires_config_enabled MBEDTLS_DEBUG_C
2944requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2945requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2946requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2947requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2948run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2949 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2950 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2951 0 \
2952 -c "HTTP/1.0 200 OK" \
2953 -c "ECDH curve: x448" \
2954 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2955 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2956 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2957
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2958requires_openssl_tls1_3
2959requires_config_enabled MBEDTLS_DEBUG_C
2960requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2961requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2962requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2963requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2964run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2965 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2966 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2967 0 \
2968 -c "HTTP/1.0 200 ok" \
2969 -c "ECDH curve: secp256r1" \
2970 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2971 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2972 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2973
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2974requires_gnutls_tls1_3
2975requires_gnutls_next_no_ticket
2976requires_gnutls_next_disable_tls13_compat
2977requires_config_enabled MBEDTLS_DEBUG_C
2978requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2979requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2980requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2981requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2982run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2983 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]2984 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2985 0 \
2986 -c "HTTP/1.0 200 OK" \
2987 -c "ECDH curve: secp256r1" \
2988 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2989 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2990 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2991
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2992requires_openssl_tls1_3
2993requires_config_enabled MBEDTLS_DEBUG_C
2994requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]2995requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2996requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]2997requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]2998run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]2999 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3000 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3001 0 \
3002 -c "HTTP/1.0 200 ok" \
3003 -c "ECDH curve: secp384r1" \
3004 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3005 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3006 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3007
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3008requires_gnutls_tls1_3
3009requires_gnutls_next_no_ticket
3010requires_gnutls_next_disable_tls13_compat
3011requires_config_enabled MBEDTLS_DEBUG_C
3012requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3013requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3014requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3015requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3016run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3017 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3018 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3019 0 \
3020 -c "HTTP/1.0 200 OK" \
3021 -c "ECDH curve: secp384r1" \
3022 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3023 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3024 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3025
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3026requires_openssl_tls1_3
3027requires_config_enabled MBEDTLS_DEBUG_C
3028requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3029requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3030requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3031requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3032run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3033 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3034 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3035 0 \
3036 -c "HTTP/1.0 200 ok" \
3037 -c "ECDH curve: secp521r1" \
3038 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3039 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3040 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3041
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3042requires_gnutls_tls1_3
3043requires_gnutls_next_no_ticket
3044requires_gnutls_next_disable_tls13_compat
3045requires_config_enabled MBEDTLS_DEBUG_C
3046requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3047requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3048requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3049requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3050run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3051 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3052 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3053 0 \
3054 -c "HTTP/1.0 200 OK" \
3055 -c "ECDH curve: secp521r1" \
3056 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3057 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3058 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3059
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3060requires_openssl_tls1_3
3061requires_config_enabled MBEDTLS_DEBUG_C
3062requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3063requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3064requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3065requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3066run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3067 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3068 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3069 0 \
3070 -c "HTTP/1.0 200 ok" \
3071 -c "ECDH curve: x25519" \
3072 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3073 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3074 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3075
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3076requires_gnutls_tls1_3
3077requires_gnutls_next_no_ticket
3078requires_gnutls_next_disable_tls13_compat
3079requires_config_enabled MBEDTLS_DEBUG_C
3080requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3081requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3082requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3084run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3085 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3086 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3087 0 \
3088 -c "HTTP/1.0 200 OK" \
3089 -c "ECDH curve: x25519" \
3090 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3091 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3092 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3093
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3094requires_openssl_tls1_3
3095requires_config_enabled MBEDTLS_DEBUG_C
3096requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3097requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3098requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3099requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3100run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3101 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3102 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3103 0 \
3104 -c "HTTP/1.0 200 ok" \
3105 -c "ECDH curve: x448" \
3106 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3107 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3108 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3109
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3110requires_gnutls_tls1_3
3111requires_gnutls_next_no_ticket
3112requires_gnutls_next_disable_tls13_compat
3113requires_config_enabled MBEDTLS_DEBUG_C
3114requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3115requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3116requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3117requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3118run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3119 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3120 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448,secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3121 0 \
3122 -c "HTTP/1.0 200 OK" \
3123 -c "ECDH curve: x448" \
3124 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3125 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3126 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3127
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3128requires_openssl_tls1_3
3129requires_config_enabled MBEDTLS_DEBUG_C
3130requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3131requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3132requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3133requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3134run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3135 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3136 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3137 0 \
3138 -c "HTTP/1.0 200 ok" \
3139 -c "ECDH curve: secp256r1" \
3140 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3141 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3142 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3143
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3144requires_gnutls_tls1_3
3145requires_gnutls_next_no_ticket
3146requires_gnutls_next_disable_tls13_compat
3147requires_config_enabled MBEDTLS_DEBUG_C
3148requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3149requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3150requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3151requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3152run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3153 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3154 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3155 0 \
3156 -c "HTTP/1.0 200 OK" \
3157 -c "ECDH curve: secp256r1" \
3158 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3159 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3160 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3161
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3162requires_openssl_tls1_3
3163requires_config_enabled MBEDTLS_DEBUG_C
3164requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3165requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3166requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3167requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3168run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3169 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3170 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3171 0 \
3172 -c "HTTP/1.0 200 ok" \
3173 -c "ECDH curve: secp384r1" \
3174 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3175 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3176 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3177
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3178requires_gnutls_tls1_3
3179requires_gnutls_next_no_ticket
3180requires_gnutls_next_disable_tls13_compat
3181requires_config_enabled MBEDTLS_DEBUG_C
3182requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3183requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3184requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3185requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3186run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3187 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3188 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3189 0 \
3190 -c "HTTP/1.0 200 OK" \
3191 -c "ECDH curve: secp384r1" \
3192 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3193 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3194 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3195
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3196requires_openssl_tls1_3
3197requires_config_enabled MBEDTLS_DEBUG_C
3198requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3199requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3200requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3201requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3202run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3203 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3204 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3205 0 \
3206 -c "HTTP/1.0 200 ok" \
3207 -c "ECDH curve: secp521r1" \
3208 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3209 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3210 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3211
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3212requires_gnutls_tls1_3
3213requires_gnutls_next_no_ticket
3214requires_gnutls_next_disable_tls13_compat
3215requires_config_enabled MBEDTLS_DEBUG_C
3216requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3217requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3218requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3220run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3221 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3222 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3223 0 \
3224 -c "HTTP/1.0 200 OK" \
3225 -c "ECDH curve: secp521r1" \
3226 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3227 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3228 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3229
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3230requires_openssl_tls1_3
3231requires_config_enabled MBEDTLS_DEBUG_C
3232requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3233requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3234requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3235requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3236run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3237 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3238 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3239 0 \
3240 -c "HTTP/1.0 200 ok" \
3241 -c "ECDH curve: x25519" \
3242 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3243 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3244 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3245
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3246requires_gnutls_tls1_3
3247requires_gnutls_next_no_ticket
3248requires_gnutls_next_disable_tls13_compat
3249requires_config_enabled MBEDTLS_DEBUG_C
3250requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3251requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3252requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3253requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3254run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3255 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3256 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3257 0 \
3258 -c "HTTP/1.0 200 OK" \
3259 -c "ECDH curve: x25519" \
3260 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3261 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3262 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3263
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3264requires_openssl_tls1_3
3265requires_config_enabled MBEDTLS_DEBUG_C
3266requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3267requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3268requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3269requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3270run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3271 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3272 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3273 0 \
3274 -c "HTTP/1.0 200 ok" \
3275 -c "ECDH curve: x448" \
3276 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3277 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3278 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3279
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3280requires_gnutls_tls1_3
3281requires_gnutls_next_no_ticket
3282requires_gnutls_next_disable_tls13_compat
3283requires_config_enabled MBEDTLS_DEBUG_C
3284requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3285requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3286requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3287requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3288run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3289 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3290 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448,secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3291 0 \
3292 -c "HTTP/1.0 200 OK" \
3293 -c "ECDH curve: x448" \
3294 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3295 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3296 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3297
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3298requires_openssl_tls1_3
3299requires_config_enabled MBEDTLS_DEBUG_C
3300requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3301requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3302requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3303requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3304requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3305run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3306 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3307 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3308 0 \
3309 -c "HTTP/1.0 200 ok" \
3310 -c "ECDH curve: secp256r1" \
3311 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3312 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3313 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3314
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3315requires_gnutls_tls1_3
3316requires_gnutls_next_no_ticket
3317requires_gnutls_next_disable_tls13_compat
3318requires_config_enabled MBEDTLS_DEBUG_C
3319requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3320requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3321requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3322requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3323requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3324run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3325 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3326 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3327 0 \
3328 -c "HTTP/1.0 200 OK" \
3329 -c "ECDH curve: secp256r1" \
3330 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3331 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3332 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3333
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3334requires_openssl_tls1_3
3335requires_config_enabled MBEDTLS_DEBUG_C
3336requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3337requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3338requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3340requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3341run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3342 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3343 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3344 0 \
3345 -c "HTTP/1.0 200 ok" \
3346 -c "ECDH curve: secp384r1" \
3347 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3348 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3349 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3350
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3351requires_gnutls_tls1_3
3352requires_gnutls_next_no_ticket
3353requires_gnutls_next_disable_tls13_compat
3354requires_config_enabled MBEDTLS_DEBUG_C
3355requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3356requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3357requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3358requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3359requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3360run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3361 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3362 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3363 0 \
3364 -c "HTTP/1.0 200 OK" \
3365 -c "ECDH curve: secp384r1" \
3366 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3367 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3368 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3369
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3370requires_openssl_tls1_3
3371requires_config_enabled MBEDTLS_DEBUG_C
3372requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3373requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3374requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3375requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3376requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3377run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3378 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3379 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3380 0 \
3381 -c "HTTP/1.0 200 ok" \
3382 -c "ECDH curve: secp521r1" \
3383 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3384 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3385 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3386
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3387requires_gnutls_tls1_3
3388requires_gnutls_next_no_ticket
3389requires_gnutls_next_disable_tls13_compat
3390requires_config_enabled MBEDTLS_DEBUG_C
3391requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3392requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3393requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3395requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3396run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3397 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3398 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3399 0 \
3400 -c "HTTP/1.0 200 OK" \
3401 -c "ECDH curve: secp521r1" \
3402 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3403 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3404 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3405
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3406requires_openssl_tls1_3
3407requires_config_enabled MBEDTLS_DEBUG_C
3408requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3409requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3410requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3412requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3413run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3414 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3415 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3416 0 \
3417 -c "HTTP/1.0 200 ok" \
3418 -c "ECDH curve: x25519" \
3419 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3420 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3421 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3422
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3423requires_gnutls_tls1_3
3424requires_gnutls_next_no_ticket
3425requires_gnutls_next_disable_tls13_compat
3426requires_config_enabled MBEDTLS_DEBUG_C
3427requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3428requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3429requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3430requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3431requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3432run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3433 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3434 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3435 0 \
3436 -c "HTTP/1.0 200 OK" \
3437 -c "ECDH curve: x25519" \
3438 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3439 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3440 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3441
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3442requires_openssl_tls1_3
3443requires_config_enabled MBEDTLS_DEBUG_C
3444requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3445requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3446requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3447requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3448requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3449run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3450 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3451 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3452 0 \
3453 -c "HTTP/1.0 200 ok" \
3454 -c "ECDH curve: x448" \
3455 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3456 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3457 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3458
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3459requires_gnutls_tls1_3
3460requires_gnutls_next_no_ticket
3461requires_gnutls_next_disable_tls13_compat
3462requires_config_enabled MBEDTLS_DEBUG_C
3463requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame^]3464requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3465requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3466requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3467requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3468run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3469 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yu52a6e7e2021-12-06 18:24:46 +0800[diff] [blame]3470 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls13 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3471 0 \
3472 -c "HTTP/1.0 200 OK" \
3473 -c "ECDH curve: x448" \
3474 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3475 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3476 -c "Verifying peer X.509 certificate... ok"