TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 77074905bbed691e1e20ef6378b82a4706c3fa28 / . / tests / opt-testcases / tls13-compat.sh
blob: b3a02953a28b7c52d792c74e7a2c21dc0dd3120f [file] [log] [blame]
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1#!/bin/sh
2
3# tls13-compat.sh
4#
5# Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7#
8# Purpose
9#
10# List TLS1.3 compat test cases. They are generated by
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11# `./tests/scripts/generate_tls13_compat_tests.py -a -o ./tests/opt-testcases/tls13-compat.sh`.
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12#
13# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
14# AND REGENERATE THIS FILE.
15#
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]16
17DATA_FILES_PATH=../framework/data_files
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]18requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]19requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]20requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]21requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]22requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]23requires_openssl_tls1_3
24run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]25 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
26 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]27 0 \
28 -s "Protocol is TLSv1.3" \
29 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
30 -s "received signature algorithm: 0x403" \
31 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]32 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]33 -C "received HelloRetryRequest message"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]34
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]35requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]36requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]37requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]38requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]39requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]40requires_openssl_tls1_3
41run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]42 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
43 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]44 0 \
45 -s "Protocol is TLSv1.3" \
46 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
47 -s "received signature algorithm: 0x503" \
48 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]49 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]50 -C "received HelloRetryRequest message"
51
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]52requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]53requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]54requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]55requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]56requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]57requires_openssl_tls1_3
58run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]59 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
60 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]61 0 \
62 -s "Protocol is TLSv1.3" \
63 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
64 -s "received signature algorithm: 0x603" \
65 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]66 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]67 -C "received HelloRetryRequest message"
68
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]69requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]70requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]71requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]72requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
73requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]74requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]75requires_openssl_tls1_3
76run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]77 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
78 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]79 0 \
80 -s "Protocol is TLSv1.3" \
81 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
82 -s "received signature algorithm: 0x804" \
83 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]84 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]85 -C "received HelloRetryRequest message"
86
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]87requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]88requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]89requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]90requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]91requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]92requires_openssl_tls1_3
93run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]94 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
95 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]96 0 \
97 -s "Protocol is TLSv1.3" \
98 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
99 -s "received signature algorithm: 0x403" \
100 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]101 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]102 -C "received HelloRetryRequest message"
103
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]104requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]105requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]106requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]107requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]108requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]109requires_openssl_tls1_3
110run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]111 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
112 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]113 0 \
114 -s "Protocol is TLSv1.3" \
115 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
116 -s "received signature algorithm: 0x503" \
117 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]118 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]119 -C "received HelloRetryRequest message"
120
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]121requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]122requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]123requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]124requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]125requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]126requires_openssl_tls1_3
127run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]128 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
129 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]130 0 \
131 -s "Protocol is TLSv1.3" \
132 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
133 -s "received signature algorithm: 0x603" \
134 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]135 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]136 -C "received HelloRetryRequest message"
137
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]138requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]139requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]140requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
142requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]143requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]144requires_openssl_tls1_3
145run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]146 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
147 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]148 0 \
149 -s "Protocol is TLSv1.3" \
150 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
151 -s "received signature algorithm: 0x804" \
152 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]153 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]154 -C "received HelloRetryRequest message"
155
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]156requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]157requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]158requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]159requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]160requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]161requires_openssl_tls1_3
162run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]163 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
164 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]165 0 \
166 -s "Protocol is TLSv1.3" \
167 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
168 -s "received signature algorithm: 0x403" \
169 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]170 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]171 -C "received HelloRetryRequest message"
172
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]173requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]174requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]175requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]176requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]177requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]178requires_openssl_tls1_3
179run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]180 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
181 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]182 0 \
183 -s "Protocol is TLSv1.3" \
184 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
185 -s "received signature algorithm: 0x503" \
186 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]187 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]188 -C "received HelloRetryRequest message"
189
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]190requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]191requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]192requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]193requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]194requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]195requires_openssl_tls1_3
196run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]197 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
198 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]199 0 \
200 -s "Protocol is TLSv1.3" \
201 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
202 -s "received signature algorithm: 0x603" \
203 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]204 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]205 -C "received HelloRetryRequest message"
206
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]207requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]208requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]209requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]210requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
211requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]212requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]213requires_openssl_tls1_3
214run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]215 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
216 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]217 0 \
218 -s "Protocol is TLSv1.3" \
219 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
220 -s "received signature algorithm: 0x804" \
221 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]222 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]223 -C "received HelloRetryRequest message"
224
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]225requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]226requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]227requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]228requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]229requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]230requires_openssl_tls1_3
231run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]232 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
233 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]234 0 \
235 -s "Protocol is TLSv1.3" \
236 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
237 -s "received signature algorithm: 0x403" \
238 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]239 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]240 -C "received HelloRetryRequest message"
241
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]242requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]243requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]244requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]245requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]246requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]247requires_openssl_tls1_3
248run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]249 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
250 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]251 0 \
252 -s "Protocol is TLSv1.3" \
253 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
254 -s "received signature algorithm: 0x503" \
255 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]256 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]257 -C "received HelloRetryRequest message"
258
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]259requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]260requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]261requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]262requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]263requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]264requires_openssl_tls1_3
265run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]266 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
267 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]268 0 \
269 -s "Protocol is TLSv1.3" \
270 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
271 -s "received signature algorithm: 0x603" \
272 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]273 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]274 -C "received HelloRetryRequest message"
275
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]276requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]277requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]278requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]279requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
280requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]281requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]282requires_openssl_tls1_3
283run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]284 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
285 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]286 0 \
287 -s "Protocol is TLSv1.3" \
288 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
289 -s "received signature algorithm: 0x804" \
290 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]291 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]292 -C "received HelloRetryRequest message"
293
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]294requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]295requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]296requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]297requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]298requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]299requires_openssl_tls1_3
300run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]301 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
302 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]303 0 \
304 -s "Protocol is TLSv1.3" \
305 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
306 -s "received signature algorithm: 0x403" \
307 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]308 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]309 -C "received HelloRetryRequest message"
310
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]311requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]312requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]313requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]314requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]315requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]316requires_openssl_tls1_3
317run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]318 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
319 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]320 0 \
321 -s "Protocol is TLSv1.3" \
322 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
323 -s "received signature algorithm: 0x503" \
324 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]325 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]326 -C "received HelloRetryRequest message"
327
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]328requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]329requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]331requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]332requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]333requires_openssl_tls1_3
334run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]335 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
336 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]337 0 \
338 -s "Protocol is TLSv1.3" \
339 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
340 -s "received signature algorithm: 0x603" \
341 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]342 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]343 -C "received HelloRetryRequest message"
344
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]345requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]346requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]347requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]348requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
349requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]350requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]351requires_openssl_tls1_3
352run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]353 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
354 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]355 0 \
356 -s "Protocol is TLSv1.3" \
357 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
358 -s "received signature algorithm: 0x804" \
359 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]360 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]361 -C "received HelloRetryRequest message"
362
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]363requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]364requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]365requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]366requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]367requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]368requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]369requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]370run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]371 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
372 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]373 0 \
374 -s "Protocol is TLSv1.3" \
375 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
376 -s "received signature algorithm: 0x403" \
377 -s "got named group: ffdhe2048(0100)" \
378 -s "Certificate verification was skipped" \
379 -C "received HelloRetryRequest message"
380
381requires_config_enabled MBEDTLS_SSL_SRV_C
382requires_config_enabled MBEDTLS_DEBUG_C
383requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
384requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]385requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]386requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]387requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]388run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]389 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
390 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]391 0 \
392 -s "Protocol is TLSv1.3" \
393 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
394 -s "received signature algorithm: 0x503" \
395 -s "got named group: ffdhe2048(0100)" \
396 -s "Certificate verification was skipped" \
397 -C "received HelloRetryRequest message"
398
399requires_config_enabled MBEDTLS_SSL_SRV_C
400requires_config_enabled MBEDTLS_DEBUG_C
401requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
402requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]403requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]404requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]405requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]406run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]407 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
408 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]409 0 \
410 -s "Protocol is TLSv1.3" \
411 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
412 -s "received signature algorithm: 0x603" \
413 -s "got named group: ffdhe2048(0100)" \
414 -s "Certificate verification was skipped" \
415 -C "received HelloRetryRequest message"
416
417requires_config_enabled MBEDTLS_SSL_SRV_C
418requires_config_enabled MBEDTLS_DEBUG_C
419requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
420requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
421requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]422requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]423requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]424requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]425run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]426 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
427 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]428 0 \
429 -s "Protocol is TLSv1.3" \
430 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
431 -s "received signature algorithm: 0x804" \
432 -s "got named group: ffdhe2048(0100)" \
433 -s "Certificate verification was skipped" \
434 -C "received HelloRetryRequest message"
435
436requires_config_enabled MBEDTLS_SSL_SRV_C
437requires_config_enabled MBEDTLS_DEBUG_C
438requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
439requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]440requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]441requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]442run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]443 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
444 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]445 0 \
446 -s "Protocol is TLSv1.3" \
447 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
448 -s "received signature algorithm: 0x403" \
449 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]450 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]451 -C "received HelloRetryRequest message"
452
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]453requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]454requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]455requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]456requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]457requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]458requires_openssl_tls1_3
459run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]460 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
461 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]462 0 \
463 -s "Protocol is TLSv1.3" \
464 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
465 -s "received signature algorithm: 0x503" \
466 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]467 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]468 -C "received HelloRetryRequest message"
469
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]470requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]471requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]472requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]473requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]474requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]475requires_openssl_tls1_3
476run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]477 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
478 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]479 0 \
480 -s "Protocol is TLSv1.3" \
481 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
482 -s "received signature algorithm: 0x603" \
483 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]484 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]485 -C "received HelloRetryRequest message"
486
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]487requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]488requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]489requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]490requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
491requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]492requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]493requires_openssl_tls1_3
494run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]495 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
496 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]497 0 \
498 -s "Protocol is TLSv1.3" \
499 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
500 -s "received signature algorithm: 0x804" \
501 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]502 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]503 -C "received HelloRetryRequest message"
504
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]505requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]506requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]507requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]508requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]509requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]510requires_openssl_tls1_3
511run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]512 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
513 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]514 0 \
515 -s "Protocol is TLSv1.3" \
516 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
517 -s "received signature algorithm: 0x403" \
518 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]519 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]520 -C "received HelloRetryRequest message"
521
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]522requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]523requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]524requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]525requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]526requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]527requires_openssl_tls1_3
528run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]529 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
530 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]531 0 \
532 -s "Protocol is TLSv1.3" \
533 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
534 -s "received signature algorithm: 0x503" \
535 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]536 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]537 -C "received HelloRetryRequest message"
538
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]539requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]540requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]541requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]542requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]543requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]544requires_openssl_tls1_3
545run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]546 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
547 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]548 0 \
549 -s "Protocol is TLSv1.3" \
550 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
551 -s "received signature algorithm: 0x603" \
552 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]553 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]554 -C "received HelloRetryRequest message"
555
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]556requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]557requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]558requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]559requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
560requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]561requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]562requires_openssl_tls1_3
563run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]564 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
565 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]566 0 \
567 -s "Protocol is TLSv1.3" \
568 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
569 -s "received signature algorithm: 0x804" \
570 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]571 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]572 -C "received HelloRetryRequest message"
573
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]574requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]575requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]576requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]577requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]578requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]579requires_openssl_tls1_3
580run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]581 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
582 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]583 0 \
584 -s "Protocol is TLSv1.3" \
585 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
586 -s "received signature algorithm: 0x403" \
587 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]588 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]589 -C "received HelloRetryRequest message"
590
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]591requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]592requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]593requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]594requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]595requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]596requires_openssl_tls1_3
597run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]598 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
599 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]600 0 \
601 -s "Protocol is TLSv1.3" \
602 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
603 -s "received signature algorithm: 0x503" \
604 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]605 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]606 -C "received HelloRetryRequest message"
607
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]608requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]609requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]610requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]611requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]612requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]613requires_openssl_tls1_3
614run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]615 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
616 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]617 0 \
618 -s "Protocol is TLSv1.3" \
619 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
620 -s "received signature algorithm: 0x603" \
621 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]622 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]623 -C "received HelloRetryRequest message"
624
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]625requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]626requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]627requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]628requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
629requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]630requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]631requires_openssl_tls1_3
632run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]633 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
634 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]635 0 \
636 -s "Protocol is TLSv1.3" \
637 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
638 -s "received signature algorithm: 0x804" \
639 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]640 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]641 -C "received HelloRetryRequest message"
642
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]643requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]644requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]645requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]646requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]647requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]648requires_openssl_tls1_3
649run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]650 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
651 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]652 0 \
653 -s "Protocol is TLSv1.3" \
654 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
655 -s "received signature algorithm: 0x403" \
656 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]657 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]658 -C "received HelloRetryRequest message"
659
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]660requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]661requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]662requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]663requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]664requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]665requires_openssl_tls1_3
666run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]667 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
668 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]669 0 \
670 -s "Protocol is TLSv1.3" \
671 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
672 -s "received signature algorithm: 0x503" \
673 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]674 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]675 -C "received HelloRetryRequest message"
676
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]677requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]678requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]679requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]680requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]681requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]682requires_openssl_tls1_3
683run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]684 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
685 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]686 0 \
687 -s "Protocol is TLSv1.3" \
688 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
689 -s "received signature algorithm: 0x603" \
690 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]691 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]692 -C "received HelloRetryRequest message"
693
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]694requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]695requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]696requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]697requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
698requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]699requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]700requires_openssl_tls1_3
701run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]702 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
703 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]704 0 \
705 -s "Protocol is TLSv1.3" \
706 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
707 -s "received signature algorithm: 0x804" \
708 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]709 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]710 -C "received HelloRetryRequest message"
711
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]712requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]713requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]714requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]715requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]716requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]717requires_openssl_tls1_3
718run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]719 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
720 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]721 0 \
722 -s "Protocol is TLSv1.3" \
723 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
724 -s "received signature algorithm: 0x403" \
725 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]726 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]727 -C "received HelloRetryRequest message"
728
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]729requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]730requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]731requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]732requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]733requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]734requires_openssl_tls1_3
735run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]736 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
737 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]738 0 \
739 -s "Protocol is TLSv1.3" \
740 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
741 -s "received signature algorithm: 0x503" \
742 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]743 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]744 -C "received HelloRetryRequest message"
745
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]746requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]747requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]748requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]749requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]750requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]751requires_openssl_tls1_3
752run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]753 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
754 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]755 0 \
756 -s "Protocol is TLSv1.3" \
757 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
758 -s "received signature algorithm: 0x603" \
759 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]760 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]761 -C "received HelloRetryRequest message"
762
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]763requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]764requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]765requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]766requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
767requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]768requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]769requires_openssl_tls1_3
770run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]771 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
772 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]773 0 \
774 -s "Protocol is TLSv1.3" \
775 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
776 -s "received signature algorithm: 0x804" \
777 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]778 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]779 -C "received HelloRetryRequest message"
780
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]781requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]782requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]783requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]784requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]785requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]786requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]787requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]788run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]789 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
790 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]791 0 \
792 -s "Protocol is TLSv1.3" \
793 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
794 -s "received signature algorithm: 0x403" \
795 -s "got named group: ffdhe2048(0100)" \
796 -s "Certificate verification was skipped" \
797 -C "received HelloRetryRequest message"
798
799requires_config_enabled MBEDTLS_SSL_SRV_C
800requires_config_enabled MBEDTLS_DEBUG_C
801requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
802requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]803requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]804requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]805requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]806run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]807 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
808 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]809 0 \
810 -s "Protocol is TLSv1.3" \
811 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
812 -s "received signature algorithm: 0x503" \
813 -s "got named group: ffdhe2048(0100)" \
814 -s "Certificate verification was skipped" \
815 -C "received HelloRetryRequest message"
816
817requires_config_enabled MBEDTLS_SSL_SRV_C
818requires_config_enabled MBEDTLS_DEBUG_C
819requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
820requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]821requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]822requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]823requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]824run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]825 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
826 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]827 0 \
828 -s "Protocol is TLSv1.3" \
829 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
830 -s "received signature algorithm: 0x603" \
831 -s "got named group: ffdhe2048(0100)" \
832 -s "Certificate verification was skipped" \
833 -C "received HelloRetryRequest message"
834
835requires_config_enabled MBEDTLS_SSL_SRV_C
836requires_config_enabled MBEDTLS_DEBUG_C
837requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
838requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
839requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]840requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]841requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]842requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]843run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]844 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
845 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]846 0 \
847 -s "Protocol is TLSv1.3" \
848 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
849 -s "received signature algorithm: 0x804" \
850 -s "got named group: ffdhe2048(0100)" \
851 -s "Certificate verification was skipped" \
852 -C "received HelloRetryRequest message"
853
854requires_config_enabled MBEDTLS_SSL_SRV_C
855requires_config_enabled MBEDTLS_DEBUG_C
856requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
857requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]858requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]859requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]860run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]861 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
862 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]863 0 \
864 -s "Protocol is TLSv1.3" \
865 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
866 -s "received signature algorithm: 0x403" \
867 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]868 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]869 -C "received HelloRetryRequest message"
870
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]871requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]872requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]873requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]874requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]875requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]876requires_openssl_tls1_3
877run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]878 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
879 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]880 0 \
881 -s "Protocol is TLSv1.3" \
882 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
883 -s "received signature algorithm: 0x503" \
884 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]885 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]886 -C "received HelloRetryRequest message"
887
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]888requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]889requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]890requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]891requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]892requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]893requires_openssl_tls1_3
894run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]895 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
896 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]897 0 \
898 -s "Protocol is TLSv1.3" \
899 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
900 -s "received signature algorithm: 0x603" \
901 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]902 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]903 -C "received HelloRetryRequest message"
904
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]905requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]906requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]907requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]908requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
909requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]910requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]911requires_openssl_tls1_3
912run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]913 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
914 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]915 0 \
916 -s "Protocol is TLSv1.3" \
917 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
918 -s "received signature algorithm: 0x804" \
919 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]920 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]921 -C "received HelloRetryRequest message"
922
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]923requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]924requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]925requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]926requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]927requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]928requires_openssl_tls1_3
929run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]930 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
931 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]932 0 \
933 -s "Protocol is TLSv1.3" \
934 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
935 -s "received signature algorithm: 0x403" \
936 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]937 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]938 -C "received HelloRetryRequest message"
939
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]940requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]941requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]942requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]943requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]944requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]945requires_openssl_tls1_3
946run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]947 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
948 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]949 0 \
950 -s "Protocol is TLSv1.3" \
951 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
952 -s "received signature algorithm: 0x503" \
953 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]954 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]955 -C "received HelloRetryRequest message"
956
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]957requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]958requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]959requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]960requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]961requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]962requires_openssl_tls1_3
963run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]964 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
965 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]966 0 \
967 -s "Protocol is TLSv1.3" \
968 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
969 -s "received signature algorithm: 0x603" \
970 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]971 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]972 -C "received HelloRetryRequest message"
973
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]974requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]975requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]976requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]977requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
978requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]979requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]980requires_openssl_tls1_3
981run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]982 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
983 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]984 0 \
985 -s "Protocol is TLSv1.3" \
986 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
987 -s "received signature algorithm: 0x804" \
988 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]989 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]990 -C "received HelloRetryRequest message"
991
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]992requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]993requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]994requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]995requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]996requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]997requires_openssl_tls1_3
998run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]999 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1000 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1001 0 \
1002 -s "Protocol is TLSv1.3" \
1003 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1004 -s "received signature algorithm: 0x403" \
1005 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1006 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1007 -C "received HelloRetryRequest message"
1008
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1009requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1010requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1011requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1012requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1013requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1014requires_openssl_tls1_3
1015run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1016 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1017 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1018 0 \
1019 -s "Protocol is TLSv1.3" \
1020 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1021 -s "received signature algorithm: 0x503" \
1022 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1023 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1024 -C "received HelloRetryRequest message"
1025
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1026requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1027requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1028requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1029requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1030requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1031requires_openssl_tls1_3
1032run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1033 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1034 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1035 0 \
1036 -s "Protocol is TLSv1.3" \
1037 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1038 -s "received signature algorithm: 0x603" \
1039 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1040 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1041 -C "received HelloRetryRequest message"
1042
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1043requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1044requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1045requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1046requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1047requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1048requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1049requires_openssl_tls1_3
1050run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1051 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1052 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1053 0 \
1054 -s "Protocol is TLSv1.3" \
1055 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1056 -s "received signature algorithm: 0x804" \
1057 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1058 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1059 -C "received HelloRetryRequest message"
1060
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1061requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1062requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1063requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1064requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1065requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1066requires_openssl_tls1_3
1067run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1068 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1069 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1070 0 \
1071 -s "Protocol is TLSv1.3" \
1072 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1073 -s "received signature algorithm: 0x403" \
1074 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1075 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1076 -C "received HelloRetryRequest message"
1077
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1078requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1079requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1080requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1081requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1082requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1083requires_openssl_tls1_3
1084run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1085 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1086 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1087 0 \
1088 -s "Protocol is TLSv1.3" \
1089 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1090 -s "received signature algorithm: 0x503" \
1091 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1092 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1093 -C "received HelloRetryRequest message"
1094
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1095requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1096requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1097requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1098requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1099requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1100requires_openssl_tls1_3
1101run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1102 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1103 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1104 0 \
1105 -s "Protocol is TLSv1.3" \
1106 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1107 -s "received signature algorithm: 0x603" \
1108 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1109 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1110 -C "received HelloRetryRequest message"
1111
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1112requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1113requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1114requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1115requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1116requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1117requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1118requires_openssl_tls1_3
1119run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1120 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1121 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1122 0 \
1123 -s "Protocol is TLSv1.3" \
1124 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1125 -s "received signature algorithm: 0x804" \
1126 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1127 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1128 -C "received HelloRetryRequest message"
1129
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1130requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1131requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1132requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1133requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1134requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1135requires_openssl_tls1_3
1136run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1137 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1138 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1139 0 \
1140 -s "Protocol is TLSv1.3" \
1141 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1142 -s "received signature algorithm: 0x403" \
1143 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1144 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1145 -C "received HelloRetryRequest message"
1146
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1147requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1148requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1149requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1150requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1151requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1152requires_openssl_tls1_3
1153run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1154 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1155 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1156 0 \
1157 -s "Protocol is TLSv1.3" \
1158 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1159 -s "received signature algorithm: 0x503" \
1160 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1161 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1162 -C "received HelloRetryRequest message"
1163
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1164requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1165requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1166requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1167requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1168requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1169requires_openssl_tls1_3
1170run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1171 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1172 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1173 0 \
1174 -s "Protocol is TLSv1.3" \
1175 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1176 -s "received signature algorithm: 0x603" \
1177 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1178 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1179 -C "received HelloRetryRequest message"
1180
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1181requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1182requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1183requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1184requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1185requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1186requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1187requires_openssl_tls1_3
1188run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1189 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1190 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1191 0 \
1192 -s "Protocol is TLSv1.3" \
1193 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1194 -s "received signature algorithm: 0x804" \
1195 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1196 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1197 -C "received HelloRetryRequest message"
1198
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1199requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1200requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1201requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1202requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1203requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1204requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1205requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1206run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1207 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1208 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1209 0 \
1210 -s "Protocol is TLSv1.3" \
1211 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1212 -s "received signature algorithm: 0x403" \
1213 -s "got named group: ffdhe2048(0100)" \
1214 -s "Certificate verification was skipped" \
1215 -C "received HelloRetryRequest message"
1216
1217requires_config_enabled MBEDTLS_SSL_SRV_C
1218requires_config_enabled MBEDTLS_DEBUG_C
1219requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1221requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1222requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1223requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1224run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1225 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1226 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1227 0 \
1228 -s "Protocol is TLSv1.3" \
1229 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1230 -s "received signature algorithm: 0x503" \
1231 -s "got named group: ffdhe2048(0100)" \
1232 -s "Certificate verification was skipped" \
1233 -C "received HelloRetryRequest message"
1234
1235requires_config_enabled MBEDTLS_SSL_SRV_C
1236requires_config_enabled MBEDTLS_DEBUG_C
1237requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1239requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1240requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1241requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1242run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1243 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1244 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1245 0 \
1246 -s "Protocol is TLSv1.3" \
1247 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1248 -s "received signature algorithm: 0x603" \
1249 -s "got named group: ffdhe2048(0100)" \
1250 -s "Certificate verification was skipped" \
1251 -C "received HelloRetryRequest message"
1252
1253requires_config_enabled MBEDTLS_SSL_SRV_C
1254requires_config_enabled MBEDTLS_DEBUG_C
1255requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1257requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1258requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1259requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1260requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1261run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1262 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1263 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1264 0 \
1265 -s "Protocol is TLSv1.3" \
1266 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1267 -s "received signature algorithm: 0x804" \
1268 -s "got named group: ffdhe2048(0100)" \
1269 -s "Certificate verification was skipped" \
1270 -C "received HelloRetryRequest message"
1271
1272requires_config_enabled MBEDTLS_SSL_SRV_C
1273requires_config_enabled MBEDTLS_DEBUG_C
1274requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1275requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1276requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1277requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1278run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1279 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1280 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1281 0 \
1282 -s "Protocol is TLSv1.3" \
1283 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1284 -s "received signature algorithm: 0x403" \
1285 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1286 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1287 -C "received HelloRetryRequest message"
1288
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1289requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1290requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1292requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1293requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1294requires_openssl_tls1_3
1295run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1296 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1297 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1298 0 \
1299 -s "Protocol is TLSv1.3" \
1300 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1301 -s "received signature algorithm: 0x503" \
1302 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1303 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1304 -C "received HelloRetryRequest message"
1305
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1306requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1307requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1308requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1309requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1310requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1311requires_openssl_tls1_3
1312run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1313 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1314 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1315 0 \
1316 -s "Protocol is TLSv1.3" \
1317 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1318 -s "received signature algorithm: 0x603" \
1319 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1320 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1321 -C "received HelloRetryRequest message"
1322
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1323requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1324requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1325requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1326requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1327requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1328requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1329requires_openssl_tls1_3
1330run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1331 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1332 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1333 0 \
1334 -s "Protocol is TLSv1.3" \
1335 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1336 -s "received signature algorithm: 0x804" \
1337 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1338 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1339 -C "received HelloRetryRequest message"
1340
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1341requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1342requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1343requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1344requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1345requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1346requires_openssl_tls1_3
1347run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1348 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1349 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1350 0 \
1351 -s "Protocol is TLSv1.3" \
1352 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1353 -s "received signature algorithm: 0x403" \
1354 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1355 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1356 -C "received HelloRetryRequest message"
1357
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1358requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1359requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1360requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1361requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1362requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1363requires_openssl_tls1_3
1364run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1365 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1366 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1367 0 \
1368 -s "Protocol is TLSv1.3" \
1369 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1370 -s "received signature algorithm: 0x503" \
1371 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1372 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1373 -C "received HelloRetryRequest message"
1374
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1375requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1376requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1377requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1378requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1379requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1380requires_openssl_tls1_3
1381run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1382 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1383 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1384 0 \
1385 -s "Protocol is TLSv1.3" \
1386 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1387 -s "received signature algorithm: 0x603" \
1388 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1389 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1390 -C "received HelloRetryRequest message"
1391
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1392requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1393requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1394requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1395requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1396requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1397requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1398requires_openssl_tls1_3
1399run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1400 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1401 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1402 0 \
1403 -s "Protocol is TLSv1.3" \
1404 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1405 -s "received signature algorithm: 0x804" \
1406 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1407 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1408 -C "received HelloRetryRequest message"
1409
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1410requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1411requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1412requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1413requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1414requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1415requires_openssl_tls1_3
1416run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1417 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1418 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1419 0 \
1420 -s "Protocol is TLSv1.3" \
1421 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1422 -s "received signature algorithm: 0x403" \
1423 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1424 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1425 -C "received HelloRetryRequest message"
1426
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1427requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1428requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1429requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1430requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1431requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1432requires_openssl_tls1_3
1433run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1434 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1435 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1436 0 \
1437 -s "Protocol is TLSv1.3" \
1438 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1439 -s "received signature algorithm: 0x503" \
1440 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1441 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1442 -C "received HelloRetryRequest message"
1443
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1444requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1445requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1447requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1448requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1449requires_openssl_tls1_3
1450run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1451 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1452 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1453 0 \
1454 -s "Protocol is TLSv1.3" \
1455 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1456 -s "received signature algorithm: 0x603" \
1457 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1458 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1459 -C "received HelloRetryRequest message"
1460
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1461requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1462requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1463requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1464requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1465requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1466requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1467requires_openssl_tls1_3
1468run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1469 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1470 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1471 0 \
1472 -s "Protocol is TLSv1.3" \
1473 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1474 -s "received signature algorithm: 0x804" \
1475 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1476 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1477 -C "received HelloRetryRequest message"
1478
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1479requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1480requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1481requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1482requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1483requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1484requires_openssl_tls1_3
1485run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1486 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1487 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1488 0 \
1489 -s "Protocol is TLSv1.3" \
1490 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1491 -s "received signature algorithm: 0x403" \
1492 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1493 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1494 -C "received HelloRetryRequest message"
1495
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1496requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1497requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1498requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1499requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1500requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1501requires_openssl_tls1_3
1502run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1503 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1504 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1505 0 \
1506 -s "Protocol is TLSv1.3" \
1507 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1508 -s "received signature algorithm: 0x503" \
1509 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1510 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1511 -C "received HelloRetryRequest message"
1512
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1513requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1514requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1515requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1516requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1517requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1518requires_openssl_tls1_3
1519run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1520 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1521 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1522 0 \
1523 -s "Protocol is TLSv1.3" \
1524 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1525 -s "received signature algorithm: 0x603" \
1526 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1527 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1528 -C "received HelloRetryRequest message"
1529
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1530requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1531requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1532requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1533requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1534requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1535requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1536requires_openssl_tls1_3
1537run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1538 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1539 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1540 0 \
1541 -s "Protocol is TLSv1.3" \
1542 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1543 -s "received signature algorithm: 0x804" \
1544 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1545 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1546 -C "received HelloRetryRequest message"
1547
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1548requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1549requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1550requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1551requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1552requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1553requires_openssl_tls1_3
1554run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1555 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1556 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1557 0 \
1558 -s "Protocol is TLSv1.3" \
1559 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1560 -s "received signature algorithm: 0x403" \
1561 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1562 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1563 -C "received HelloRetryRequest message"
1564
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1565requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1566requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1567requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1568requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1569requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1570requires_openssl_tls1_3
1571run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1572 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1573 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1574 0 \
1575 -s "Protocol is TLSv1.3" \
1576 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1577 -s "received signature algorithm: 0x503" \
1578 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1579 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1580 -C "received HelloRetryRequest message"
1581
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1582requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1583requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1584requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1585requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1586requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1587requires_openssl_tls1_3
1588run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1589 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1590 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1591 0 \
1592 -s "Protocol is TLSv1.3" \
1593 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1594 -s "received signature algorithm: 0x603" \
1595 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1596 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1597 -C "received HelloRetryRequest message"
1598
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1599requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1600requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1601requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1602requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1603requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1604requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1605requires_openssl_tls1_3
1606run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1607 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1608 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1609 0 \
1610 -s "Protocol is TLSv1.3" \
1611 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1612 -s "received signature algorithm: 0x804" \
1613 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1614 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1615 -C "received HelloRetryRequest message"
1616
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1617requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1618requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1619requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1620requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1621requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1622requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1623requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1624run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1625 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1626 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1627 0 \
1628 -s "Protocol is TLSv1.3" \
1629 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1630 -s "received signature algorithm: 0x403" \
1631 -s "got named group: ffdhe2048(0100)" \
1632 -s "Certificate verification was skipped" \
1633 -C "received HelloRetryRequest message"
1634
1635requires_config_enabled MBEDTLS_SSL_SRV_C
1636requires_config_enabled MBEDTLS_DEBUG_C
1637requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1638requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1639requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1640requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1641requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1642run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1643 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1644 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1645 0 \
1646 -s "Protocol is TLSv1.3" \
1647 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1648 -s "received signature algorithm: 0x503" \
1649 -s "got named group: ffdhe2048(0100)" \
1650 -s "Certificate verification was skipped" \
1651 -C "received HelloRetryRequest message"
1652
1653requires_config_enabled MBEDTLS_SSL_SRV_C
1654requires_config_enabled MBEDTLS_DEBUG_C
1655requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1656requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1657requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1658requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1659requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1660run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1661 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1662 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1663 0 \
1664 -s "Protocol is TLSv1.3" \
1665 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1666 -s "received signature algorithm: 0x603" \
1667 -s "got named group: ffdhe2048(0100)" \
1668 -s "Certificate verification was skipped" \
1669 -C "received HelloRetryRequest message"
1670
1671requires_config_enabled MBEDTLS_SSL_SRV_C
1672requires_config_enabled MBEDTLS_DEBUG_C
1673requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1674requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1675requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1676requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]1677requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]1678requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1679run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1680 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1681 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1682 0 \
1683 -s "Protocol is TLSv1.3" \
1684 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1685 -s "received signature algorithm: 0x804" \
1686 -s "got named group: ffdhe2048(0100)" \
1687 -s "Certificate verification was skipped" \
1688 -C "received HelloRetryRequest message"
1689
1690requires_config_enabled MBEDTLS_SSL_SRV_C
1691requires_config_enabled MBEDTLS_DEBUG_C
1692requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1693requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1694requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]1695requires_openssl_tls1_3
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1696run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1697 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1698 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1699 0 \
1700 -s "Protocol is TLSv1.3" \
1701 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1702 -s "received signature algorithm: 0x403" \
1703 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1704 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1705 -C "received HelloRetryRequest message"
1706
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1707requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1708requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1709requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1710requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1711requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1712requires_openssl_tls1_3
1713run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1714 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1715 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1716 0 \
1717 -s "Protocol is TLSv1.3" \
1718 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1719 -s "received signature algorithm: 0x503" \
1720 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1721 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1722 -C "received HelloRetryRequest message"
1723
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1724requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1725requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1726requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1727requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1728requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1729requires_openssl_tls1_3
1730run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1731 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1732 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1733 0 \
1734 -s "Protocol is TLSv1.3" \
1735 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1736 -s "received signature algorithm: 0x603" \
1737 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1738 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1739 -C "received HelloRetryRequest message"
1740
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1741requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1742requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1743requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1744requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1745requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1746requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1747requires_openssl_tls1_3
1748run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1749 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1750 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1751 0 \
1752 -s "Protocol is TLSv1.3" \
1753 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1754 -s "received signature algorithm: 0x804" \
1755 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1756 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1757 -C "received HelloRetryRequest message"
1758
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1759requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1760requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1761requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1762requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1763requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1764requires_openssl_tls1_3
1765run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1766 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1767 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1768 0 \
1769 -s "Protocol is TLSv1.3" \
1770 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1771 -s "received signature algorithm: 0x403" \
1772 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1773 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1774 -C "received HelloRetryRequest message"
1775
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1776requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1777requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1778requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1779requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1780requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1781requires_openssl_tls1_3
1782run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1783 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1784 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1785 0 \
1786 -s "Protocol is TLSv1.3" \
1787 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1788 -s "received signature algorithm: 0x503" \
1789 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1790 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1791 -C "received HelloRetryRequest message"
1792
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1793requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1794requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1797requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1798requires_openssl_tls1_3
1799run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1800 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1801 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1802 0 \
1803 -s "Protocol is TLSv1.3" \
1804 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1805 -s "received signature algorithm: 0x603" \
1806 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1807 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1808 -C "received HelloRetryRequest message"
1809
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1810requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1811requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1812requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1813requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1814requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1815requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1816requires_openssl_tls1_3
1817run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1818 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1819 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1820 0 \
1821 -s "Protocol is TLSv1.3" \
1822 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1823 -s "received signature algorithm: 0x804" \
1824 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1825 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1826 -C "received HelloRetryRequest message"
1827
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1828requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1829requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1830requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1831requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1832requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1833requires_openssl_tls1_3
1834run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1835 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1836 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1837 0 \
1838 -s "Protocol is TLSv1.3" \
1839 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1840 -s "received signature algorithm: 0x403" \
1841 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1842 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1843 -C "received HelloRetryRequest message"
1844
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1845requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1846requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1847requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1848requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1849requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1850requires_openssl_tls1_3
1851run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1852 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1853 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1854 0 \
1855 -s "Protocol is TLSv1.3" \
1856 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1857 -s "received signature algorithm: 0x503" \
1858 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1859 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1860 -C "received HelloRetryRequest message"
1861
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1862requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1863requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1864requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1865requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1866requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1867requires_openssl_tls1_3
1868run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1869 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1870 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1871 0 \
1872 -s "Protocol is TLSv1.3" \
1873 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1874 -s "received signature algorithm: 0x603" \
1875 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1876 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1877 -C "received HelloRetryRequest message"
1878
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1879requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1880requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1881requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1882requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1883requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1884requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1885requires_openssl_tls1_3
1886run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1887 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1888 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1889 0 \
1890 -s "Protocol is TLSv1.3" \
1891 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1892 -s "received signature algorithm: 0x804" \
1893 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1894 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1895 -C "received HelloRetryRequest message"
1896
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1897requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1898requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1899requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1900requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1901requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1902requires_openssl_tls1_3
1903run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1904 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1905 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1906 0 \
1907 -s "Protocol is TLSv1.3" \
1908 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1909 -s "received signature algorithm: 0x403" \
1910 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1911 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1912 -C "received HelloRetryRequest message"
1913
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1914requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1915requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1916requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1917requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1918requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1919requires_openssl_tls1_3
1920run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1921 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1922 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1923 0 \
1924 -s "Protocol is TLSv1.3" \
1925 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1926 -s "received signature algorithm: 0x503" \
1927 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1928 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1929 -C "received HelloRetryRequest message"
1930
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1931requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1932requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1933requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1934requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1935requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1936requires_openssl_tls1_3
1937run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1938 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1939 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1940 0 \
1941 -s "Protocol is TLSv1.3" \
1942 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1943 -s "received signature algorithm: 0x603" \
1944 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1945 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1946 -C "received HelloRetryRequest message"
1947
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1948requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1949requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1950requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1951requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1952requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1953requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1954requires_openssl_tls1_3
1955run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1956 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1957 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1958 0 \
1959 -s "Protocol is TLSv1.3" \
1960 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1961 -s "received signature algorithm: 0x804" \
1962 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1963 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1964 -C "received HelloRetryRequest message"
1965
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1966requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1967requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1968requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1969requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1970requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1971requires_openssl_tls1_3
1972run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1973 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1974 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1975 0 \
1976 -s "Protocol is TLSv1.3" \
1977 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1978 -s "received signature algorithm: 0x403" \
1979 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1980 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1981 -C "received HelloRetryRequest message"
1982
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1983requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1984requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]1985requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1986requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]1987requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1988requires_openssl_tls1_3
1989run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]1990 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1991 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1992 0 \
1993 -s "Protocol is TLSv1.3" \
1994 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1995 -s "received signature algorithm: 0x503" \
1996 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]1997 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1998 -C "received HelloRetryRequest message"
1999
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2000requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2001requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2003requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2004requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2005requires_openssl_tls1_3
2006run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2007 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2008 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2009 0 \
2010 -s "Protocol is TLSv1.3" \
2011 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2012 -s "received signature algorithm: 0x603" \
2013 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2014 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2015 -C "received HelloRetryRequest message"
2016
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2017requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2018requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2019requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2020requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2021requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2022requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2023requires_openssl_tls1_3
2024run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2025 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2026 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2027 0 \
2028 -s "Protocol is TLSv1.3" \
2029 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2030 -s "received signature algorithm: 0x804" \
2031 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2032 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2033 -C "received HelloRetryRequest message"
2034
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2035requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2036requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2037requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2038requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2039requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2040requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]2041requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2042run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2043 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2044 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2045 0 \
2046 -s "Protocol is TLSv1.3" \
2047 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2048 -s "received signature algorithm: 0x403" \
2049 -s "got named group: ffdhe2048(0100)" \
2050 -s "Certificate verification was skipped" \
2051 -C "received HelloRetryRequest message"
2052
2053requires_config_enabled MBEDTLS_SSL_SRV_C
2054requires_config_enabled MBEDTLS_DEBUG_C
2055requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2056requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2057requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2058requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]2059requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2060run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2061 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2062 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2063 0 \
2064 -s "Protocol is TLSv1.3" \
2065 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2066 -s "received signature algorithm: 0x503" \
2067 -s "got named group: ffdhe2048(0100)" \
2068 -s "Certificate verification was skipped" \
2069 -C "received HelloRetryRequest message"
2070
2071requires_config_enabled MBEDTLS_SSL_SRV_C
2072requires_config_enabled MBEDTLS_DEBUG_C
2073requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2074requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2075requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2076requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]2077requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2078run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2079 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2080 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2081 0 \
2082 -s "Protocol is TLSv1.3" \
2083 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2084 -s "received signature algorithm: 0x603" \
2085 -s "got named group: ffdhe2048(0100)" \
2086 -s "Certificate verification was skipped" \
2087 -C "received HelloRetryRequest message"
2088
2089requires_config_enabled MBEDTLS_SSL_SRV_C
2090requires_config_enabled MBEDTLS_DEBUG_C
2091requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2092requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2093requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2094requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2095requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]2096requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2097run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2098 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2099 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2100 0 \
2101 -s "Protocol is TLSv1.3" \
2102 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
2103 -s "received signature algorithm: 0x804" \
2104 -s "got named group: ffdhe2048(0100)" \
2105 -s "Certificate verification was skipped" \
2106 -C "received HelloRetryRequest message"
2107
2108requires_config_enabled MBEDTLS_SSL_SRV_C
2109requires_config_enabled MBEDTLS_DEBUG_C
2110requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2111requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2112requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2113requires_gnutls_tls1_3
2114requires_gnutls_next_no_ticket
2115requires_gnutls_next_disable_tls13_compat
2116run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2117 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2118 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2119 0 \
2120 -s "Protocol is TLSv1.3" \
2121 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2122 -s "received signature algorithm: 0x403" \
2123 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2124 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2125 -C "received HelloRetryRequest message"
2126
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2127requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2128requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2129requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2130requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2131requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2132requires_gnutls_tls1_3
2133requires_gnutls_next_no_ticket
2134requires_gnutls_next_disable_tls13_compat
2135run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2136 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2137 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2138 0 \
2139 -s "Protocol is TLSv1.3" \
2140 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2141 -s "received signature algorithm: 0x503" \
2142 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2143 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2144 -C "received HelloRetryRequest message"
2145
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2146requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2147requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2148requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2149requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2150requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2151requires_gnutls_tls1_3
2152requires_gnutls_next_no_ticket
2153requires_gnutls_next_disable_tls13_compat
2154run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2155 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2156 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2157 0 \
2158 -s "Protocol is TLSv1.3" \
2159 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2160 -s "received signature algorithm: 0x603" \
2161 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2162 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2163 -C "received HelloRetryRequest message"
2164
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2165requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2166requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2167requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2168requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2169requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2170requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2171requires_gnutls_tls1_3
2172requires_gnutls_next_no_ticket
2173requires_gnutls_next_disable_tls13_compat
2174run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2175 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2176 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2177 0 \
2178 -s "Protocol is TLSv1.3" \
2179 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2180 -s "received signature algorithm: 0x804" \
2181 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2182 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2183 -C "received HelloRetryRequest message"
2184
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2185requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2186requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2187requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2188requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2189requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2190requires_gnutls_tls1_3
2191requires_gnutls_next_no_ticket
2192requires_gnutls_next_disable_tls13_compat
2193run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2194 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2195 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2196 0 \
2197 -s "Protocol is TLSv1.3" \
2198 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2199 -s "received signature algorithm: 0x403" \
2200 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2201 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2202 -C "received HelloRetryRequest message"
2203
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2204requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2205requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2207requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2208requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2209requires_gnutls_tls1_3
2210requires_gnutls_next_no_ticket
2211requires_gnutls_next_disable_tls13_compat
2212run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2213 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2214 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2215 0 \
2216 -s "Protocol is TLSv1.3" \
2217 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2218 -s "received signature algorithm: 0x503" \
2219 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2220 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2221 -C "received HelloRetryRequest message"
2222
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2223requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2224requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2225requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2226requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2227requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2228requires_gnutls_tls1_3
2229requires_gnutls_next_no_ticket
2230requires_gnutls_next_disable_tls13_compat
2231run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2232 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2233 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2234 0 \
2235 -s "Protocol is TLSv1.3" \
2236 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2237 -s "received signature algorithm: 0x603" \
2238 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2239 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2240 -C "received HelloRetryRequest message"
2241
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2242requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2243requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2244requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2245requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2246requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2247requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2248requires_gnutls_tls1_3
2249requires_gnutls_next_no_ticket
2250requires_gnutls_next_disable_tls13_compat
2251run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2252 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2253 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2254 0 \
2255 -s "Protocol is TLSv1.3" \
2256 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2257 -s "received signature algorithm: 0x804" \
2258 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2259 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2260 -C "received HelloRetryRequest message"
2261
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2262requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2263requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2264requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2265requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2266requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2267requires_gnutls_tls1_3
2268requires_gnutls_next_no_ticket
2269requires_gnutls_next_disable_tls13_compat
2270run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2271 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2272 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2273 0 \
2274 -s "Protocol is TLSv1.3" \
2275 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2276 -s "received signature algorithm: 0x403" \
2277 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2278 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2279 -C "received HelloRetryRequest message"
2280
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2281requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2282requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2283requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2284requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2285requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2286requires_gnutls_tls1_3
2287requires_gnutls_next_no_ticket
2288requires_gnutls_next_disable_tls13_compat
2289run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2290 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2291 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2292 0 \
2293 -s "Protocol is TLSv1.3" \
2294 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2295 -s "received signature algorithm: 0x503" \
2296 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2297 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2298 -C "received HelloRetryRequest message"
2299
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2300requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2301requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2302requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2303requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2304requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2305requires_gnutls_tls1_3
2306requires_gnutls_next_no_ticket
2307requires_gnutls_next_disable_tls13_compat
2308run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2309 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2310 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2311 0 \
2312 -s "Protocol is TLSv1.3" \
2313 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2314 -s "received signature algorithm: 0x603" \
2315 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2316 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2317 -C "received HelloRetryRequest message"
2318
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2319requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2320requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2321requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2322requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2323requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2324requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2325requires_gnutls_tls1_3
2326requires_gnutls_next_no_ticket
2327requires_gnutls_next_disable_tls13_compat
2328run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2329 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2330 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2331 0 \
2332 -s "Protocol is TLSv1.3" \
2333 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2334 -s "received signature algorithm: 0x804" \
2335 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2336 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2337 -C "received HelloRetryRequest message"
2338
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2339requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2340requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2341requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2342requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2343requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2344requires_gnutls_tls1_3
2345requires_gnutls_next_no_ticket
2346requires_gnutls_next_disable_tls13_compat
2347run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2348 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2349 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2350 0 \
2351 -s "Protocol is TLSv1.3" \
2352 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2353 -s "received signature algorithm: 0x403" \
2354 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2355 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2356 -C "received HelloRetryRequest message"
2357
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2358requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2359requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2360requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2361requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2362requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2363requires_gnutls_tls1_3
2364requires_gnutls_next_no_ticket
2365requires_gnutls_next_disable_tls13_compat
2366run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2367 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2368 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2369 0 \
2370 -s "Protocol is TLSv1.3" \
2371 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2372 -s "received signature algorithm: 0x503" \
2373 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2374 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2375 -C "received HelloRetryRequest message"
2376
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2377requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2378requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2379requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2380requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2381requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2382requires_gnutls_tls1_3
2383requires_gnutls_next_no_ticket
2384requires_gnutls_next_disable_tls13_compat
2385run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2386 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2387 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2388 0 \
2389 -s "Protocol is TLSv1.3" \
2390 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2391 -s "received signature algorithm: 0x603" \
2392 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2393 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2394 -C "received HelloRetryRequest message"
2395
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2396requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2397requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2398requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2399requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2400requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2401requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2402requires_gnutls_tls1_3
2403requires_gnutls_next_no_ticket
2404requires_gnutls_next_disable_tls13_compat
2405run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2406 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2407 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2408 0 \
2409 -s "Protocol is TLSv1.3" \
2410 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2411 -s "received signature algorithm: 0x804" \
2412 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2413 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2414 -C "received HelloRetryRequest message"
2415
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2416requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2417requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2418requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2419requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2420requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2421requires_gnutls_tls1_3
2422requires_gnutls_next_no_ticket
2423requires_gnutls_next_disable_tls13_compat
2424run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2425 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2426 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2427 0 \
2428 -s "Protocol is TLSv1.3" \
2429 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2430 -s "received signature algorithm: 0x403" \
2431 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2432 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2433 -C "received HelloRetryRequest message"
2434
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2435requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2436requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2437requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2438requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2439requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2440requires_gnutls_tls1_3
2441requires_gnutls_next_no_ticket
2442requires_gnutls_next_disable_tls13_compat
2443run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2444 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2445 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2446 0 \
2447 -s "Protocol is TLSv1.3" \
2448 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2449 -s "received signature algorithm: 0x503" \
2450 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2451 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2452 -C "received HelloRetryRequest message"
2453
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2454requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2455requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2456requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2457requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2458requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2459requires_gnutls_tls1_3
2460requires_gnutls_next_no_ticket
2461requires_gnutls_next_disable_tls13_compat
2462run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2463 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2464 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2465 0 \
2466 -s "Protocol is TLSv1.3" \
2467 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2468 -s "received signature algorithm: 0x603" \
2469 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2470 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2471 -C "received HelloRetryRequest message"
2472
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2473requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2474requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2475requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2476requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2477requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2478requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2479requires_gnutls_tls1_3
2480requires_gnutls_next_no_ticket
2481requires_gnutls_next_disable_tls13_compat
2482run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2483 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2484 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2485 0 \
2486 -s "Protocol is TLSv1.3" \
2487 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2488 -s "received signature algorithm: 0x804" \
2489 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2490 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2491 -C "received HelloRetryRequest message"
2492
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2493requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2494requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2495requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2496requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2497requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2498requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2499requires_gnutls_tls1_3
2500requires_gnutls_next_no_ticket
2501requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2502run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2503 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2504 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2505 0 \
2506 -s "Protocol is TLSv1.3" \
2507 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2508 -s "received signature algorithm: 0x403" \
2509 -s "got named group: ffdhe2048(0100)" \
2510 -s "Certificate verification was skipped" \
2511 -C "received HelloRetryRequest message"
2512
2513requires_config_enabled MBEDTLS_SSL_SRV_C
2514requires_config_enabled MBEDTLS_DEBUG_C
2515requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2516requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2517requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2518requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2519requires_gnutls_tls1_3
2520requires_gnutls_next_no_ticket
2521requires_gnutls_next_disable_tls13_compat
2522run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2523 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2524 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2525 0 \
2526 -s "Protocol is TLSv1.3" \
2527 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2528 -s "received signature algorithm: 0x503" \
2529 -s "got named group: ffdhe2048(0100)" \
2530 -s "Certificate verification was skipped" \
2531 -C "received HelloRetryRequest message"
2532
2533requires_config_enabled MBEDTLS_SSL_SRV_C
2534requires_config_enabled MBEDTLS_DEBUG_C
2535requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2536requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2537requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2538requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2539requires_gnutls_tls1_3
2540requires_gnutls_next_no_ticket
2541requires_gnutls_next_disable_tls13_compat
2542run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2543 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2544 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2545 0 \
2546 -s "Protocol is TLSv1.3" \
2547 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2548 -s "received signature algorithm: 0x603" \
2549 -s "got named group: ffdhe2048(0100)" \
2550 -s "Certificate verification was skipped" \
2551 -C "received HelloRetryRequest message"
2552
2553requires_config_enabled MBEDTLS_SSL_SRV_C
2554requires_config_enabled MBEDTLS_DEBUG_C
2555requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2556requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2557requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2558requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2559requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2560requires_gnutls_tls1_3
2561requires_gnutls_next_no_ticket
2562requires_gnutls_next_disable_tls13_compat
2563run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2564 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2565 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2566 0 \
2567 -s "Protocol is TLSv1.3" \
2568 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2569 -s "received signature algorithm: 0x804" \
2570 -s "got named group: ffdhe2048(0100)" \
2571 -s "Certificate verification was skipped" \
2572 -C "received HelloRetryRequest message"
2573
2574requires_config_enabled MBEDTLS_SSL_SRV_C
2575requires_config_enabled MBEDTLS_DEBUG_C
2576requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2577requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2578requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2579requires_gnutls_tls1_3
2580requires_gnutls_next_no_ticket
2581requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2582run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2583 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2584 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2585 0 \
2586 -s "Protocol is TLSv1.3" \
2587 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2588 -s "received signature algorithm: 0x403" \
2589 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2590 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2591 -C "received HelloRetryRequest message"
2592
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2593requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2594requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2595requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2596requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2597requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2598requires_gnutls_tls1_3
2599requires_gnutls_next_no_ticket
2600requires_gnutls_next_disable_tls13_compat
2601run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2602 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2603 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2604 0 \
2605 -s "Protocol is TLSv1.3" \
2606 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2607 -s "received signature algorithm: 0x503" \
2608 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2609 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2610 -C "received HelloRetryRequest message"
2611
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2612requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2613requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2614requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2615requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2616requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2617requires_gnutls_tls1_3
2618requires_gnutls_next_no_ticket
2619requires_gnutls_next_disable_tls13_compat
2620run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2621 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2622 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2623 0 \
2624 -s "Protocol is TLSv1.3" \
2625 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2626 -s "received signature algorithm: 0x603" \
2627 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2628 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2629 -C "received HelloRetryRequest message"
2630
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2631requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2632requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2633requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2634requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2635requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2636requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2637requires_gnutls_tls1_3
2638requires_gnutls_next_no_ticket
2639requires_gnutls_next_disable_tls13_compat
2640run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2641 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2642 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2643 0 \
2644 -s "Protocol is TLSv1.3" \
2645 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2646 -s "received signature algorithm: 0x804" \
2647 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2648 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2649 -C "received HelloRetryRequest message"
2650
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2651requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2652requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2653requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2654requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2655requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2656requires_gnutls_tls1_3
2657requires_gnutls_next_no_ticket
2658requires_gnutls_next_disable_tls13_compat
2659run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2660 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2661 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2662 0 \
2663 -s "Protocol is TLSv1.3" \
2664 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2665 -s "received signature algorithm: 0x403" \
2666 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2667 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2668 -C "received HelloRetryRequest message"
2669
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2670requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2671requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2672requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2673requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2674requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2675requires_gnutls_tls1_3
2676requires_gnutls_next_no_ticket
2677requires_gnutls_next_disable_tls13_compat
2678run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2679 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2680 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2681 0 \
2682 -s "Protocol is TLSv1.3" \
2683 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2684 -s "received signature algorithm: 0x503" \
2685 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2686 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2687 -C "received HelloRetryRequest message"
2688
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2689requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2690requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2691requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2692requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2693requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2694requires_gnutls_tls1_3
2695requires_gnutls_next_no_ticket
2696requires_gnutls_next_disable_tls13_compat
2697run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2698 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2699 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2700 0 \
2701 -s "Protocol is TLSv1.3" \
2702 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2703 -s "received signature algorithm: 0x603" \
2704 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2705 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2706 -C "received HelloRetryRequest message"
2707
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2708requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2709requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2710requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2711requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2712requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2713requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2714requires_gnutls_tls1_3
2715requires_gnutls_next_no_ticket
2716requires_gnutls_next_disable_tls13_compat
2717run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2718 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2719 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2720 0 \
2721 -s "Protocol is TLSv1.3" \
2722 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2723 -s "received signature algorithm: 0x804" \
2724 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2725 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2726 -C "received HelloRetryRequest message"
2727
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2728requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2729requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2730requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2731requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2732requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2733requires_gnutls_tls1_3
2734requires_gnutls_next_no_ticket
2735requires_gnutls_next_disable_tls13_compat
2736run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2737 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2738 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2739 0 \
2740 -s "Protocol is TLSv1.3" \
2741 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2742 -s "received signature algorithm: 0x403" \
2743 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2744 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2745 -C "received HelloRetryRequest message"
2746
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2747requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2748requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2749requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2750requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2751requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2752requires_gnutls_tls1_3
2753requires_gnutls_next_no_ticket
2754requires_gnutls_next_disable_tls13_compat
2755run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2756 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2757 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2758 0 \
2759 -s "Protocol is TLSv1.3" \
2760 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2761 -s "received signature algorithm: 0x503" \
2762 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2763 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2764 -C "received HelloRetryRequest message"
2765
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2766requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2767requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2768requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2769requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2770requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2771requires_gnutls_tls1_3
2772requires_gnutls_next_no_ticket
2773requires_gnutls_next_disable_tls13_compat
2774run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2775 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2776 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2777 0 \
2778 -s "Protocol is TLSv1.3" \
2779 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2780 -s "received signature algorithm: 0x603" \
2781 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2782 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2783 -C "received HelloRetryRequest message"
2784
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2785requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2786requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2787requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2788requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2789requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2790requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2791requires_gnutls_tls1_3
2792requires_gnutls_next_no_ticket
2793requires_gnutls_next_disable_tls13_compat
2794run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2795 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2796 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2797 0 \
2798 -s "Protocol is TLSv1.3" \
2799 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2800 -s "received signature algorithm: 0x804" \
2801 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2802 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2803 -C "received HelloRetryRequest message"
2804
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2805requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2806requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2807requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2808requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2809requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2810requires_gnutls_tls1_3
2811requires_gnutls_next_no_ticket
2812requires_gnutls_next_disable_tls13_compat
2813run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2814 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2815 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2816 0 \
2817 -s "Protocol is TLSv1.3" \
2818 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2819 -s "received signature algorithm: 0x403" \
2820 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2821 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2822 -C "received HelloRetryRequest message"
2823
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2824requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2825requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2826requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2827requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2828requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2829requires_gnutls_tls1_3
2830requires_gnutls_next_no_ticket
2831requires_gnutls_next_disable_tls13_compat
2832run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2833 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2834 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2835 0 \
2836 -s "Protocol is TLSv1.3" \
2837 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2838 -s "received signature algorithm: 0x503" \
2839 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2840 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2841 -C "received HelloRetryRequest message"
2842
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2843requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2844requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2845requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2846requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2847requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2848requires_gnutls_tls1_3
2849requires_gnutls_next_no_ticket
2850requires_gnutls_next_disable_tls13_compat
2851run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2852 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2853 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2854 0 \
2855 -s "Protocol is TLSv1.3" \
2856 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2857 -s "received signature algorithm: 0x603" \
2858 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2859 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2860 -C "received HelloRetryRequest message"
2861
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2862requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2863requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2864requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2865requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2866requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2867requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2868requires_gnutls_tls1_3
2869requires_gnutls_next_no_ticket
2870requires_gnutls_next_disable_tls13_compat
2871run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2872 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2873 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2874 0 \
2875 -s "Protocol is TLSv1.3" \
2876 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2877 -s "received signature algorithm: 0x804" \
2878 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2879 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2880 -C "received HelloRetryRequest message"
2881
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2882requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2883requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2886requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2887requires_gnutls_tls1_3
2888requires_gnutls_next_no_ticket
2889requires_gnutls_next_disable_tls13_compat
2890run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2891 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2892 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2893 0 \
2894 -s "Protocol is TLSv1.3" \
2895 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2896 -s "received signature algorithm: 0x403" \
2897 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2898 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2899 -C "received HelloRetryRequest message"
2900
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2901requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2902requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2903requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2904requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2905requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2906requires_gnutls_tls1_3
2907requires_gnutls_next_no_ticket
2908requires_gnutls_next_disable_tls13_compat
2909run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2910 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2911 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2912 0 \
2913 -s "Protocol is TLSv1.3" \
2914 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2915 -s "received signature algorithm: 0x503" \
2916 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2917 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2918 -C "received HelloRetryRequest message"
2919
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2920requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2921requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2922requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2923requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2924requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2925requires_gnutls_tls1_3
2926requires_gnutls_next_no_ticket
2927requires_gnutls_next_disable_tls13_compat
2928run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2929 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2930 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2931 0 \
2932 -s "Protocol is TLSv1.3" \
2933 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2934 -s "received signature algorithm: 0x603" \
2935 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2936 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2937 -C "received HelloRetryRequest message"
2938
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2939requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2940requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2941requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2942requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2943requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2944requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2945requires_gnutls_tls1_3
2946requires_gnutls_next_no_ticket
2947requires_gnutls_next_disable_tls13_compat
2948run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2949 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2950 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2951 0 \
2952 -s "Protocol is TLSv1.3" \
2953 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2954 -s "received signature algorithm: 0x804" \
2955 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]2956 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2957 -C "received HelloRetryRequest message"
2958
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2959requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2960requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]2961requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2962requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2963requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2964requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2965requires_gnutls_tls1_3
2966requires_gnutls_next_no_ticket
2967requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2968run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2969 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2970 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2971 0 \
2972 -s "Protocol is TLSv1.3" \
2973 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2974 -s "received signature algorithm: 0x403" \
2975 -s "got named group: ffdhe2048(0100)" \
2976 -s "Certificate verification was skipped" \
2977 -C "received HelloRetryRequest message"
2978
2979requires_config_enabled MBEDTLS_SSL_SRV_C
2980requires_config_enabled MBEDTLS_DEBUG_C
2981requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2982requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]2983requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]2984requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2985requires_gnutls_tls1_3
2986requires_gnutls_next_no_ticket
2987requires_gnutls_next_disable_tls13_compat
2988run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]2989 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2990 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]2991 0 \
2992 -s "Protocol is TLSv1.3" \
2993 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2994 -s "received signature algorithm: 0x503" \
2995 -s "got named group: ffdhe2048(0100)" \
2996 -s "Certificate verification was skipped" \
2997 -C "received HelloRetryRequest message"
2998
2999requires_config_enabled MBEDTLS_SSL_SRV_C
3000requires_config_enabled MBEDTLS_DEBUG_C
3001requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3002requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3003requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3004requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3005requires_gnutls_tls1_3
3006requires_gnutls_next_no_ticket
3007requires_gnutls_next_disable_tls13_compat
3008run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3009 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3010 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3011 0 \
3012 -s "Protocol is TLSv1.3" \
3013 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3014 -s "received signature algorithm: 0x603" \
3015 -s "got named group: ffdhe2048(0100)" \
3016 -s "Certificate verification was skipped" \
3017 -C "received HelloRetryRequest message"
3018
3019requires_config_enabled MBEDTLS_SSL_SRV_C
3020requires_config_enabled MBEDTLS_DEBUG_C
3021requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3022requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3023requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3024requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3025requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3026requires_gnutls_tls1_3
3027requires_gnutls_next_no_ticket
3028requires_gnutls_next_disable_tls13_compat
3029run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3030 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3031 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3032 0 \
3033 -s "Protocol is TLSv1.3" \
3034 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
3035 -s "received signature algorithm: 0x804" \
3036 -s "got named group: ffdhe2048(0100)" \
3037 -s "Certificate verification was skipped" \
3038 -C "received HelloRetryRequest message"
3039
3040requires_config_enabled MBEDTLS_SSL_SRV_C
3041requires_config_enabled MBEDTLS_DEBUG_C
3042requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3043requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3044requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3045requires_gnutls_tls1_3
3046requires_gnutls_next_no_ticket
3047requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3048run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3049 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3050 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3051 0 \
3052 -s "Protocol is TLSv1.3" \
3053 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3054 -s "received signature algorithm: 0x403" \
3055 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3056 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3057 -C "received HelloRetryRequest message"
3058
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3059requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3060requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3061requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3062requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3063requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3064requires_gnutls_tls1_3
3065requires_gnutls_next_no_ticket
3066requires_gnutls_next_disable_tls13_compat
3067run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3068 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3069 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3070 0 \
3071 -s "Protocol is TLSv1.3" \
3072 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3073 -s "received signature algorithm: 0x503" \
3074 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3075 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3076 -C "received HelloRetryRequest message"
3077
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3078requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3079requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3080requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3081requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3082requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3083requires_gnutls_tls1_3
3084requires_gnutls_next_no_ticket
3085requires_gnutls_next_disable_tls13_compat
3086run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3087 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3088 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3089 0 \
3090 -s "Protocol is TLSv1.3" \
3091 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3092 -s "received signature algorithm: 0x603" \
3093 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3094 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3095 -C "received HelloRetryRequest message"
3096
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3097requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3098requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3099requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3101requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3102requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3103requires_gnutls_tls1_3
3104requires_gnutls_next_no_ticket
3105requires_gnutls_next_disable_tls13_compat
3106run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3107 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3108 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3109 0 \
3110 -s "Protocol is TLSv1.3" \
3111 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3112 -s "received signature algorithm: 0x804" \
3113 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3114 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3115 -C "received HelloRetryRequest message"
3116
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3117requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3118requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3119requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3120requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3121requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3122requires_gnutls_tls1_3
3123requires_gnutls_next_no_ticket
3124requires_gnutls_next_disable_tls13_compat
3125run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3126 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3127 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3128 0 \
3129 -s "Protocol is TLSv1.3" \
3130 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3131 -s "received signature algorithm: 0x403" \
3132 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3133 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3134 -C "received HelloRetryRequest message"
3135
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3136requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3137requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3138requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3139requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3140requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3141requires_gnutls_tls1_3
3142requires_gnutls_next_no_ticket
3143requires_gnutls_next_disable_tls13_compat
3144run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3145 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3146 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3147 0 \
3148 -s "Protocol is TLSv1.3" \
3149 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3150 -s "received signature algorithm: 0x503" \
3151 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3152 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3153 -C "received HelloRetryRequest message"
3154
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3155requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3156requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3157requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3158requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3159requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3160requires_gnutls_tls1_3
3161requires_gnutls_next_no_ticket
3162requires_gnutls_next_disable_tls13_compat
3163run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3164 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3165 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3166 0 \
3167 -s "Protocol is TLSv1.3" \
3168 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3169 -s "received signature algorithm: 0x603" \
3170 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3171 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3172 -C "received HelloRetryRequest message"
3173
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3174requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3175requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3176requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3177requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3178requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3179requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3180requires_gnutls_tls1_3
3181requires_gnutls_next_no_ticket
3182requires_gnutls_next_disable_tls13_compat
3183run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3184 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3185 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3186 0 \
3187 -s "Protocol is TLSv1.3" \
3188 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3189 -s "received signature algorithm: 0x804" \
3190 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3191 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3192 -C "received HelloRetryRequest message"
3193
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3194requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3195requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3196requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3197requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3198requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3199requires_gnutls_tls1_3
3200requires_gnutls_next_no_ticket
3201requires_gnutls_next_disable_tls13_compat
3202run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3203 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3204 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3205 0 \
3206 -s "Protocol is TLSv1.3" \
3207 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3208 -s "received signature algorithm: 0x403" \
3209 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3210 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3211 -C "received HelloRetryRequest message"
3212
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3213requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3214requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3215requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3216requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3217requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3218requires_gnutls_tls1_3
3219requires_gnutls_next_no_ticket
3220requires_gnutls_next_disable_tls13_compat
3221run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3222 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3223 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3224 0 \
3225 -s "Protocol is TLSv1.3" \
3226 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3227 -s "received signature algorithm: 0x503" \
3228 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3229 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3230 -C "received HelloRetryRequest message"
3231
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3232requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3233requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3234requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3235requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3236requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3237requires_gnutls_tls1_3
3238requires_gnutls_next_no_ticket
3239requires_gnutls_next_disable_tls13_compat
3240run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3241 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3242 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3243 0 \
3244 -s "Protocol is TLSv1.3" \
3245 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3246 -s "received signature algorithm: 0x603" \
3247 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3248 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3249 -C "received HelloRetryRequest message"
3250
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3251requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3252requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3253requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3254requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3255requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3256requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3257requires_gnutls_tls1_3
3258requires_gnutls_next_no_ticket
3259requires_gnutls_next_disable_tls13_compat
3260run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3261 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3262 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3263 0 \
3264 -s "Protocol is TLSv1.3" \
3265 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3266 -s "received signature algorithm: 0x804" \
3267 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3268 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3269 -C "received HelloRetryRequest message"
3270
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3271requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3272requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3273requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3274requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3275requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3276requires_gnutls_tls1_3
3277requires_gnutls_next_no_ticket
3278requires_gnutls_next_disable_tls13_compat
3279run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3280 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3281 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3282 0 \
3283 -s "Protocol is TLSv1.3" \
3284 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3285 -s "received signature algorithm: 0x403" \
3286 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3287 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3288 -C "received HelloRetryRequest message"
3289
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3290requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3291requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3292requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3293requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3294requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3295requires_gnutls_tls1_3
3296requires_gnutls_next_no_ticket
3297requires_gnutls_next_disable_tls13_compat
3298run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3299 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3300 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3301 0 \
3302 -s "Protocol is TLSv1.3" \
3303 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3304 -s "received signature algorithm: 0x503" \
3305 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3306 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3307 -C "received HelloRetryRequest message"
3308
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3309requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3310requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3311requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3312requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3313requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3314requires_gnutls_tls1_3
3315requires_gnutls_next_no_ticket
3316requires_gnutls_next_disable_tls13_compat
3317run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3318 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3319 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3320 0 \
3321 -s "Protocol is TLSv1.3" \
3322 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3323 -s "received signature algorithm: 0x603" \
3324 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3325 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3326 -C "received HelloRetryRequest message"
3327
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3328requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3329requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3331requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3332requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3333requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3334requires_gnutls_tls1_3
3335requires_gnutls_next_no_ticket
3336requires_gnutls_next_disable_tls13_compat
3337run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3338 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3339 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3340 0 \
3341 -s "Protocol is TLSv1.3" \
3342 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3343 -s "received signature algorithm: 0x804" \
3344 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3345 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3346 -C "received HelloRetryRequest message"
3347
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3348requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3349requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3350requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3351requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3352requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3353requires_gnutls_tls1_3
3354requires_gnutls_next_no_ticket
3355requires_gnutls_next_disable_tls13_compat
3356run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3357 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3358 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3359 0 \
3360 -s "Protocol is TLSv1.3" \
3361 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3362 -s "received signature algorithm: 0x403" \
3363 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3364 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3365 -C "received HelloRetryRequest message"
3366
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3367requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3368requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3369requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3370requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3371requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3372requires_gnutls_tls1_3
3373requires_gnutls_next_no_ticket
3374requires_gnutls_next_disable_tls13_compat
3375run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3376 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3377 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3378 0 \
3379 -s "Protocol is TLSv1.3" \
3380 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3381 -s "received signature algorithm: 0x503" \
3382 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3383 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3384 -C "received HelloRetryRequest message"
3385
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3386requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3387requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3388requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3389requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3390requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3391requires_gnutls_tls1_3
3392requires_gnutls_next_no_ticket
3393requires_gnutls_next_disable_tls13_compat
3394run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3395 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3396 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3397 0 \
3398 -s "Protocol is TLSv1.3" \
3399 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3400 -s "received signature algorithm: 0x603" \
3401 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3402 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3403 -C "received HelloRetryRequest message"
3404
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3405requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3406requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3407requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3408requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3409requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3410requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3411requires_gnutls_tls1_3
3412requires_gnutls_next_no_ticket
3413requires_gnutls_next_disable_tls13_compat
3414run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3415 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3416 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3417 0 \
3418 -s "Protocol is TLSv1.3" \
3419 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3420 -s "received signature algorithm: 0x804" \
3421 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3422 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3423 -C "received HelloRetryRequest message"
3424
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3425requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3426requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3427requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3428requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3429requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3430requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3431requires_gnutls_tls1_3
3432requires_gnutls_next_no_ticket
3433requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3434run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3435 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3436 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3437 0 \
3438 -s "Protocol is TLSv1.3" \
3439 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3440 -s "received signature algorithm: 0x403" \
3441 -s "got named group: ffdhe2048(0100)" \
3442 -s "Certificate verification was skipped" \
3443 -C "received HelloRetryRequest message"
3444
3445requires_config_enabled MBEDTLS_SSL_SRV_C
3446requires_config_enabled MBEDTLS_DEBUG_C
3447requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3448requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3449requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3450requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3451requires_gnutls_tls1_3
3452requires_gnutls_next_no_ticket
3453requires_gnutls_next_disable_tls13_compat
3454run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3455 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3456 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3457 0 \
3458 -s "Protocol is TLSv1.3" \
3459 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3460 -s "received signature algorithm: 0x503" \
3461 -s "got named group: ffdhe2048(0100)" \
3462 -s "Certificate verification was skipped" \
3463 -C "received HelloRetryRequest message"
3464
3465requires_config_enabled MBEDTLS_SSL_SRV_C
3466requires_config_enabled MBEDTLS_DEBUG_C
3467requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3468requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3469requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3470requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3471requires_gnutls_tls1_3
3472requires_gnutls_next_no_ticket
3473requires_gnutls_next_disable_tls13_compat
3474run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3475 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3476 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3477 0 \
3478 -s "Protocol is TLSv1.3" \
3479 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3480 -s "received signature algorithm: 0x603" \
3481 -s "got named group: ffdhe2048(0100)" \
3482 -s "Certificate verification was skipped" \
3483 -C "received HelloRetryRequest message"
3484
3485requires_config_enabled MBEDTLS_SSL_SRV_C
3486requires_config_enabled MBEDTLS_DEBUG_C
3487requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3488requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3489requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3490requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3491requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3492requires_gnutls_tls1_3
3493requires_gnutls_next_no_ticket
3494requires_gnutls_next_disable_tls13_compat
3495run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3496 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3497 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3498 0 \
3499 -s "Protocol is TLSv1.3" \
3500 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
3501 -s "received signature algorithm: 0x804" \
3502 -s "got named group: ffdhe2048(0100)" \
3503 -s "Certificate verification was skipped" \
3504 -C "received HelloRetryRequest message"
3505
3506requires_config_enabled MBEDTLS_SSL_SRV_C
3507requires_config_enabled MBEDTLS_DEBUG_C
3508requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3509requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3510requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3511requires_gnutls_tls1_3
3512requires_gnutls_next_no_ticket
3513requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3514run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3515 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3516 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3517 0 \
3518 -s "Protocol is TLSv1.3" \
3519 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3520 -s "received signature algorithm: 0x403" \
3521 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3522 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3523 -C "received HelloRetryRequest message"
3524
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3525requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3526requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3527requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3528requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3529requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3530requires_gnutls_tls1_3
3531requires_gnutls_next_no_ticket
3532requires_gnutls_next_disable_tls13_compat
3533run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3534 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3535 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3536 0 \
3537 -s "Protocol is TLSv1.3" \
3538 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3539 -s "received signature algorithm: 0x503" \
3540 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3541 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3542 -C "received HelloRetryRequest message"
3543
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3544requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3545requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3546requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3547requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3548requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3549requires_gnutls_tls1_3
3550requires_gnutls_next_no_ticket
3551requires_gnutls_next_disable_tls13_compat
3552run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3553 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3554 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3555 0 \
3556 -s "Protocol is TLSv1.3" \
3557 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3558 -s "received signature algorithm: 0x603" \
3559 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3560 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3561 -C "received HelloRetryRequest message"
3562
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3563requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3564requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3565requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3566requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3567requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3568requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3569requires_gnutls_tls1_3
3570requires_gnutls_next_no_ticket
3571requires_gnutls_next_disable_tls13_compat
3572run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3573 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3574 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3575 0 \
3576 -s "Protocol is TLSv1.3" \
3577 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3578 -s "received signature algorithm: 0x804" \
3579 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3580 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3581 -C "received HelloRetryRequest message"
3582
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3583requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3584requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3585requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3586requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3587requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3588requires_gnutls_tls1_3
3589requires_gnutls_next_no_ticket
3590requires_gnutls_next_disable_tls13_compat
3591run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3592 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3593 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3594 0 \
3595 -s "Protocol is TLSv1.3" \
3596 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3597 -s "received signature algorithm: 0x403" \
3598 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3599 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3600 -C "received HelloRetryRequest message"
3601
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3602requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3603requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3604requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3605requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3606requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3607requires_gnutls_tls1_3
3608requires_gnutls_next_no_ticket
3609requires_gnutls_next_disable_tls13_compat
3610run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3611 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3612 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3613 0 \
3614 -s "Protocol is TLSv1.3" \
3615 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3616 -s "received signature algorithm: 0x503" \
3617 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3618 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3619 -C "received HelloRetryRequest message"
3620
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3621requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3622requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3624requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3625requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3626requires_gnutls_tls1_3
3627requires_gnutls_next_no_ticket
3628requires_gnutls_next_disable_tls13_compat
3629run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3630 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3631 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3632 0 \
3633 -s "Protocol is TLSv1.3" \
3634 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3635 -s "received signature algorithm: 0x603" \
3636 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3637 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3638 -C "received HelloRetryRequest message"
3639
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3640requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3641requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3642requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3643requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3644requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3645requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3646requires_gnutls_tls1_3
3647requires_gnutls_next_no_ticket
3648requires_gnutls_next_disable_tls13_compat
3649run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3650 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3651 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3652 0 \
3653 -s "Protocol is TLSv1.3" \
3654 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3655 -s "received signature algorithm: 0x804" \
3656 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3657 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3658 -C "received HelloRetryRequest message"
3659
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3660requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3661requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3662requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3663requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3664requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3665requires_gnutls_tls1_3
3666requires_gnutls_next_no_ticket
3667requires_gnutls_next_disable_tls13_compat
3668run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3669 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3670 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3671 0 \
3672 -s "Protocol is TLSv1.3" \
3673 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3674 -s "received signature algorithm: 0x403" \
3675 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3676 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3677 -C "received HelloRetryRequest message"
3678
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3679requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3680requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3681requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3682requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3683requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3684requires_gnutls_tls1_3
3685requires_gnutls_next_no_ticket
3686requires_gnutls_next_disable_tls13_compat
3687run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3688 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3689 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3690 0 \
3691 -s "Protocol is TLSv1.3" \
3692 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3693 -s "received signature algorithm: 0x503" \
3694 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3695 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3696 -C "received HelloRetryRequest message"
3697
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3698requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3699requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3700requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3701requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3702requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3703requires_gnutls_tls1_3
3704requires_gnutls_next_no_ticket
3705requires_gnutls_next_disable_tls13_compat
3706run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3707 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3708 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3709 0 \
3710 -s "Protocol is TLSv1.3" \
3711 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3712 -s "received signature algorithm: 0x603" \
3713 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3714 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3715 -C "received HelloRetryRequest message"
3716
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3717requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3718requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3719requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3720requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3721requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3722requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3723requires_gnutls_tls1_3
3724requires_gnutls_next_no_ticket
3725requires_gnutls_next_disable_tls13_compat
3726run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3727 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3728 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3729 0 \
3730 -s "Protocol is TLSv1.3" \
3731 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3732 -s "received signature algorithm: 0x804" \
3733 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3734 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3735 -C "received HelloRetryRequest message"
3736
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3737requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3738requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3739requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3740requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3741requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3742requires_gnutls_tls1_3
3743requires_gnutls_next_no_ticket
3744requires_gnutls_next_disable_tls13_compat
3745run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3746 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3747 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3748 0 \
3749 -s "Protocol is TLSv1.3" \
3750 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3751 -s "received signature algorithm: 0x403" \
3752 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3753 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3754 -C "received HelloRetryRequest message"
3755
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3756requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3757requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3758requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3759requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3760requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3761requires_gnutls_tls1_3
3762requires_gnutls_next_no_ticket
3763requires_gnutls_next_disable_tls13_compat
3764run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3765 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3766 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3767 0 \
3768 -s "Protocol is TLSv1.3" \
3769 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3770 -s "received signature algorithm: 0x503" \
3771 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3772 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3773 -C "received HelloRetryRequest message"
3774
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3775requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3776requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3777requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3778requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3779requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3780requires_gnutls_tls1_3
3781requires_gnutls_next_no_ticket
3782requires_gnutls_next_disable_tls13_compat
3783run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3784 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3785 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3786 0 \
3787 -s "Protocol is TLSv1.3" \
3788 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3789 -s "received signature algorithm: 0x603" \
3790 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3791 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3792 -C "received HelloRetryRequest message"
3793
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3794requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3795requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3796requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3797requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3798requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3799requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3800requires_gnutls_tls1_3
3801requires_gnutls_next_no_ticket
3802requires_gnutls_next_disable_tls13_compat
3803run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3804 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3805 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3806 0 \
3807 -s "Protocol is TLSv1.3" \
3808 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3809 -s "received signature algorithm: 0x804" \
3810 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3811 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3812 -C "received HelloRetryRequest message"
3813
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3814requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3815requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3816requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3817requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3818requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3819requires_gnutls_tls1_3
3820requires_gnutls_next_no_ticket
3821requires_gnutls_next_disable_tls13_compat
3822run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3823 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3824 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3825 0 \
3826 -s "Protocol is TLSv1.3" \
3827 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3828 -s "received signature algorithm: 0x403" \
3829 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3830 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3831 -C "received HelloRetryRequest message"
3832
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3833requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3834requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3835requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3836requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3837requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3838requires_gnutls_tls1_3
3839requires_gnutls_next_no_ticket
3840requires_gnutls_next_disable_tls13_compat
3841run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3842 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3843 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3844 0 \
3845 -s "Protocol is TLSv1.3" \
3846 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3847 -s "received signature algorithm: 0x503" \
3848 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3849 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3850 -C "received HelloRetryRequest message"
3851
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3852requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3853requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3854requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3856requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3857requires_gnutls_tls1_3
3858requires_gnutls_next_no_ticket
3859requires_gnutls_next_disable_tls13_compat
3860run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3861 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3862 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3863 0 \
3864 -s "Protocol is TLSv1.3" \
3865 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3866 -s "received signature algorithm: 0x603" \
3867 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3868 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3869 -C "received HelloRetryRequest message"
3870
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3871requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3872requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3873requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3874requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3875requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3876requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3877requires_gnutls_tls1_3
3878requires_gnutls_next_no_ticket
3879requires_gnutls_next_disable_tls13_compat
3880run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3881 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3882 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3883 0 \
3884 -s "Protocol is TLSv1.3" \
3885 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3886 -s "received signature algorithm: 0x804" \
3887 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3888 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3889 -C "received HelloRetryRequest message"
3890
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3891requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3892requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3893requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3894requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3895requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3896requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3897requires_gnutls_tls1_3
3898requires_gnutls_next_no_ticket
3899requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3900run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3901 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3902 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3903 0 \
3904 -s "Protocol is TLSv1.3" \
3905 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3906 -s "received signature algorithm: 0x403" \
3907 -s "got named group: ffdhe2048(0100)" \
3908 -s "Certificate verification was skipped" \
3909 -C "received HelloRetryRequest message"
3910
3911requires_config_enabled MBEDTLS_SSL_SRV_C
3912requires_config_enabled MBEDTLS_DEBUG_C
3913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3914requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3915requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3916requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3917requires_gnutls_tls1_3
3918requires_gnutls_next_no_ticket
3919requires_gnutls_next_disable_tls13_compat
3920run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3921 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3922 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3923 0 \
3924 -s "Protocol is TLSv1.3" \
3925 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3926 -s "received signature algorithm: 0x503" \
3927 -s "got named group: ffdhe2048(0100)" \
3928 -s "Certificate verification was skipped" \
3929 -C "received HelloRetryRequest message"
3930
3931requires_config_enabled MBEDTLS_SSL_SRV_C
3932requires_config_enabled MBEDTLS_DEBUG_C
3933requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3934requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3935requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3936requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3937requires_gnutls_tls1_3
3938requires_gnutls_next_no_ticket
3939requires_gnutls_next_disable_tls13_compat
3940run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3941 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3942 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3943 0 \
3944 -s "Protocol is TLSv1.3" \
3945 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3946 -s "received signature algorithm: 0x603" \
3947 -s "got named group: ffdhe2048(0100)" \
3948 -s "Certificate verification was skipped" \
3949 -C "received HelloRetryRequest message"
3950
3951requires_config_enabled MBEDTLS_SSL_SRV_C
3952requires_config_enabled MBEDTLS_DEBUG_C
3953requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3954requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3955requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3956requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]3957requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3958requires_gnutls_tls1_3
3959requires_gnutls_next_no_ticket
3960requires_gnutls_next_disable_tls13_compat
3961run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3962 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3963 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3964 0 \
3965 -s "Protocol is TLSv1.3" \
3966 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3967 -s "received signature algorithm: 0x804" \
3968 -s "got named group: ffdhe2048(0100)" \
3969 -s "Certificate verification was skipped" \
3970 -C "received HelloRetryRequest message"
3971
3972requires_config_enabled MBEDTLS_SSL_SRV_C
3973requires_config_enabled MBEDTLS_DEBUG_C
3974requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
3975requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3976requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]3977requires_gnutls_tls1_3
3978requires_gnutls_next_no_ticket
3979requires_gnutls_next_disable_tls13_compat
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3980run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]3981 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3982 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3983 0 \
3984 -s "Protocol is TLSv1.3" \
3985 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3986 -s "received signature algorithm: 0x403" \
3987 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]3988 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3989 -C "received HelloRetryRequest message"
3990
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3991requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3992requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]3993requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3994requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]3995requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3996requires_gnutls_tls1_3
3997requires_gnutls_next_no_ticket
3998requires_gnutls_next_disable_tls13_compat
3999run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4000 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4001 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4002 0 \
4003 -s "Protocol is TLSv1.3" \
4004 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4005 -s "received signature algorithm: 0x503" \
4006 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4007 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4008 -C "received HelloRetryRequest message"
4009
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4010requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4011requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4012requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4013requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4014requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4015requires_gnutls_tls1_3
4016requires_gnutls_next_no_ticket
4017requires_gnutls_next_disable_tls13_compat
4018run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4019 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4020 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4021 0 \
4022 -s "Protocol is TLSv1.3" \
4023 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4024 -s "received signature algorithm: 0x603" \
4025 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4026 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4027 -C "received HelloRetryRequest message"
4028
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4029requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4030requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4031requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4033requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4034requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4035requires_gnutls_tls1_3
4036requires_gnutls_next_no_ticket
4037requires_gnutls_next_disable_tls13_compat
4038run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4039 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4040 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4041 0 \
4042 -s "Protocol is TLSv1.3" \
4043 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4044 -s "received signature algorithm: 0x804" \
4045 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4046 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4047 -C "received HelloRetryRequest message"
4048
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4049requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4050requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4051requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4052requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4053requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4054requires_gnutls_tls1_3
4055requires_gnutls_next_no_ticket
4056requires_gnutls_next_disable_tls13_compat
4057run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4058 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4059 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4060 0 \
4061 -s "Protocol is TLSv1.3" \
4062 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4063 -s "received signature algorithm: 0x403" \
4064 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4065 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4066 -C "received HelloRetryRequest message"
4067
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4068requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4069requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4070requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4071requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4072requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4073requires_gnutls_tls1_3
4074requires_gnutls_next_no_ticket
4075requires_gnutls_next_disable_tls13_compat
4076run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4077 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4078 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4079 0 \
4080 -s "Protocol is TLSv1.3" \
4081 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4082 -s "received signature algorithm: 0x503" \
4083 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4084 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4085 -C "received HelloRetryRequest message"
4086
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4087requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4088requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4089requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4090requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4091requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4092requires_gnutls_tls1_3
4093requires_gnutls_next_no_ticket
4094requires_gnutls_next_disable_tls13_compat
4095run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4096 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4097 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4098 0 \
4099 -s "Protocol is TLSv1.3" \
4100 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4101 -s "received signature algorithm: 0x603" \
4102 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4103 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4104 -C "received HelloRetryRequest message"
4105
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4106requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4107requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4108requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4109requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4110requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4111requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4112requires_gnutls_tls1_3
4113requires_gnutls_next_no_ticket
4114requires_gnutls_next_disable_tls13_compat
4115run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4116 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4117 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4118 0 \
4119 -s "Protocol is TLSv1.3" \
4120 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4121 -s "received signature algorithm: 0x804" \
4122 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4123 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4124 -C "received HelloRetryRequest message"
4125
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4126requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4127requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4128requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4129requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4130requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4131requires_gnutls_tls1_3
4132requires_gnutls_next_no_ticket
4133requires_gnutls_next_disable_tls13_compat
4134run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4135 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4136 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4137 0 \
4138 -s "Protocol is TLSv1.3" \
4139 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4140 -s "received signature algorithm: 0x403" \
4141 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4142 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4143 -C "received HelloRetryRequest message"
4144
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4145requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4146requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4147requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4148requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4149requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4150requires_gnutls_tls1_3
4151requires_gnutls_next_no_ticket
4152requires_gnutls_next_disable_tls13_compat
4153run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4154 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4155 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4156 0 \
4157 -s "Protocol is TLSv1.3" \
4158 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4159 -s "received signature algorithm: 0x503" \
4160 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4161 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4162 -C "received HelloRetryRequest message"
4163
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4164requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4165requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4166requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4167requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4168requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4169requires_gnutls_tls1_3
4170requires_gnutls_next_no_ticket
4171requires_gnutls_next_disable_tls13_compat
4172run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4173 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4174 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4175 0 \
4176 -s "Protocol is TLSv1.3" \
4177 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4178 -s "received signature algorithm: 0x603" \
4179 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4180 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4181 -C "received HelloRetryRequest message"
4182
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4183requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4184requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4185requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4186requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4187requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4188requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4189requires_gnutls_tls1_3
4190requires_gnutls_next_no_ticket
4191requires_gnutls_next_disable_tls13_compat
4192run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4193 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4194 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4195 0 \
4196 -s "Protocol is TLSv1.3" \
4197 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4198 -s "received signature algorithm: 0x804" \
4199 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4200 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4201 -C "received HelloRetryRequest message"
4202
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4203requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4204requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4205requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4206requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4207requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4208requires_gnutls_tls1_3
4209requires_gnutls_next_no_ticket
4210requires_gnutls_next_disable_tls13_compat
4211run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4212 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4213 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4214 0 \
4215 -s "Protocol is TLSv1.3" \
4216 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4217 -s "received signature algorithm: 0x403" \
4218 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4219 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4220 -C "received HelloRetryRequest message"
4221
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4222requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4223requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4224requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4225requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4226requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4227requires_gnutls_tls1_3
4228requires_gnutls_next_no_ticket
4229requires_gnutls_next_disable_tls13_compat
4230run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4231 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4232 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4233 0 \
4234 -s "Protocol is TLSv1.3" \
4235 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4236 -s "received signature algorithm: 0x503" \
4237 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4238 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4239 -C "received HelloRetryRequest message"
4240
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4241requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4242requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4243requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4244requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4245requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4246requires_gnutls_tls1_3
4247requires_gnutls_next_no_ticket
4248requires_gnutls_next_disable_tls13_compat
4249run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4250 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4251 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4252 0 \
4253 -s "Protocol is TLSv1.3" \
4254 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4255 -s "received signature algorithm: 0x603" \
4256 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4257 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4258 -C "received HelloRetryRequest message"
4259
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4260requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4261requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4262requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4263requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4264requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4265requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4266requires_gnutls_tls1_3
4267requires_gnutls_next_no_ticket
4268requires_gnutls_next_disable_tls13_compat
4269run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4270 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4271 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4272 0 \
4273 -s "Protocol is TLSv1.3" \
4274 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4275 -s "received signature algorithm: 0x804" \
4276 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4277 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4278 -C "received HelloRetryRequest message"
4279
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4280requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4281requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4282requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4283requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4284requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4285requires_gnutls_tls1_3
4286requires_gnutls_next_no_ticket
4287requires_gnutls_next_disable_tls13_compat
4288run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4289 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4290 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4291 0 \
4292 -s "Protocol is TLSv1.3" \
4293 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4294 -s "received signature algorithm: 0x403" \
4295 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4296 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4297 -C "received HelloRetryRequest message"
4298
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4299requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4300requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4301requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4302requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4303requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4304requires_gnutls_tls1_3
4305requires_gnutls_next_no_ticket
4306requires_gnutls_next_disable_tls13_compat
4307run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4308 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4309 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4310 0 \
4311 -s "Protocol is TLSv1.3" \
4312 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4313 -s "received signature algorithm: 0x503" \
4314 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4315 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4316 -C "received HelloRetryRequest message"
4317
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4318requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4319requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4320requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4321requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4322requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4323requires_gnutls_tls1_3
4324requires_gnutls_next_no_ticket
4325requires_gnutls_next_disable_tls13_compat
4326run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4327 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4328 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4329 0 \
4330 -s "Protocol is TLSv1.3" \
4331 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4332 -s "received signature algorithm: 0x603" \
4333 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4334 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4335 -C "received HelloRetryRequest message"
4336
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]4337requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4338requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4339requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4340requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4341requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4342requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4343requires_gnutls_tls1_3
4344requires_gnutls_next_no_ticket
4345requires_gnutls_next_disable_tls13_compat
4346run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4347 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4348 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4349 0 \
4350 -s "Protocol is TLSv1.3" \
4351 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4352 -s "received signature algorithm: 0x804" \
4353 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]4354 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4355 -C "received HelloRetryRequest message"
4356
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4357requires_config_enabled MBEDTLS_SSL_SRV_C
4358requires_config_enabled MBEDTLS_DEBUG_C
4359requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4360requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4361requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4362requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4363requires_gnutls_tls1_3
4364requires_gnutls_next_no_ticket
4365requires_gnutls_next_disable_tls13_compat
4366run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4367 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4368 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4369 0 \
4370 -s "Protocol is TLSv1.3" \
4371 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4372 -s "received signature algorithm: 0x403" \
4373 -s "got named group: ffdhe2048(0100)" \
4374 -s "Certificate verification was skipped" \
4375 -C "received HelloRetryRequest message"
4376
4377requires_config_enabled MBEDTLS_SSL_SRV_C
4378requires_config_enabled MBEDTLS_DEBUG_C
4379requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4380requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4381requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4382requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4383requires_gnutls_tls1_3
4384requires_gnutls_next_no_ticket
4385requires_gnutls_next_disable_tls13_compat
4386run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4387 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4388 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4389 0 \
4390 -s "Protocol is TLSv1.3" \
4391 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4392 -s "received signature algorithm: 0x503" \
4393 -s "got named group: ffdhe2048(0100)" \
4394 -s "Certificate verification was skipped" \
4395 -C "received HelloRetryRequest message"
4396
4397requires_config_enabled MBEDTLS_SSL_SRV_C
4398requires_config_enabled MBEDTLS_DEBUG_C
4399requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4400requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4401requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4402requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4403requires_gnutls_tls1_3
4404requires_gnutls_next_no_ticket
4405requires_gnutls_next_disable_tls13_compat
4406run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4407 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4408 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4409 0 \
4410 -s "Protocol is TLSv1.3" \
4411 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4412 -s "received signature algorithm: 0x603" \
4413 -s "got named group: ffdhe2048(0100)" \
4414 -s "Certificate verification was skipped" \
4415 -C "received HelloRetryRequest message"
4416
4417requires_config_enabled MBEDTLS_SSL_SRV_C
4418requires_config_enabled MBEDTLS_DEBUG_C
4419requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4420requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4421requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4422requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4423requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4424requires_gnutls_tls1_3
4425requires_gnutls_next_no_ticket
4426requires_gnutls_next_disable_tls13_compat
4427run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4428 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
4429 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4430 0 \
4431 -s "Protocol is TLSv1.3" \
4432 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
4433 -s "received signature algorithm: 0x804" \
4434 -s "got named group: ffdhe2048(0100)" \
4435 -s "Certificate verification was skipped" \
4436 -C "received HelloRetryRequest message"
4437
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4438requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4439requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4440requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4441requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4442requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4443requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4444run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4445 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4446 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4447 0 \
4448 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4449 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4450 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4451 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4452 -c "NamedGroup: secp256r1 ( 17 )" \
4453 -c "Verifying peer X.509 certificate... ok" \
4454 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4455
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4456requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4457requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4458requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4459requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4460requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4461requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4462run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4463 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4464 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4465 0 \
4466 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4467 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4468 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4469 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4470 -c "NamedGroup: secp256r1 ( 17 )" \
4471 -c "Verifying peer X.509 certificate... ok" \
4472 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4473
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4474requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4475requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4476requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4477requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4478requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4479requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4480run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4481 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4482 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4483 0 \
4484 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4485 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4486 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4487 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4488 -c "NamedGroup: secp256r1 ( 17 )" \
4489 -c "Verifying peer X.509 certificate... ok" \
4490 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4491
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4492requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4493requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4494requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4495requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4496requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4497requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4498requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4499run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4500 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4501 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4502 0 \
4503 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4504 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4505 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4506 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4507 -c "NamedGroup: secp256r1 ( 17 )" \
4508 -c "Verifying peer X.509 certificate... ok" \
4509 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4510
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4511requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4512requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4513requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4514requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4515requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4516requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4517run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4518 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4519 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4520 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4521 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4522 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4523 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4524 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4525 -c "NamedGroup: secp384r1 ( 18 )" \
4526 -c "Verifying peer X.509 certificate... ok" \
4527 -C "received HelloRetryRequest message"
4528
4529requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4530requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4531requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4532requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4533requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4534requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4535run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4536 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4537 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4538 0 \
4539 -c "HTTP/1.0 200 ok" \
4540 -c "Protocol is TLSv1.3" \
4541 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4542 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4543 -c "NamedGroup: secp384r1 ( 18 )" \
4544 -c "Verifying peer X.509 certificate... ok" \
4545 -C "received HelloRetryRequest message"
4546
4547requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4548requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4549requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4550requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4551requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4552requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4553run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4554 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4555 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4556 0 \
4557 -c "HTTP/1.0 200 ok" \
4558 -c "Protocol is TLSv1.3" \
4559 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4560 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4561 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4562 -c "Verifying peer X.509 certificate... ok" \
4563 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4564
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4565requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4566requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4567requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4568requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4569requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4570requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4571requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4572run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4573 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4574 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4575 0 \
4576 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4577 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4578 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4579 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4580 -c "NamedGroup: secp384r1 ( 18 )" \
4581 -c "Verifying peer X.509 certificate... ok" \
4582 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4583
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4584requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4585requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4586requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4587requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4588requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4589requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4590run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4591 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4592 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4593 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4594 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4595 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4596 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4597 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4598 -c "NamedGroup: secp521r1 ( 19 )" \
4599 -c "Verifying peer X.509 certificate... ok" \
4600 -C "received HelloRetryRequest message"
4601
4602requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4603requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4604requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4606requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4607requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4608run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4609 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4610 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4611 0 \
4612 -c "HTTP/1.0 200 ok" \
4613 -c "Protocol is TLSv1.3" \
4614 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4615 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4616 -c "NamedGroup: secp521r1 ( 19 )" \
4617 -c "Verifying peer X.509 certificate... ok" \
4618 -C "received HelloRetryRequest message"
4619
4620requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4621requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4622requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4624requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4625requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4626run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4627 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4628 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4629 0 \
4630 -c "HTTP/1.0 200 ok" \
4631 -c "Protocol is TLSv1.3" \
4632 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4633 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4634 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4635 -c "Verifying peer X.509 certificate... ok" \
4636 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4637
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4638requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4639requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4640requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4641requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4642requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4643requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4644requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4645run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4646 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4647 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4648 0 \
4649 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4650 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4651 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4652 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4653 -c "NamedGroup: secp521r1 ( 19 )" \
4654 -c "Verifying peer X.509 certificate... ok" \
4655 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4656
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4657requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4658requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4659requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4660requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4661requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4662requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4663run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4664 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4665 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4666 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4667 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4668 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4669 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4670 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4671 -c "NamedGroup: x25519 ( 1d )" \
4672 -c "Verifying peer X.509 certificate... ok" \
4673 -C "received HelloRetryRequest message"
4674
4675requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4676requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4677requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4679requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4680requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4681run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4682 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4683 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4684 0 \
4685 -c "HTTP/1.0 200 ok" \
4686 -c "Protocol is TLSv1.3" \
4687 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4688 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4689 -c "NamedGroup: x25519 ( 1d )" \
4690 -c "Verifying peer X.509 certificate... ok" \
4691 -C "received HelloRetryRequest message"
4692
4693requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4694requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4695requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4696requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4697requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4698requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4699run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4700 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4701 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4702 0 \
4703 -c "HTTP/1.0 200 ok" \
4704 -c "Protocol is TLSv1.3" \
4705 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4706 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4707 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4708 -c "Verifying peer X.509 certificate... ok" \
4709 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4710
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4711requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4712requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4713requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4714requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4715requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4716requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4717requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4718run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4719 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4720 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4721 0 \
4722 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4723 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4724 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4725 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4726 -c "NamedGroup: x25519 ( 1d )" \
4727 -c "Verifying peer X.509 certificate... ok" \
4728 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4729
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4730requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4731requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4732requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4733requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4734requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4735requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4736run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4737 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4738 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4739 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4740 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4741 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4742 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4743 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4744 -c "NamedGroup: x448 ( 1e )" \
4745 -c "Verifying peer X.509 certificate... ok" \
4746 -C "received HelloRetryRequest message"
4747
4748requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4749requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4750requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4751requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4752requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4753requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4754run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4755 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4756 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4757 0 \
4758 -c "HTTP/1.0 200 ok" \
4759 -c "Protocol is TLSv1.3" \
4760 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4761 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4762 -c "NamedGroup: x448 ( 1e )" \
4763 -c "Verifying peer X.509 certificate... ok" \
4764 -C "received HelloRetryRequest message"
4765
4766requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4767requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4768requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4769requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4770requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4771requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4772run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4773 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4774 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4775 0 \
4776 -c "HTTP/1.0 200 ok" \
4777 -c "Protocol is TLSv1.3" \
4778 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4779 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4780 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4781 -c "Verifying peer X.509 certificate... ok" \
4782 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4783
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4784requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4785requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4786requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4787requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4788requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4789requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4790requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4791run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4792 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4793 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4794 0 \
4795 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4796 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4797 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4798 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4799 -c "NamedGroup: x448 ( 1e )" \
4800 -c "Verifying peer X.509 certificate... ok" \
4801 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4802
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]4803requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4804requires_config_enabled MBEDTLS_SSL_CLI_C
4805requires_config_enabled MBEDTLS_DEBUG_C
4806requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4807requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4808requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4809requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4810run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4811 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4812 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4813 0 \
4814 -c "HTTP/1.0 200 ok" \
4815 -c "Protocol is TLSv1.3" \
4816 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4817 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4818 -c "NamedGroup: ffdhe2048 ( 100 )" \
4819 -c "Verifying peer X.509 certificate... ok" \
4820 -C "received HelloRetryRequest message"
4821
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]4822requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4823requires_config_enabled MBEDTLS_SSL_CLI_C
4824requires_config_enabled MBEDTLS_DEBUG_C
4825requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4826requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4827requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4828requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4829run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4830 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4831 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4832 0 \
4833 -c "HTTP/1.0 200 ok" \
4834 -c "Protocol is TLSv1.3" \
4835 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4836 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4837 -c "NamedGroup: ffdhe2048 ( 100 )" \
4838 -c "Verifying peer X.509 certificate... ok" \
4839 -C "received HelloRetryRequest message"
4840
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]4841requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4842requires_config_enabled MBEDTLS_SSL_CLI_C
4843requires_config_enabled MBEDTLS_DEBUG_C
4844requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4845requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4846requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4847requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4848run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4849 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4850 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4851 0 \
4852 -c "HTTP/1.0 200 ok" \
4853 -c "Protocol is TLSv1.3" \
4854 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4855 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4856 -c "NamedGroup: ffdhe2048 ( 100 )" \
4857 -c "Verifying peer X.509 certificate... ok" \
4858 -C "received HelloRetryRequest message"
4859
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]4860requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4861requires_config_enabled MBEDTLS_SSL_CLI_C
4862requires_config_enabled MBEDTLS_DEBUG_C
4863requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
4864requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4865requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4866requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]4867requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4868run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4869 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4870 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4871 0 \
4872 -c "HTTP/1.0 200 ok" \
4873 -c "Protocol is TLSv1.3" \
4874 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4875 -c "Certificate Verify: Signature algorithm ( 0804 )" \
4876 -c "NamedGroup: ffdhe2048 ( 100 )" \
4877 -c "Verifying peer X.509 certificate... ok" \
4878 -C "received HelloRetryRequest message"
4879
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]4880requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4881requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4882requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4883requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4884requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4885requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4886run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4887 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4888 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4889 0 \
4890 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4891 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4892 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4893 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4894 -c "NamedGroup: secp256r1 ( 17 )" \
4895 -c "Verifying peer X.509 certificate... ok" \
4896 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4897
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4898requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4899requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4900requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4901requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4902requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4903requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4904run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4905 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4906 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4907 0 \
4908 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4909 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4910 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4911 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4912 -c "NamedGroup: secp256r1 ( 17 )" \
4913 -c "Verifying peer X.509 certificate... ok" \
4914 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4915
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4916requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4917requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4918requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4919requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4920requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4921requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4922run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4923 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4924 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4925 0 \
4926 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4927 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4928 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4929 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4930 -c "NamedGroup: secp256r1 ( 17 )" \
4931 -c "Verifying peer X.509 certificate... ok" \
4932 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4933
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4934requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4935requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4936requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4937requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4938requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4939requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4940requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4941run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4942 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4943 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4944 0 \
4945 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4946 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4947 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4948 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4949 -c "NamedGroup: secp256r1 ( 17 )" \
4950 -c "Verifying peer X.509 certificate... ok" \
4951 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4952
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4953requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4954requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4955requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4956requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4957requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4958requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4959run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4960 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4961 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4962 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4963 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4964 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4965 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4966 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4967 -c "NamedGroup: secp384r1 ( 18 )" \
4968 -c "Verifying peer X.509 certificate... ok" \
4969 -C "received HelloRetryRequest message"
4970
4971requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4972requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4973requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4974requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4975requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4976requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4977run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4978 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4979 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4980 0 \
4981 -c "HTTP/1.0 200 ok" \
4982 -c "Protocol is TLSv1.3" \
4983 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4984 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4985 -c "NamedGroup: secp384r1 ( 18 )" \
4986 -c "Verifying peer X.509 certificate... ok" \
4987 -C "received HelloRetryRequest message"
4988
4989requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4990requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4991requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]4992requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4993requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]4994requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4995run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]4996 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4997 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4998 0 \
4999 -c "HTTP/1.0 200 ok" \
5000 -c "Protocol is TLSv1.3" \
5001 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5002 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5003 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5004 -c "Verifying peer X.509 certificate... ok" \
5005 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5006
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5007requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5008requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5009requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5010requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5011requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5012requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5013requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5014run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5015 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5016 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5017 0 \
5018 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5019 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5020 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5021 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5022 -c "NamedGroup: secp384r1 ( 18 )" \
5023 -c "Verifying peer X.509 certificate... ok" \
5024 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5025
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5026requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5027requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5028requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5029requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5030requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5031requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5032run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5033 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5034 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5035 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5036 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5037 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5038 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5039 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5040 -c "NamedGroup: secp521r1 ( 19 )" \
5041 -c "Verifying peer X.509 certificate... ok" \
5042 -C "received HelloRetryRequest message"
5043
5044requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5045requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5046requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5047requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5048requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5049requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5050run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5051 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5052 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5053 0 \
5054 -c "HTTP/1.0 200 ok" \
5055 -c "Protocol is TLSv1.3" \
5056 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5057 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5058 -c "NamedGroup: secp521r1 ( 19 )" \
5059 -c "Verifying peer X.509 certificate... ok" \
5060 -C "received HelloRetryRequest message"
5061
5062requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5063requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5064requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5065requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5066requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5067requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5068run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5069 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5070 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5071 0 \
5072 -c "HTTP/1.0 200 ok" \
5073 -c "Protocol is TLSv1.3" \
5074 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5075 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5076 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5077 -c "Verifying peer X.509 certificate... ok" \
5078 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5079
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5080requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5081requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5082requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5083requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5084requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5085requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5086requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5087run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5088 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5089 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5090 0 \
5091 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5092 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5093 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5094 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5095 -c "NamedGroup: secp521r1 ( 19 )" \
5096 -c "Verifying peer X.509 certificate... ok" \
5097 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5098
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5099requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5100requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5101requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5102requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5103requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5104requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5105run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5106 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5107 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5108 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5109 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5110 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5111 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5112 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5113 -c "NamedGroup: x25519 ( 1d )" \
5114 -c "Verifying peer X.509 certificate... ok" \
5115 -C "received HelloRetryRequest message"
5116
5117requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5118requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5119requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5120requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5122requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5123run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5124 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5125 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5126 0 \
5127 -c "HTTP/1.0 200 ok" \
5128 -c "Protocol is TLSv1.3" \
5129 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5130 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5131 -c "NamedGroup: x25519 ( 1d )" \
5132 -c "Verifying peer X.509 certificate... ok" \
5133 -C "received HelloRetryRequest message"
5134
5135requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5136requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5137requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5138requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5139requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5140requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5141run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5142 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5143 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5144 0 \
5145 -c "HTTP/1.0 200 ok" \
5146 -c "Protocol is TLSv1.3" \
5147 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5148 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5149 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5150 -c "Verifying peer X.509 certificate... ok" \
5151 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5152
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5153requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5154requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5155requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5156requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5157requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5158requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5159requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5160run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5161 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5162 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5163 0 \
5164 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5165 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5166 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5167 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5168 -c "NamedGroup: x25519 ( 1d )" \
5169 -c "Verifying peer X.509 certificate... ok" \
5170 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5171
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5172requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5173requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5174requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5175requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5176requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5177requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5178run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5179 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5180 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5181 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5182 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5183 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5184 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5185 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5186 -c "NamedGroup: x448 ( 1e )" \
5187 -c "Verifying peer X.509 certificate... ok" \
5188 -C "received HelloRetryRequest message"
5189
5190requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5191requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5192requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5193requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5194requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5195requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5196run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5197 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5198 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5199 0 \
5200 -c "HTTP/1.0 200 ok" \
5201 -c "Protocol is TLSv1.3" \
5202 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5203 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5204 -c "NamedGroup: x448 ( 1e )" \
5205 -c "Verifying peer X.509 certificate... ok" \
5206 -C "received HelloRetryRequest message"
5207
5208requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5209requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5210requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5211requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5212requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5213requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5214run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5215 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5216 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5217 0 \
5218 -c "HTTP/1.0 200 ok" \
5219 -c "Protocol is TLSv1.3" \
5220 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5221 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5222 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5223 -c "Verifying peer X.509 certificate... ok" \
5224 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5225
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5226requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5227requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5228requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5229requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5230requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5231requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5232requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5233run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5234 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5235 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5236 0 \
5237 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5238 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5239 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5240 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5241 -c "NamedGroup: x448 ( 1e )" \
5242 -c "Verifying peer X.509 certificate... ok" \
5243 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5244
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5245requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5246requires_config_enabled MBEDTLS_SSL_CLI_C
5247requires_config_enabled MBEDTLS_DEBUG_C
5248requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5249requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5250requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5251requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5252run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5253 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5254 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5255 0 \
5256 -c "HTTP/1.0 200 ok" \
5257 -c "Protocol is TLSv1.3" \
5258 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5259 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5260 -c "NamedGroup: ffdhe2048 ( 100 )" \
5261 -c "Verifying peer X.509 certificate... ok" \
5262 -C "received HelloRetryRequest message"
5263
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5264requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5265requires_config_enabled MBEDTLS_SSL_CLI_C
5266requires_config_enabled MBEDTLS_DEBUG_C
5267requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5268requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5269requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5270requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5271run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5272 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5273 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5274 0 \
5275 -c "HTTP/1.0 200 ok" \
5276 -c "Protocol is TLSv1.3" \
5277 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5278 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5279 -c "NamedGroup: ffdhe2048 ( 100 )" \
5280 -c "Verifying peer X.509 certificate... ok" \
5281 -C "received HelloRetryRequest message"
5282
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5283requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5284requires_config_enabled MBEDTLS_SSL_CLI_C
5285requires_config_enabled MBEDTLS_DEBUG_C
5286requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5287requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5288requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5289requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5290run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5291 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5292 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5293 0 \
5294 -c "HTTP/1.0 200 ok" \
5295 -c "Protocol is TLSv1.3" \
5296 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5297 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5298 -c "NamedGroup: ffdhe2048 ( 100 )" \
5299 -c "Verifying peer X.509 certificate... ok" \
5300 -C "received HelloRetryRequest message"
5301
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5302requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5303requires_config_enabled MBEDTLS_SSL_CLI_C
5304requires_config_enabled MBEDTLS_DEBUG_C
5305requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5306requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5307requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5308requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5309requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5310run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5311 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5312 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5313 0 \
5314 -c "HTTP/1.0 200 ok" \
5315 -c "Protocol is TLSv1.3" \
5316 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5317 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5318 -c "NamedGroup: ffdhe2048 ( 100 )" \
5319 -c "Verifying peer X.509 certificate... ok" \
5320 -C "received HelloRetryRequest message"
5321
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5322requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5323requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5324requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5325requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5326requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5327requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5328run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5329 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5330 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5331 0 \
5332 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5333 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5334 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5335 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5336 -c "NamedGroup: secp256r1 ( 17 )" \
5337 -c "Verifying peer X.509 certificate... ok" \
5338 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5339
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5340requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5341requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5342requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5343requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5344requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5345requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5346run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5347 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5348 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5349 0 \
5350 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5351 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5352 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5353 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5354 -c "NamedGroup: secp256r1 ( 17 )" \
5355 -c "Verifying peer X.509 certificate... ok" \
5356 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5357
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5358requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5359requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5360requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5361requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5362requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5363requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5364run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5365 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5366 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5367 0 \
5368 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5369 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5370 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5371 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5372 -c "NamedGroup: secp256r1 ( 17 )" \
5373 -c "Verifying peer X.509 certificate... ok" \
5374 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5375
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5376requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5377requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5378requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5379requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5380requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5381requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5382requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5383run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5384 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5385 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5386 0 \
5387 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5388 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5389 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5390 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5391 -c "NamedGroup: secp256r1 ( 17 )" \
5392 -c "Verifying peer X.509 certificate... ok" \
5393 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5394
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5395requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5396requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5397requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5398requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5399requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5400requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5401run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5402 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5403 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5404 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5405 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5406 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5407 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5408 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5409 -c "NamedGroup: secp384r1 ( 18 )" \
5410 -c "Verifying peer X.509 certificate... ok" \
5411 -C "received HelloRetryRequest message"
5412
5413requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5414requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5415requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5416requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5417requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5418requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5419run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5420 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5421 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5422 0 \
5423 -c "HTTP/1.0 200 ok" \
5424 -c "Protocol is TLSv1.3" \
5425 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5426 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5427 -c "NamedGroup: secp384r1 ( 18 )" \
5428 -c "Verifying peer X.509 certificate... ok" \
5429 -C "received HelloRetryRequest message"
5430
5431requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5432requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5433requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5434requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5435requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5436requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5437run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5438 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5439 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5440 0 \
5441 -c "HTTP/1.0 200 ok" \
5442 -c "Protocol is TLSv1.3" \
5443 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5444 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5445 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5446 -c "Verifying peer X.509 certificate... ok" \
5447 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5448
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5449requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5450requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5451requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5452requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5453requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5454requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5455requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5456run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5457 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5458 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5459 0 \
5460 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5461 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5462 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5463 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5464 -c "NamedGroup: secp384r1 ( 18 )" \
5465 -c "Verifying peer X.509 certificate... ok" \
5466 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5467
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5468requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5469requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5470requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5471requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5472requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5473requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5474run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5475 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5476 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5477 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5478 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5479 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5480 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5481 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5482 -c "NamedGroup: secp521r1 ( 19 )" \
5483 -c "Verifying peer X.509 certificate... ok" \
5484 -C "received HelloRetryRequest message"
5485
5486requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5487requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5488requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5489requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5490requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5491requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5492run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5493 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5494 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5495 0 \
5496 -c "HTTP/1.0 200 ok" \
5497 -c "Protocol is TLSv1.3" \
5498 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5499 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5500 -c "NamedGroup: secp521r1 ( 19 )" \
5501 -c "Verifying peer X.509 certificate... ok" \
5502 -C "received HelloRetryRequest message"
5503
5504requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5505requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5506requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5507requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5508requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5509requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5510run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5511 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5512 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5513 0 \
5514 -c "HTTP/1.0 200 ok" \
5515 -c "Protocol is TLSv1.3" \
5516 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5517 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5518 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5519 -c "Verifying peer X.509 certificate... ok" \
5520 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5521
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5522requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5523requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5524requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5525requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5526requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5527requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5528requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5529run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5530 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5531 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5532 0 \
5533 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5534 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5535 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5536 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5537 -c "NamedGroup: secp521r1 ( 19 )" \
5538 -c "Verifying peer X.509 certificate... ok" \
5539 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5540
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5541requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5542requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5543requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5544requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5545requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5546requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5547run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5548 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5549 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5550 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5551 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5552 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5553 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5554 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5555 -c "NamedGroup: x25519 ( 1d )" \
5556 -c "Verifying peer X.509 certificate... ok" \
5557 -C "received HelloRetryRequest message"
5558
5559requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5560requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5561requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5564requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5565run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5566 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5567 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5568 0 \
5569 -c "HTTP/1.0 200 ok" \
5570 -c "Protocol is TLSv1.3" \
5571 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5572 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5573 -c "NamedGroup: x25519 ( 1d )" \
5574 -c "Verifying peer X.509 certificate... ok" \
5575 -C "received HelloRetryRequest message"
5576
5577requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5578requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5579requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5580requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5581requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5582requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5583run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5584 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5585 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5586 0 \
5587 -c "HTTP/1.0 200 ok" \
5588 -c "Protocol is TLSv1.3" \
5589 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5590 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5591 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5592 -c "Verifying peer X.509 certificate... ok" \
5593 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5594
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5595requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5596requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5597requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5598requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5599requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5600requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5601requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5602run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5603 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5604 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5605 0 \
5606 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5607 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5608 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5609 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5610 -c "NamedGroup: x25519 ( 1d )" \
5611 -c "Verifying peer X.509 certificate... ok" \
5612 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5613
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5614requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5615requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5616requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5617requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5618requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5619requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5620run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5621 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5622 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5623 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5624 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5625 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5626 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5627 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5628 -c "NamedGroup: x448 ( 1e )" \
5629 -c "Verifying peer X.509 certificate... ok" \
5630 -C "received HelloRetryRequest message"
5631
5632requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5633requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5634requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5635requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5636requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5637requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5638run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5639 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5640 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5641 0 \
5642 -c "HTTP/1.0 200 ok" \
5643 -c "Protocol is TLSv1.3" \
5644 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5645 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5646 -c "NamedGroup: x448 ( 1e )" \
5647 -c "Verifying peer X.509 certificate... ok" \
5648 -C "received HelloRetryRequest message"
5649
5650requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5651requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5652requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5653requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5654requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5655requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5656run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5657 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5658 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5659 0 \
5660 -c "HTTP/1.0 200 ok" \
5661 -c "Protocol is TLSv1.3" \
5662 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5663 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5664 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5665 -c "Verifying peer X.509 certificate... ok" \
5666 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5667
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5668requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5669requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5670requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5671requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5672requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5673requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5674requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5675run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5676 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5677 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5678 0 \
5679 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5680 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5681 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5682 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5683 -c "NamedGroup: x448 ( 1e )" \
5684 -c "Verifying peer X.509 certificate... ok" \
5685 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5686
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5687requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5688requires_config_enabled MBEDTLS_SSL_CLI_C
5689requires_config_enabled MBEDTLS_DEBUG_C
5690requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5691requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5692requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5693requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5694run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5695 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5696 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5697 0 \
5698 -c "HTTP/1.0 200 ok" \
5699 -c "Protocol is TLSv1.3" \
5700 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5701 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5702 -c "NamedGroup: ffdhe2048 ( 100 )" \
5703 -c "Verifying peer X.509 certificate... ok" \
5704 -C "received HelloRetryRequest message"
5705
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5706requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5707requires_config_enabled MBEDTLS_SSL_CLI_C
5708requires_config_enabled MBEDTLS_DEBUG_C
5709requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5710requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5711requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5712requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5713run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5714 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5715 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5716 0 \
5717 -c "HTTP/1.0 200 ok" \
5718 -c "Protocol is TLSv1.3" \
5719 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5720 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5721 -c "NamedGroup: ffdhe2048 ( 100 )" \
5722 -c "Verifying peer X.509 certificate... ok" \
5723 -C "received HelloRetryRequest message"
5724
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5725requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5726requires_config_enabled MBEDTLS_SSL_CLI_C
5727requires_config_enabled MBEDTLS_DEBUG_C
5728requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5729requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5730requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5731requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5732run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5733 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5734 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5735 0 \
5736 -c "HTTP/1.0 200 ok" \
5737 -c "Protocol is TLSv1.3" \
5738 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5739 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5740 -c "NamedGroup: ffdhe2048 ( 100 )" \
5741 -c "Verifying peer X.509 certificate... ok" \
5742 -C "received HelloRetryRequest message"
5743
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]5744requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5745requires_config_enabled MBEDTLS_SSL_CLI_C
5746requires_config_enabled MBEDTLS_DEBUG_C
5747requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5748requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5749requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5750requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]5751requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5752run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5753 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5754 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5755 0 \
5756 -c "HTTP/1.0 200 ok" \
5757 -c "Protocol is TLSv1.3" \
5758 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
5759 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5760 -c "NamedGroup: ffdhe2048 ( 100 )" \
5761 -c "Verifying peer X.509 certificate... ok" \
5762 -C "received HelloRetryRequest message"
5763
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]5764requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5765requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5766requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5767requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5768requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5769requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5770run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5771 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5772 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5773 0 \
5774 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5775 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5776 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5777 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5778 -c "NamedGroup: secp256r1 ( 17 )" \
5779 -c "Verifying peer X.509 certificate... ok" \
5780 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5781
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5782requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5783requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5784requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5785requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5786requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5787requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5788run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5789 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5790 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5791 0 \
5792 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5793 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5794 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5795 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5796 -c "NamedGroup: secp256r1 ( 17 )" \
5797 -c "Verifying peer X.509 certificate... ok" \
5798 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5799
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5800requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5801requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5802requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5803requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5804requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5805requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5806run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5807 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5808 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5809 0 \
5810 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5811 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5812 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5813 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5814 -c "NamedGroup: secp256r1 ( 17 )" \
5815 -c "Verifying peer X.509 certificate... ok" \
5816 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5817
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5818requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5819requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5820requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5821requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5822requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5823requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5824requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5825run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5826 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5827 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5828 0 \
5829 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5830 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5831 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5832 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5833 -c "NamedGroup: secp256r1 ( 17 )" \
5834 -c "Verifying peer X.509 certificate... ok" \
5835 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5836
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5837requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5838requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5839requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5840requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5841requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5842requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5843run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5844 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5845 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5846 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5847 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5848 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5849 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5850 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5851 -c "NamedGroup: secp384r1 ( 18 )" \
5852 -c "Verifying peer X.509 certificate... ok" \
5853 -C "received HelloRetryRequest message"
5854
5855requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5856requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5857requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5858requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5860requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5861run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5862 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5863 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5864 0 \
5865 -c "HTTP/1.0 200 ok" \
5866 -c "Protocol is TLSv1.3" \
5867 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5868 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5869 -c "NamedGroup: secp384r1 ( 18 )" \
5870 -c "Verifying peer X.509 certificate... ok" \
5871 -C "received HelloRetryRequest message"
5872
5873requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5874requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5875requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5876requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5877requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5878requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5879run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5880 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5881 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5882 0 \
5883 -c "HTTP/1.0 200 ok" \
5884 -c "Protocol is TLSv1.3" \
5885 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5886 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5887 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5888 -c "Verifying peer X.509 certificate... ok" \
5889 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5890
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5891requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5892requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5893requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5894requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5895requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5896requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5897requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5898run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5899 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5900 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5901 0 \
5902 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5903 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5904 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5905 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5906 -c "NamedGroup: secp384r1 ( 18 )" \
5907 -c "Verifying peer X.509 certificate... ok" \
5908 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5909
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5910requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5911requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5912requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5914requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5915requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5916run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5917 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5918 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5919 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5920 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5921 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5922 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5923 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5924 -c "NamedGroup: secp521r1 ( 19 )" \
5925 -c "Verifying peer X.509 certificate... ok" \
5926 -C "received HelloRetryRequest message"
5927
5928requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5929requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5930requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5931requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5932requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5933requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5934run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5935 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5936 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5937 0 \
5938 -c "HTTP/1.0 200 ok" \
5939 -c "Protocol is TLSv1.3" \
5940 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5941 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5942 -c "NamedGroup: secp521r1 ( 19 )" \
5943 -c "Verifying peer X.509 certificate... ok" \
5944 -C "received HelloRetryRequest message"
5945
5946requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5947requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5948requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5949requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5950requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5951requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5952run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5953 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5954 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5955 0 \
5956 -c "HTTP/1.0 200 ok" \
5957 -c "Protocol is TLSv1.3" \
5958 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5959 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5960 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5961 -c "Verifying peer X.509 certificate... ok" \
5962 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5963
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5964requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5965requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5966requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5967requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5968requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5969requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5970requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5971run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5972 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5973 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5974 0 \
5975 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5976 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5977 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5978 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5979 -c "NamedGroup: secp521r1 ( 19 )" \
5980 -c "Verifying peer X.509 certificate... ok" \
5981 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5982
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5983requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5984requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5985requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]5986requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]5988requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5989run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]5990 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5991 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5992 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5993 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5994 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5995 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5996 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5997 -c "NamedGroup: x25519 ( 1d )" \
5998 -c "Verifying peer X.509 certificate... ok" \
5999 -C "received HelloRetryRequest message"
6000
6001requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6002requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6003requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6004requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6005requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6006requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6007run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6008 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6009 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6010 0 \
6011 -c "HTTP/1.0 200 ok" \
6012 -c "Protocol is TLSv1.3" \
6013 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6014 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6015 -c "NamedGroup: x25519 ( 1d )" \
6016 -c "Verifying peer X.509 certificate... ok" \
6017 -C "received HelloRetryRequest message"
6018
6019requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6020requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6021requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6023requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6024requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6025run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6026 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6027 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6028 0 \
6029 -c "HTTP/1.0 200 ok" \
6030 -c "Protocol is TLSv1.3" \
6031 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6032 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6033 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6034 -c "Verifying peer X.509 certificate... ok" \
6035 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6036
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6037requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6038requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6039requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6040requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6041requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6042requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6043requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6044run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6045 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6046 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6047 0 \
6048 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6049 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6050 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6051 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6052 -c "NamedGroup: x25519 ( 1d )" \
6053 -c "Verifying peer X.509 certificate... ok" \
6054 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6055
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6056requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6057requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6058requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6059requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6060requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6061requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6062run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6063 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6064 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6065 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6066 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6067 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6068 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6069 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6070 -c "NamedGroup: x448 ( 1e )" \
6071 -c "Verifying peer X.509 certificate... ok" \
6072 -C "received HelloRetryRequest message"
6073
6074requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6075requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6076requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6077requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6078requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6079requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6080run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6081 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6082 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6083 0 \
6084 -c "HTTP/1.0 200 ok" \
6085 -c "Protocol is TLSv1.3" \
6086 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6087 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6088 -c "NamedGroup: x448 ( 1e )" \
6089 -c "Verifying peer X.509 certificate... ok" \
6090 -C "received HelloRetryRequest message"
6091
6092requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6093requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6094requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6095requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6096requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6097requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6098run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6099 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6100 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6101 0 \
6102 -c "HTTP/1.0 200 ok" \
6103 -c "Protocol is TLSv1.3" \
6104 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6105 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6106 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6107 -c "Verifying peer X.509 certificate... ok" \
6108 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6109
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6110requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6111requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6112requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6113requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6114requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6115requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6116requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6117run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6118 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6119 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6120 0 \
6121 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6122 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6123 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6124 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6125 -c "NamedGroup: x448 ( 1e )" \
6126 -c "Verifying peer X.509 certificate... ok" \
6127 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6128
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6129requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6130requires_config_enabled MBEDTLS_SSL_CLI_C
6131requires_config_enabled MBEDTLS_DEBUG_C
6132requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6133requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6134requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6135requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6136run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6137 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6138 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6139 0 \
6140 -c "HTTP/1.0 200 ok" \
6141 -c "Protocol is TLSv1.3" \
6142 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6143 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6144 -c "NamedGroup: ffdhe2048 ( 100 )" \
6145 -c "Verifying peer X.509 certificate... ok" \
6146 -C "received HelloRetryRequest message"
6147
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6148requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6149requires_config_enabled MBEDTLS_SSL_CLI_C
6150requires_config_enabled MBEDTLS_DEBUG_C
6151requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6153requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6154requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6155run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6156 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6157 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6158 0 \
6159 -c "HTTP/1.0 200 ok" \
6160 -c "Protocol is TLSv1.3" \
6161 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6162 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6163 -c "NamedGroup: ffdhe2048 ( 100 )" \
6164 -c "Verifying peer X.509 certificate... ok" \
6165 -C "received HelloRetryRequest message"
6166
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6167requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6168requires_config_enabled MBEDTLS_SSL_CLI_C
6169requires_config_enabled MBEDTLS_DEBUG_C
6170requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6171requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6172requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6173requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6174run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6175 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6176 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6177 0 \
6178 -c "HTTP/1.0 200 ok" \
6179 -c "Protocol is TLSv1.3" \
6180 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6181 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6182 -c "NamedGroup: ffdhe2048 ( 100 )" \
6183 -c "Verifying peer X.509 certificate... ok" \
6184 -C "received HelloRetryRequest message"
6185
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6186requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6187requires_config_enabled MBEDTLS_SSL_CLI_C
6188requires_config_enabled MBEDTLS_DEBUG_C
6189requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6190requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6191requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6192requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6193requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6194run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6195 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6196 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6197 0 \
6198 -c "HTTP/1.0 200 ok" \
6199 -c "Protocol is TLSv1.3" \
6200 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6201 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6202 -c "NamedGroup: ffdhe2048 ( 100 )" \
6203 -c "Verifying peer X.509 certificate... ok" \
6204 -C "received HelloRetryRequest message"
6205
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6206requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6207requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6208requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6209requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6210requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6211requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6212run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6213 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6214 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6215 0 \
6216 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6217 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6218 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6219 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6220 -c "NamedGroup: secp256r1 ( 17 )" \
6221 -c "Verifying peer X.509 certificate... ok" \
6222 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6223
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6224requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6225requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6226requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6227requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6228requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6229requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6230run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6231 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6232 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6233 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6234 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6235 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6236 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6237 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6238 -c "NamedGroup: secp256r1 ( 17 )" \
6239 -c "Verifying peer X.509 certificate... ok" \
6240 -C "received HelloRetryRequest message"
6241
6242requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6243requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6244requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6245requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6246requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6247requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6248run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6249 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6250 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6251 0 \
6252 -c "HTTP/1.0 200 ok" \
6253 -c "Protocol is TLSv1.3" \
6254 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6255 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6256 -c "NamedGroup: secp256r1 ( 17 )" \
6257 -c "Verifying peer X.509 certificate... ok" \
6258 -C "received HelloRetryRequest message"
6259
6260requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6261requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6262requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6263requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6264requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6265requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6266requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6267run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6268 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6269 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6270 0 \
6271 -c "HTTP/1.0 200 ok" \
6272 -c "Protocol is TLSv1.3" \
6273 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6274 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6275 -c "NamedGroup: secp256r1 ( 17 )" \
6276 -c "Verifying peer X.509 certificate... ok" \
6277 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6278
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6279requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6280requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6281requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6282requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6283requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6284requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6285run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6286 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6287 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6288 0 \
6289 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6290 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6291 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6292 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6293 -c "NamedGroup: secp384r1 ( 18 )" \
6294 -c "Verifying peer X.509 certificate... ok" \
6295 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6296
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6297requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6298requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6299requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6300requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6301requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6302requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6303run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6304 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6305 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6306 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6307 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6308 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6309 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6310 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6311 -c "NamedGroup: secp384r1 ( 18 )" \
6312 -c "Verifying peer X.509 certificate... ok" \
6313 -C "received HelloRetryRequest message"
6314
6315requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6316requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6317requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6318requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6319requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6320requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6321run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6322 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6323 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6324 0 \
6325 -c "HTTP/1.0 200 ok" \
6326 -c "Protocol is TLSv1.3" \
6327 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6328 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6329 -c "NamedGroup: secp384r1 ( 18 )" \
6330 -c "Verifying peer X.509 certificate... ok" \
6331 -C "received HelloRetryRequest message"
6332
6333requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6334requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6335requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6336requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6337requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6338requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6339requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6340run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6341 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6342 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6343 0 \
6344 -c "HTTP/1.0 200 ok" \
6345 -c "Protocol is TLSv1.3" \
6346 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6347 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6348 -c "NamedGroup: secp384r1 ( 18 )" \
6349 -c "Verifying peer X.509 certificate... ok" \
6350 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6351
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6352requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6353requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6354requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6355requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6356requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6357requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6358run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6359 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6360 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6361 0 \
6362 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6363 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6364 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6365 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6366 -c "NamedGroup: secp521r1 ( 19 )" \
6367 -c "Verifying peer X.509 certificate... ok" \
6368 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6369
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6370requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6371requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6372requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6373requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6374requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6375requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6376run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6377 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6378 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6379 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6380 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6381 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6382 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6383 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6384 -c "NamedGroup: secp521r1 ( 19 )" \
6385 -c "Verifying peer X.509 certificate... ok" \
6386 -C "received HelloRetryRequest message"
6387
6388requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6389requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6390requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6391requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6392requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6393requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6394run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6395 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6396 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6397 0 \
6398 -c "HTTP/1.0 200 ok" \
6399 -c "Protocol is TLSv1.3" \
6400 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6401 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6402 -c "NamedGroup: secp521r1 ( 19 )" \
6403 -c "Verifying peer X.509 certificate... ok" \
6404 -C "received HelloRetryRequest message"
6405
6406requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6407requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6408requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6409requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6410requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6411requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6412requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6413run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6414 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6415 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6416 0 \
6417 -c "HTTP/1.0 200 ok" \
6418 -c "Protocol is TLSv1.3" \
6419 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6420 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6421 -c "NamedGroup: secp521r1 ( 19 )" \
6422 -c "Verifying peer X.509 certificate... ok" \
6423 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6424
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6425requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6426requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6427requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6428requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6429requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6430requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6431run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6432 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6433 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6434 0 \
6435 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6436 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6437 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6438 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6439 -c "NamedGroup: x25519 ( 1d )" \
6440 -c "Verifying peer X.509 certificate... ok" \
6441 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6442
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6443requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6444requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6445requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6447requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6448requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6449run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6450 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6451 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6452 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6453 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6454 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6455 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6456 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6457 -c "NamedGroup: x25519 ( 1d )" \
6458 -c "Verifying peer X.509 certificate... ok" \
6459 -C "received HelloRetryRequest message"
6460
6461requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6462requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6463requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6465requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6466requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6467run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6468 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6469 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6470 0 \
6471 -c "HTTP/1.0 200 ok" \
6472 -c "Protocol is TLSv1.3" \
6473 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6474 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6475 -c "NamedGroup: x25519 ( 1d )" \
6476 -c "Verifying peer X.509 certificate... ok" \
6477 -C "received HelloRetryRequest message"
6478
6479requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6480requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6481requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6482requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6483requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6484requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6485requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6486run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6487 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6488 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6489 0 \
6490 -c "HTTP/1.0 200 ok" \
6491 -c "Protocol is TLSv1.3" \
6492 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6493 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6494 -c "NamedGroup: x25519 ( 1d )" \
6495 -c "Verifying peer X.509 certificate... ok" \
6496 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6497
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6498requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6499requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6500requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6501requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6502requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6503requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6504run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6505 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6506 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6507 0 \
6508 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6509 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6510 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6511 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6512 -c "NamedGroup: x448 ( 1e )" \
6513 -c "Verifying peer X.509 certificate... ok" \
6514 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6515
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6516requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6517requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6518requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6519requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6520requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6521requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6522run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6523 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6524 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6525 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6526 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6527 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6528 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6529 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6530 -c "NamedGroup: x448 ( 1e )" \
6531 -c "Verifying peer X.509 certificate... ok" \
6532 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6533
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6534requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6535requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6536requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6537requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6538requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6539requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6540run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6541 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6542 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6543 0 \
6544 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6545 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6546 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6547 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6548 -c "NamedGroup: x448 ( 1e )" \
6549 -c "Verifying peer X.509 certificate... ok" \
6550 -C "received HelloRetryRequest message"
6551
6552requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6553requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6554requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6555requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6556requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6557requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6558requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6559run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6560 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6561 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6562 0 \
6563 -c "HTTP/1.0 200 ok" \
6564 -c "Protocol is TLSv1.3" \
6565 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6566 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6567 -c "NamedGroup: x448 ( 1e )" \
6568 -c "Verifying peer X.509 certificate... ok" \
6569 -C "received HelloRetryRequest message"
6570
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6571requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6572requires_config_enabled MBEDTLS_SSL_CLI_C
6573requires_config_enabled MBEDTLS_DEBUG_C
6574requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6575requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6576requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6577requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6578run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6579 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6580 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6581 0 \
6582 -c "HTTP/1.0 200 ok" \
6583 -c "Protocol is TLSv1.3" \
6584 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6585 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6586 -c "NamedGroup: ffdhe2048 ( 100 )" \
6587 -c "Verifying peer X.509 certificate... ok" \
6588 -C "received HelloRetryRequest message"
6589
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6590requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6591requires_config_enabled MBEDTLS_SSL_CLI_C
6592requires_config_enabled MBEDTLS_DEBUG_C
6593requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6594requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6595requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6596requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6597run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6598 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp384r1.crt -key $DATA_FILES_PATH/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6599 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6600 0 \
6601 -c "HTTP/1.0 200 ok" \
6602 -c "Protocol is TLSv1.3" \
6603 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6604 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6605 -c "NamedGroup: ffdhe2048 ( 100 )" \
6606 -c "Verifying peer X.509 certificate... ok" \
6607 -C "received HelloRetryRequest message"
6608
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6609requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6610requires_config_enabled MBEDTLS_SSL_CLI_C
6611requires_config_enabled MBEDTLS_DEBUG_C
6612requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6613requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6614requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6615requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6616run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6617 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp521r1.crt -key $DATA_FILES_PATH/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6618 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6619 0 \
6620 -c "HTTP/1.0 200 ok" \
6621 -c "Protocol is TLSv1.3" \
6622 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6623 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6624 -c "NamedGroup: ffdhe2048 ( 100 )" \
6625 -c "Verifying peer X.509 certificate... ok" \
6626 -C "received HelloRetryRequest message"
6627
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]6628requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6629requires_config_enabled MBEDTLS_SSL_CLI_C
6630requires_config_enabled MBEDTLS_DEBUG_C
6631requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6632requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6633requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6634requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]6635requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6636run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6637 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
6638 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]6639 0 \
6640 -c "HTTP/1.0 200 ok" \
6641 -c "Protocol is TLSv1.3" \
6642 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6643 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6644 -c "NamedGroup: ffdhe2048 ( 100 )" \
6645 -c "Verifying peer X.509 certificate... ok" \
6646 -C "received HelloRetryRequest message"
6647
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6648requires_gnutls_tls1_3
6649requires_gnutls_next_no_ticket
6650requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6651requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6652requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6653requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6654requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6655requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6656run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6657 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
6658 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6659 0 \
6660 -c "HTTP/1.0 200 OK" \
6661 -c "Protocol is TLSv1.3" \
6662 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6663 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6664 -c "NamedGroup: secp256r1 ( 17 )" \
6665 -c "Verifying peer X.509 certificate... ok" \
6666 -C "received HelloRetryRequest message"
6667
6668requires_gnutls_tls1_3
6669requires_gnutls_next_no_ticket
6670requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6671requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6672requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6673requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6674requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6675requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6676run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6677 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
6678 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6679 0 \
6680 -c "HTTP/1.0 200 OK" \
6681 -c "Protocol is TLSv1.3" \
6682 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6683 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6684 -c "NamedGroup: secp256r1 ( 17 )" \
6685 -c "Verifying peer X.509 certificate... ok" \
6686 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6687
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6688requires_gnutls_tls1_3
6689requires_gnutls_next_no_ticket
6690requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6691requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6692requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6693requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6694requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6695requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6696run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6697 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
6698 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6699 0 \
6700 -c "HTTP/1.0 200 OK" \
6701 -c "Protocol is TLSv1.3" \
6702 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6703 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6704 -c "NamedGroup: secp256r1 ( 17 )" \
6705 -c "Verifying peer X.509 certificate... ok" \
6706 -C "received HelloRetryRequest message"
6707
6708requires_gnutls_tls1_3
6709requires_gnutls_next_no_ticket
6710requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6711requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6712requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6713requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6714requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6715requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6716requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6717run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6718 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
6719 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6720 0 \
6721 -c "HTTP/1.0 200 OK" \
6722 -c "Protocol is TLSv1.3" \
6723 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6724 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6725 -c "NamedGroup: secp256r1 ( 17 )" \
6726 -c "Verifying peer X.509 certificate... ok" \
6727 -C "received HelloRetryRequest message"
6728
6729requires_gnutls_tls1_3
6730requires_gnutls_next_no_ticket
6731requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6732requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6733requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6734requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6735requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6736requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6737run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6738 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
6739 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6740 0 \
6741 -c "HTTP/1.0 200 OK" \
6742 -c "Protocol is TLSv1.3" \
6743 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6744 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6745 -c "NamedGroup: secp384r1 ( 18 )" \
6746 -c "Verifying peer X.509 certificate... ok" \
6747 -C "received HelloRetryRequest message"
6748
6749requires_gnutls_tls1_3
6750requires_gnutls_next_no_ticket
6751requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6752requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6753requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6754requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6756requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6757run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6758 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
6759 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6760 0 \
6761 -c "HTTP/1.0 200 OK" \
6762 -c "Protocol is TLSv1.3" \
6763 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6764 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6765 -c "NamedGroup: secp384r1 ( 18 )" \
6766 -c "Verifying peer X.509 certificate... ok" \
6767 -C "received HelloRetryRequest message"
6768
6769requires_gnutls_tls1_3
6770requires_gnutls_next_no_ticket
6771requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6772requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6773requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6774requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6775requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6776requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6777run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6778 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
6779 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6780 0 \
6781 -c "HTTP/1.0 200 OK" \
6782 -c "Protocol is TLSv1.3" \
6783 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6784 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6785 -c "NamedGroup: secp384r1 ( 18 )" \
6786 -c "Verifying peer X.509 certificate... ok" \
6787 -C "received HelloRetryRequest message"
6788
6789requires_gnutls_tls1_3
6790requires_gnutls_next_no_ticket
6791requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6792requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6793requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6794requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6795requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6796requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6797requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6798run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6799 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
6800 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6801 0 \
6802 -c "HTTP/1.0 200 OK" \
6803 -c "Protocol is TLSv1.3" \
6804 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6805 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6806 -c "NamedGroup: secp384r1 ( 18 )" \
6807 -c "Verifying peer X.509 certificate... ok" \
6808 -C "received HelloRetryRequest message"
6809
6810requires_gnutls_tls1_3
6811requires_gnutls_next_no_ticket
6812requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6813requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6814requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6815requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6816requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6817requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6818run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6819 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
6820 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6821 0 \
6822 -c "HTTP/1.0 200 OK" \
6823 -c "Protocol is TLSv1.3" \
6824 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6825 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6826 -c "NamedGroup: secp521r1 ( 19 )" \
6827 -c "Verifying peer X.509 certificate... ok" \
6828 -C "received HelloRetryRequest message"
6829
6830requires_gnutls_tls1_3
6831requires_gnutls_next_no_ticket
6832requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6833requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6834requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6835requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6836requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6837requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6838run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6839 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
6840 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6841 0 \
6842 -c "HTTP/1.0 200 OK" \
6843 -c "Protocol is TLSv1.3" \
6844 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6845 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6846 -c "NamedGroup: secp521r1 ( 19 )" \
6847 -c "Verifying peer X.509 certificate... ok" \
6848 -C "received HelloRetryRequest message"
6849
6850requires_gnutls_tls1_3
6851requires_gnutls_next_no_ticket
6852requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6853requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6854requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6855requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6856requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6857requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6858run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6859 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
6860 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6861 0 \
6862 -c "HTTP/1.0 200 OK" \
6863 -c "Protocol is TLSv1.3" \
6864 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6865 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6866 -c "NamedGroup: secp521r1 ( 19 )" \
6867 -c "Verifying peer X.509 certificate... ok" \
6868 -C "received HelloRetryRequest message"
6869
6870requires_gnutls_tls1_3
6871requires_gnutls_next_no_ticket
6872requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6873requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6874requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6875requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6876requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6877requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6878requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6879run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6880 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
6881 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6882 0 \
6883 -c "HTTP/1.0 200 OK" \
6884 -c "Protocol is TLSv1.3" \
6885 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6886 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6887 -c "NamedGroup: secp521r1 ( 19 )" \
6888 -c "Verifying peer X.509 certificate... ok" \
6889 -C "received HelloRetryRequest message"
6890
6891requires_gnutls_tls1_3
6892requires_gnutls_next_no_ticket
6893requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6894requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6895requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6897requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6898requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6899run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6900 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
6901 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6902 0 \
6903 -c "HTTP/1.0 200 OK" \
6904 -c "Protocol is TLSv1.3" \
6905 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6906 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6907 -c "NamedGroup: x25519 ( 1d )" \
6908 -c "Verifying peer X.509 certificate... ok" \
6909 -C "received HelloRetryRequest message"
6910
6911requires_gnutls_tls1_3
6912requires_gnutls_next_no_ticket
6913requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6914requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6915requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6916requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6917requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6918requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6919run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6920 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
6921 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6922 0 \
6923 -c "HTTP/1.0 200 OK" \
6924 -c "Protocol is TLSv1.3" \
6925 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6926 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6927 -c "NamedGroup: x25519 ( 1d )" \
6928 -c "Verifying peer X.509 certificate... ok" \
6929 -C "received HelloRetryRequest message"
6930
6931requires_gnutls_tls1_3
6932requires_gnutls_next_no_ticket
6933requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6934requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6935requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6936requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6937requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6938requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6939run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6940 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
6941 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6942 0 \
6943 -c "HTTP/1.0 200 OK" \
6944 -c "Protocol is TLSv1.3" \
6945 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6946 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6947 -c "NamedGroup: x25519 ( 1d )" \
6948 -c "Verifying peer X.509 certificate... ok" \
6949 -C "received HelloRetryRequest message"
6950
6951requires_gnutls_tls1_3
6952requires_gnutls_next_no_ticket
6953requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6954requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6955requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6956requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6957requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6958requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6959requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6960run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6961 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
6962 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6963 0 \
6964 -c "HTTP/1.0 200 OK" \
6965 -c "Protocol is TLSv1.3" \
6966 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6967 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6968 -c "NamedGroup: x25519 ( 1d )" \
6969 -c "Verifying peer X.509 certificate... ok" \
6970 -C "received HelloRetryRequest message"
6971
6972requires_gnutls_tls1_3
6973requires_gnutls_next_no_ticket
6974requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6975requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6976requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6977requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6978requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6979requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6980run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]6981 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
6982 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6983 0 \
6984 -c "HTTP/1.0 200 OK" \
6985 -c "Protocol is TLSv1.3" \
6986 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
6987 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6988 -c "NamedGroup: x448 ( 1e )" \
6989 -c "Verifying peer X.509 certificate... ok" \
6990 -C "received HelloRetryRequest message"
6991
6992requires_gnutls_tls1_3
6993requires_gnutls_next_no_ticket
6994requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6995requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6996requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]6997requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6998requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]6999requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7000run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7001 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7002 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7003 0 \
7004 -c "HTTP/1.0 200 OK" \
7005 -c "Protocol is TLSv1.3" \
7006 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7007 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7008 -c "NamedGroup: x448 ( 1e )" \
7009 -c "Verifying peer X.509 certificate... ok" \
7010 -C "received HelloRetryRequest message"
7011
7012requires_gnutls_tls1_3
7013requires_gnutls_next_no_ticket
7014requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7015requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7016requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7017requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7018requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7019requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7020run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7021 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7022 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7023 0 \
7024 -c "HTTP/1.0 200 OK" \
7025 -c "Protocol is TLSv1.3" \
7026 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7027 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7028 -c "NamedGroup: x448 ( 1e )" \
7029 -c "Verifying peer X.509 certificate... ok" \
7030 -C "received HelloRetryRequest message"
7031
7032requires_gnutls_tls1_3
7033requires_gnutls_next_no_ticket
7034requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7035requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7036requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7037requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7038requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7039requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7040requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7041run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7042 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7043 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7044 0 \
7045 -c "HTTP/1.0 200 OK" \
7046 -c "Protocol is TLSv1.3" \
7047 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7048 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7049 -c "NamedGroup: x448 ( 1e )" \
7050 -c "Verifying peer X.509 certificate... ok" \
7051 -C "received HelloRetryRequest message"
7052
7053requires_gnutls_tls1_3
7054requires_gnutls_next_no_ticket
7055requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7056requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7057requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7058requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7059requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7060requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7061requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7062run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7063 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7064 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7065 0 \
7066 -c "HTTP/1.0 200 OK" \
7067 -c "Protocol is TLSv1.3" \
7068 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7069 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7070 -c "NamedGroup: ffdhe2048 ( 100 )" \
7071 -c "Verifying peer X.509 certificate... ok" \
7072 -C "received HelloRetryRequest message"
7073
7074requires_gnutls_tls1_3
7075requires_gnutls_next_no_ticket
7076requires_gnutls_next_disable_tls13_compat
7077requires_config_enabled MBEDTLS_SSL_CLI_C
7078requires_config_enabled MBEDTLS_DEBUG_C
7079requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7080requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7081requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7082requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7083run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7084 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7085 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7086 0 \
7087 -c "HTTP/1.0 200 OK" \
7088 -c "Protocol is TLSv1.3" \
7089 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7090 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7091 -c "NamedGroup: ffdhe2048 ( 100 )" \
7092 -c "Verifying peer X.509 certificate... ok" \
7093 -C "received HelloRetryRequest message"
7094
7095requires_gnutls_tls1_3
7096requires_gnutls_next_no_ticket
7097requires_gnutls_next_disable_tls13_compat
7098requires_config_enabled MBEDTLS_SSL_CLI_C
7099requires_config_enabled MBEDTLS_DEBUG_C
7100requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7102requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7103requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7104run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7105 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7106 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7107 0 \
7108 -c "HTTP/1.0 200 OK" \
7109 -c "Protocol is TLSv1.3" \
7110 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7111 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7112 -c "NamedGroup: ffdhe2048 ( 100 )" \
7113 -c "Verifying peer X.509 certificate... ok" \
7114 -C "received HelloRetryRequest message"
7115
7116requires_gnutls_tls1_3
7117requires_gnutls_next_no_ticket
7118requires_gnutls_next_disable_tls13_compat
7119requires_config_enabled MBEDTLS_SSL_CLI_C
7120requires_config_enabled MBEDTLS_DEBUG_C
7121requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7122requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7123requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7124requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7125requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7126run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7127 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7128 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7129 0 \
7130 -c "HTTP/1.0 200 OK" \
7131 -c "Protocol is TLSv1.3" \
7132 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7133 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7134 -c "NamedGroup: ffdhe2048 ( 100 )" \
7135 -c "Verifying peer X.509 certificate... ok" \
7136 -C "received HelloRetryRequest message"
7137
7138requires_gnutls_tls1_3
7139requires_gnutls_next_no_ticket
7140requires_gnutls_next_disable_tls13_compat
7141requires_config_enabled MBEDTLS_SSL_CLI_C
7142requires_config_enabled MBEDTLS_DEBUG_C
7143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7144requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7145requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7146run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7147 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7148 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7149 0 \
7150 -c "HTTP/1.0 200 OK" \
7151 -c "Protocol is TLSv1.3" \
7152 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7153 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7154 -c "NamedGroup: secp256r1 ( 17 )" \
7155 -c "Verifying peer X.509 certificate... ok" \
7156 -C "received HelloRetryRequest message"
7157
7158requires_gnutls_tls1_3
7159requires_gnutls_next_no_ticket
7160requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7161requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7162requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7163requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7164requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7165requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7166run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7167 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7168 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7169 0 \
7170 -c "HTTP/1.0 200 OK" \
7171 -c "Protocol is TLSv1.3" \
7172 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7173 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7174 -c "NamedGroup: secp256r1 ( 17 )" \
7175 -c "Verifying peer X.509 certificate... ok" \
7176 -C "received HelloRetryRequest message"
7177
7178requires_gnutls_tls1_3
7179requires_gnutls_next_no_ticket
7180requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7181requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7182requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7183requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7184requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7185requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7186run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7187 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7188 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7189 0 \
7190 -c "HTTP/1.0 200 OK" \
7191 -c "Protocol is TLSv1.3" \
7192 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7193 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7194 -c "NamedGroup: secp256r1 ( 17 )" \
7195 -c "Verifying peer X.509 certificate... ok" \
7196 -C "received HelloRetryRequest message"
7197
7198requires_gnutls_tls1_3
7199requires_gnutls_next_no_ticket
7200requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7201requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7202requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7203requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7204requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7205requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7206requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7207run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7208 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7209 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7210 0 \
7211 -c "HTTP/1.0 200 OK" \
7212 -c "Protocol is TLSv1.3" \
7213 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7214 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7215 -c "NamedGroup: secp256r1 ( 17 )" \
7216 -c "Verifying peer X.509 certificate... ok" \
7217 -C "received HelloRetryRequest message"
7218
7219requires_gnutls_tls1_3
7220requires_gnutls_next_no_ticket
7221requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7222requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7223requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7224requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7225requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7226requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7227run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7228 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7229 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7230 0 \
7231 -c "HTTP/1.0 200 OK" \
7232 -c "Protocol is TLSv1.3" \
7233 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7234 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7235 -c "NamedGroup: secp384r1 ( 18 )" \
7236 -c "Verifying peer X.509 certificate... ok" \
7237 -C "received HelloRetryRequest message"
7238
7239requires_gnutls_tls1_3
7240requires_gnutls_next_no_ticket
7241requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7242requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7243requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7244requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7245requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7246requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7247run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7248 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7249 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7250 0 \
7251 -c "HTTP/1.0 200 OK" \
7252 -c "Protocol is TLSv1.3" \
7253 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7254 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7255 -c "NamedGroup: secp384r1 ( 18 )" \
7256 -c "Verifying peer X.509 certificate... ok" \
7257 -C "received HelloRetryRequest message"
7258
7259requires_gnutls_tls1_3
7260requires_gnutls_next_no_ticket
7261requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7262requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7263requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7264requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7265requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7266requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7267run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7268 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7269 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7270 0 \
7271 -c "HTTP/1.0 200 OK" \
7272 -c "Protocol is TLSv1.3" \
7273 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7274 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7275 -c "NamedGroup: secp384r1 ( 18 )" \
7276 -c "Verifying peer X.509 certificate... ok" \
7277 -C "received HelloRetryRequest message"
7278
7279requires_gnutls_tls1_3
7280requires_gnutls_next_no_ticket
7281requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7282requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7283requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7284requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7286requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7287requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7288run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7289 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7290 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7291 0 \
7292 -c "HTTP/1.0 200 OK" \
7293 -c "Protocol is TLSv1.3" \
7294 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7295 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7296 -c "NamedGroup: secp384r1 ( 18 )" \
7297 -c "Verifying peer X.509 certificate... ok" \
7298 -C "received HelloRetryRequest message"
7299
7300requires_gnutls_tls1_3
7301requires_gnutls_next_no_ticket
7302requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7303requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7304requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7305requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7306requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7307requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7308run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7309 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7310 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7311 0 \
7312 -c "HTTP/1.0 200 OK" \
7313 -c "Protocol is TLSv1.3" \
7314 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7315 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7316 -c "NamedGroup: secp521r1 ( 19 )" \
7317 -c "Verifying peer X.509 certificate... ok" \
7318 -C "received HelloRetryRequest message"
7319
7320requires_gnutls_tls1_3
7321requires_gnutls_next_no_ticket
7322requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7323requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7324requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7325requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7326requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7327requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7328run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7329 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7330 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7331 0 \
7332 -c "HTTP/1.0 200 OK" \
7333 -c "Protocol is TLSv1.3" \
7334 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7335 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7336 -c "NamedGroup: secp521r1 ( 19 )" \
7337 -c "Verifying peer X.509 certificate... ok" \
7338 -C "received HelloRetryRequest message"
7339
7340requires_gnutls_tls1_3
7341requires_gnutls_next_no_ticket
7342requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7343requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7344requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7345requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7346requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7347requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7348run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7349 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7350 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7351 0 \
7352 -c "HTTP/1.0 200 OK" \
7353 -c "Protocol is TLSv1.3" \
7354 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7355 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7356 -c "NamedGroup: secp521r1 ( 19 )" \
7357 -c "Verifying peer X.509 certificate... ok" \
7358 -C "received HelloRetryRequest message"
7359
7360requires_gnutls_tls1_3
7361requires_gnutls_next_no_ticket
7362requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7363requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7364requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7365requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7366requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7367requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7368requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7369run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7370 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7371 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7372 0 \
7373 -c "HTTP/1.0 200 OK" \
7374 -c "Protocol is TLSv1.3" \
7375 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7376 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7377 -c "NamedGroup: secp521r1 ( 19 )" \
7378 -c "Verifying peer X.509 certificate... ok" \
7379 -C "received HelloRetryRequest message"
7380
7381requires_gnutls_tls1_3
7382requires_gnutls_next_no_ticket
7383requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7384requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7385requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7386requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7387requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7388requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7389run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7390 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7391 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7392 0 \
7393 -c "HTTP/1.0 200 OK" \
7394 -c "Protocol is TLSv1.3" \
7395 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7396 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7397 -c "NamedGroup: x25519 ( 1d )" \
7398 -c "Verifying peer X.509 certificate... ok" \
7399 -C "received HelloRetryRequest message"
7400
7401requires_gnutls_tls1_3
7402requires_gnutls_next_no_ticket
7403requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7404requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7405requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7407requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7408requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7409run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7410 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7411 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7412 0 \
7413 -c "HTTP/1.0 200 OK" \
7414 -c "Protocol is TLSv1.3" \
7415 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7416 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7417 -c "NamedGroup: x25519 ( 1d )" \
7418 -c "Verifying peer X.509 certificate... ok" \
7419 -C "received HelloRetryRequest message"
7420
7421requires_gnutls_tls1_3
7422requires_gnutls_next_no_ticket
7423requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7424requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7425requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7427requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7428requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7429run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7430 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7431 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7432 0 \
7433 -c "HTTP/1.0 200 OK" \
7434 -c "Protocol is TLSv1.3" \
7435 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7436 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7437 -c "NamedGroup: x25519 ( 1d )" \
7438 -c "Verifying peer X.509 certificate... ok" \
7439 -C "received HelloRetryRequest message"
7440
7441requires_gnutls_tls1_3
7442requires_gnutls_next_no_ticket
7443requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7444requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7445requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7446requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7447requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7448requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7449requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7450run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7451 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7452 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7453 0 \
7454 -c "HTTP/1.0 200 OK" \
7455 -c "Protocol is TLSv1.3" \
7456 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7457 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7458 -c "NamedGroup: x25519 ( 1d )" \
7459 -c "Verifying peer X.509 certificate... ok" \
7460 -C "received HelloRetryRequest message"
7461
7462requires_gnutls_tls1_3
7463requires_gnutls_next_no_ticket
7464requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7465requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7466requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7467requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7468requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7469requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7470run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7471 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7472 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7473 0 \
7474 -c "HTTP/1.0 200 OK" \
7475 -c "Protocol is TLSv1.3" \
7476 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7477 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7478 -c "NamedGroup: x448 ( 1e )" \
7479 -c "Verifying peer X.509 certificate... ok" \
7480 -C "received HelloRetryRequest message"
7481
7482requires_gnutls_tls1_3
7483requires_gnutls_next_no_ticket
7484requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7485requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7486requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7487requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7488requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7489requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7490run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7491 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7492 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7493 0 \
7494 -c "HTTP/1.0 200 OK" \
7495 -c "Protocol is TLSv1.3" \
7496 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7497 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7498 -c "NamedGroup: x448 ( 1e )" \
7499 -c "Verifying peer X.509 certificate... ok" \
7500 -C "received HelloRetryRequest message"
7501
7502requires_gnutls_tls1_3
7503requires_gnutls_next_no_ticket
7504requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7505requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7506requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7507requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7508requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7509requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7510run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7511 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7512 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7513 0 \
7514 -c "HTTP/1.0 200 OK" \
7515 -c "Protocol is TLSv1.3" \
7516 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7517 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7518 -c "NamedGroup: x448 ( 1e )" \
7519 -c "Verifying peer X.509 certificate... ok" \
7520 -C "received HelloRetryRequest message"
7521
7522requires_gnutls_tls1_3
7523requires_gnutls_next_no_ticket
7524requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7525requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7526requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7527requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7528requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7529requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7530requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7531run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7532 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7533 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7534 0 \
7535 -c "HTTP/1.0 200 OK" \
7536 -c "Protocol is TLSv1.3" \
7537 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7538 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7539 -c "NamedGroup: x448 ( 1e )" \
7540 -c "Verifying peer X.509 certificate... ok" \
7541 -C "received HelloRetryRequest message"
7542
7543requires_gnutls_tls1_3
7544requires_gnutls_next_no_ticket
7545requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7546requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7547requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7548requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7549requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7550requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7551requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7552run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7553 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7554 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7555 0 \
7556 -c "HTTP/1.0 200 OK" \
7557 -c "Protocol is TLSv1.3" \
7558 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7559 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7560 -c "NamedGroup: ffdhe2048 ( 100 )" \
7561 -c "Verifying peer X.509 certificate... ok" \
7562 -C "received HelloRetryRequest message"
7563
7564requires_gnutls_tls1_3
7565requires_gnutls_next_no_ticket
7566requires_gnutls_next_disable_tls13_compat
7567requires_config_enabled MBEDTLS_SSL_CLI_C
7568requires_config_enabled MBEDTLS_DEBUG_C
7569requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7570requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7571requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7572requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7573run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7574 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7575 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7576 0 \
7577 -c "HTTP/1.0 200 OK" \
7578 -c "Protocol is TLSv1.3" \
7579 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7580 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7581 -c "NamedGroup: ffdhe2048 ( 100 )" \
7582 -c "Verifying peer X.509 certificate... ok" \
7583 -C "received HelloRetryRequest message"
7584
7585requires_gnutls_tls1_3
7586requires_gnutls_next_no_ticket
7587requires_gnutls_next_disable_tls13_compat
7588requires_config_enabled MBEDTLS_SSL_CLI_C
7589requires_config_enabled MBEDTLS_DEBUG_C
7590requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7591requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7592requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7593requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7594run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7595 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7596 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7597 0 \
7598 -c "HTTP/1.0 200 OK" \
7599 -c "Protocol is TLSv1.3" \
7600 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7601 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7602 -c "NamedGroup: ffdhe2048 ( 100 )" \
7603 -c "Verifying peer X.509 certificate... ok" \
7604 -C "received HelloRetryRequest message"
7605
7606requires_gnutls_tls1_3
7607requires_gnutls_next_no_ticket
7608requires_gnutls_next_disable_tls13_compat
7609requires_config_enabled MBEDTLS_SSL_CLI_C
7610requires_config_enabled MBEDTLS_DEBUG_C
7611requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7612requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7613requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7614requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]7615requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7616run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7617 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
7618 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]7619 0 \
7620 -c "HTTP/1.0 200 OK" \
7621 -c "Protocol is TLSv1.3" \
7622 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7623 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7624 -c "NamedGroup: ffdhe2048 ( 100 )" \
7625 -c "Verifying peer X.509 certificate... ok" \
7626 -C "received HelloRetryRequest message"
7627
7628requires_gnutls_tls1_3
7629requires_gnutls_next_no_ticket
7630requires_gnutls_next_disable_tls13_compat
7631requires_config_enabled MBEDTLS_SSL_CLI_C
7632requires_config_enabled MBEDTLS_DEBUG_C
7633requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7634requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7635requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7636run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7637 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7638 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7639 0 \
7640 -c "HTTP/1.0 200 OK" \
7641 -c "Protocol is TLSv1.3" \
7642 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7643 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7644 -c "NamedGroup: secp256r1 ( 17 )" \
7645 -c "Verifying peer X.509 certificate... ok" \
7646 -C "received HelloRetryRequest message"
7647
7648requires_gnutls_tls1_3
7649requires_gnutls_next_no_ticket
7650requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7651requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7652requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7653requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7654requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7655requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7656run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7657 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7658 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7659 0 \
7660 -c "HTTP/1.0 200 OK" \
7661 -c "Protocol is TLSv1.3" \
7662 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7663 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7664 -c "NamedGroup: secp256r1 ( 17 )" \
7665 -c "Verifying peer X.509 certificate... ok" \
7666 -C "received HelloRetryRequest message"
7667
7668requires_gnutls_tls1_3
7669requires_gnutls_next_no_ticket
7670requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7671requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7672requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7673requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7674requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7675requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7676run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7677 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7678 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7679 0 \
7680 -c "HTTP/1.0 200 OK" \
7681 -c "Protocol is TLSv1.3" \
7682 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7683 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7684 -c "NamedGroup: secp256r1 ( 17 )" \
7685 -c "Verifying peer X.509 certificate... ok" \
7686 -C "received HelloRetryRequest message"
7687
7688requires_gnutls_tls1_3
7689requires_gnutls_next_no_ticket
7690requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7691requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7692requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7693requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7694requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7695requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7696requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7697run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7698 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
7699 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7700 0 \
7701 -c "HTTP/1.0 200 OK" \
7702 -c "Protocol is TLSv1.3" \
7703 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7704 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7705 -c "NamedGroup: secp256r1 ( 17 )" \
7706 -c "Verifying peer X.509 certificate... ok" \
7707 -C "received HelloRetryRequest message"
7708
7709requires_gnutls_tls1_3
7710requires_gnutls_next_no_ticket
7711requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7712requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7713requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7714requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7715requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7716requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7717run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7718 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7719 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7720 0 \
7721 -c "HTTP/1.0 200 OK" \
7722 -c "Protocol is TLSv1.3" \
7723 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7724 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7725 -c "NamedGroup: secp384r1 ( 18 )" \
7726 -c "Verifying peer X.509 certificate... ok" \
7727 -C "received HelloRetryRequest message"
7728
7729requires_gnutls_tls1_3
7730requires_gnutls_next_no_ticket
7731requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7732requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7733requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7734requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7735requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7736requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7737run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7738 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7739 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7740 0 \
7741 -c "HTTP/1.0 200 OK" \
7742 -c "Protocol is TLSv1.3" \
7743 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7744 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7745 -c "NamedGroup: secp384r1 ( 18 )" \
7746 -c "Verifying peer X.509 certificate... ok" \
7747 -C "received HelloRetryRequest message"
7748
7749requires_gnutls_tls1_3
7750requires_gnutls_next_no_ticket
7751requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7752requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7753requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7754requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7756requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7757run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7758 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7759 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7760 0 \
7761 -c "HTTP/1.0 200 OK" \
7762 -c "Protocol is TLSv1.3" \
7763 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7764 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7765 -c "NamedGroup: secp384r1 ( 18 )" \
7766 -c "Verifying peer X.509 certificate... ok" \
7767 -C "received HelloRetryRequest message"
7768
7769requires_gnutls_tls1_3
7770requires_gnutls_next_no_ticket
7771requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7772requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7773requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7774requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7775requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7776requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7777requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7778run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7779 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
7780 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7781 0 \
7782 -c "HTTP/1.0 200 OK" \
7783 -c "Protocol is TLSv1.3" \
7784 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7785 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7786 -c "NamedGroup: secp384r1 ( 18 )" \
7787 -c "Verifying peer X.509 certificate... ok" \
7788 -C "received HelloRetryRequest message"
7789
7790requires_gnutls_tls1_3
7791requires_gnutls_next_no_ticket
7792requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7793requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7794requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7797requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7798run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7799 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7800 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7801 0 \
7802 -c "HTTP/1.0 200 OK" \
7803 -c "Protocol is TLSv1.3" \
7804 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7805 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7806 -c "NamedGroup: secp521r1 ( 19 )" \
7807 -c "Verifying peer X.509 certificate... ok" \
7808 -C "received HelloRetryRequest message"
7809
7810requires_gnutls_tls1_3
7811requires_gnutls_next_no_ticket
7812requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7813requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7814requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7815requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7816requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7817requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7818run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7819 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7820 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7821 0 \
7822 -c "HTTP/1.0 200 OK" \
7823 -c "Protocol is TLSv1.3" \
7824 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7825 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7826 -c "NamedGroup: secp521r1 ( 19 )" \
7827 -c "Verifying peer X.509 certificate... ok" \
7828 -C "received HelloRetryRequest message"
7829
7830requires_gnutls_tls1_3
7831requires_gnutls_next_no_ticket
7832requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7833requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7834requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7835requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7836requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7837requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7838run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7839 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7840 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7841 0 \
7842 -c "HTTP/1.0 200 OK" \
7843 -c "Protocol is TLSv1.3" \
7844 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7845 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7846 -c "NamedGroup: secp521r1 ( 19 )" \
7847 -c "Verifying peer X.509 certificate... ok" \
7848 -C "received HelloRetryRequest message"
7849
7850requires_gnutls_tls1_3
7851requires_gnutls_next_no_ticket
7852requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7853requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7854requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7855requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7856requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7857requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7858requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7859run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7860 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
7861 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7862 0 \
7863 -c "HTTP/1.0 200 OK" \
7864 -c "Protocol is TLSv1.3" \
7865 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7866 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7867 -c "NamedGroup: secp521r1 ( 19 )" \
7868 -c "Verifying peer X.509 certificate... ok" \
7869 -C "received HelloRetryRequest message"
7870
7871requires_gnutls_tls1_3
7872requires_gnutls_next_no_ticket
7873requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7874requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7875requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7876requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7877requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7878requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7879run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7880 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7881 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7882 0 \
7883 -c "HTTP/1.0 200 OK" \
7884 -c "Protocol is TLSv1.3" \
7885 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7886 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7887 -c "NamedGroup: x25519 ( 1d )" \
7888 -c "Verifying peer X.509 certificate... ok" \
7889 -C "received HelloRetryRequest message"
7890
7891requires_gnutls_tls1_3
7892requires_gnutls_next_no_ticket
7893requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7894requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7895requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7897requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7898requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7899run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7900 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7901 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7902 0 \
7903 -c "HTTP/1.0 200 OK" \
7904 -c "Protocol is TLSv1.3" \
7905 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7906 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7907 -c "NamedGroup: x25519 ( 1d )" \
7908 -c "Verifying peer X.509 certificate... ok" \
7909 -C "received HelloRetryRequest message"
7910
7911requires_gnutls_tls1_3
7912requires_gnutls_next_no_ticket
7913requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7914requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7915requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7916requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7917requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7918requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7919run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7920 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7921 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7922 0 \
7923 -c "HTTP/1.0 200 OK" \
7924 -c "Protocol is TLSv1.3" \
7925 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7926 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7927 -c "NamedGroup: x25519 ( 1d )" \
7928 -c "Verifying peer X.509 certificate... ok" \
7929 -C "received HelloRetryRequest message"
7930
7931requires_gnutls_tls1_3
7932requires_gnutls_next_no_ticket
7933requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7934requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7935requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7936requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7937requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7938requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7939requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7940run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7941 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
7942 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7943 0 \
7944 -c "HTTP/1.0 200 OK" \
7945 -c "Protocol is TLSv1.3" \
7946 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7947 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7948 -c "NamedGroup: x25519 ( 1d )" \
7949 -c "Verifying peer X.509 certificate... ok" \
7950 -C "received HelloRetryRequest message"
7951
7952requires_gnutls_tls1_3
7953requires_gnutls_next_no_ticket
7954requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7955requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7956requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7957requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7958requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7959requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7960run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7961 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7962 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7963 0 \
7964 -c "HTTP/1.0 200 OK" \
7965 -c "Protocol is TLSv1.3" \
7966 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7967 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7968 -c "NamedGroup: x448 ( 1e )" \
7969 -c "Verifying peer X.509 certificate... ok" \
7970 -C "received HelloRetryRequest message"
7971
7972requires_gnutls_tls1_3
7973requires_gnutls_next_no_ticket
7974requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7975requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7976requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7977requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7978requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7979requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7980run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]7981 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
7982 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7983 0 \
7984 -c "HTTP/1.0 200 OK" \
7985 -c "Protocol is TLSv1.3" \
7986 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
7987 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7988 -c "NamedGroup: x448 ( 1e )" \
7989 -c "Verifying peer X.509 certificate... ok" \
7990 -C "received HelloRetryRequest message"
7991
7992requires_gnutls_tls1_3
7993requires_gnutls_next_no_ticket
7994requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7995requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7996requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]7997requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7998requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]7999requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8000run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8001 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8002 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8003 0 \
8004 -c "HTTP/1.0 200 OK" \
8005 -c "Protocol is TLSv1.3" \
8006 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8007 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8008 -c "NamedGroup: x448 ( 1e )" \
8009 -c "Verifying peer X.509 certificate... ok" \
8010 -C "received HelloRetryRequest message"
8011
8012requires_gnutls_tls1_3
8013requires_gnutls_next_no_ticket
8014requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8015requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8016requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8017requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8018requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8019requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8020requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8021run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8022 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8023 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8024 0 \
8025 -c "HTTP/1.0 200 OK" \
8026 -c "Protocol is TLSv1.3" \
8027 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8028 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8029 -c "NamedGroup: x448 ( 1e )" \
8030 -c "Verifying peer X.509 certificate... ok" \
8031 -C "received HelloRetryRequest message"
8032
8033requires_gnutls_tls1_3
8034requires_gnutls_next_no_ticket
8035requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8036requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8037requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8038requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8039requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8040requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8041requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8042run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8043 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8044 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8045 0 \
8046 -c "HTTP/1.0 200 OK" \
8047 -c "Protocol is TLSv1.3" \
8048 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8049 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8050 -c "NamedGroup: ffdhe2048 ( 100 )" \
8051 -c "Verifying peer X.509 certificate... ok" \
8052 -C "received HelloRetryRequest message"
8053
8054requires_gnutls_tls1_3
8055requires_gnutls_next_no_ticket
8056requires_gnutls_next_disable_tls13_compat
8057requires_config_enabled MBEDTLS_SSL_CLI_C
8058requires_config_enabled MBEDTLS_DEBUG_C
8059requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8060requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8061requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8062requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8063run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8064 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8065 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8066 0 \
8067 -c "HTTP/1.0 200 OK" \
8068 -c "Protocol is TLSv1.3" \
8069 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8070 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8071 -c "NamedGroup: ffdhe2048 ( 100 )" \
8072 -c "Verifying peer X.509 certificate... ok" \
8073 -C "received HelloRetryRequest message"
8074
8075requires_gnutls_tls1_3
8076requires_gnutls_next_no_ticket
8077requires_gnutls_next_disable_tls13_compat
8078requires_config_enabled MBEDTLS_SSL_CLI_C
8079requires_config_enabled MBEDTLS_DEBUG_C
8080requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8081requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8082requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8083requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8084run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8085 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8086 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8087 0 \
8088 -c "HTTP/1.0 200 OK" \
8089 -c "Protocol is TLSv1.3" \
8090 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8091 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8092 -c "NamedGroup: ffdhe2048 ( 100 )" \
8093 -c "Verifying peer X.509 certificate... ok" \
8094 -C "received HelloRetryRequest message"
8095
8096requires_gnutls_tls1_3
8097requires_gnutls_next_no_ticket
8098requires_gnutls_next_disable_tls13_compat
8099requires_config_enabled MBEDTLS_SSL_CLI_C
8100requires_config_enabled MBEDTLS_DEBUG_C
8101requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8102requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8103requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8104requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8105requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8106run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8107 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8108 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8109 0 \
8110 -c "HTTP/1.0 200 OK" \
8111 -c "Protocol is TLSv1.3" \
8112 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8113 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8114 -c "NamedGroup: ffdhe2048 ( 100 )" \
8115 -c "Verifying peer X.509 certificate... ok" \
8116 -C "received HelloRetryRequest message"
8117
8118requires_gnutls_tls1_3
8119requires_gnutls_next_no_ticket
8120requires_gnutls_next_disable_tls13_compat
8121requires_config_enabled MBEDTLS_SSL_CLI_C
8122requires_config_enabled MBEDTLS_DEBUG_C
8123requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8124requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8125requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8126run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8127 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8128 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8129 0 \
8130 -c "HTTP/1.0 200 OK" \
8131 -c "Protocol is TLSv1.3" \
8132 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8133 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8134 -c "NamedGroup: secp256r1 ( 17 )" \
8135 -c "Verifying peer X.509 certificate... ok" \
8136 -C "received HelloRetryRequest message"
8137
8138requires_gnutls_tls1_3
8139requires_gnutls_next_no_ticket
8140requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8141requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8142requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8144requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8145requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8146run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8147 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8148 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8149 0 \
8150 -c "HTTP/1.0 200 OK" \
8151 -c "Protocol is TLSv1.3" \
8152 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8153 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8154 -c "NamedGroup: secp256r1 ( 17 )" \
8155 -c "Verifying peer X.509 certificate... ok" \
8156 -C "received HelloRetryRequest message"
8157
8158requires_gnutls_tls1_3
8159requires_gnutls_next_no_ticket
8160requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8161requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8162requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8163requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8164requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8165requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8166run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8167 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8168 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8169 0 \
8170 -c "HTTP/1.0 200 OK" \
8171 -c "Protocol is TLSv1.3" \
8172 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8173 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8174 -c "NamedGroup: secp256r1 ( 17 )" \
8175 -c "Verifying peer X.509 certificate... ok" \
8176 -C "received HelloRetryRequest message"
8177
8178requires_gnutls_tls1_3
8179requires_gnutls_next_no_ticket
8180requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8181requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8182requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8183requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8184requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8185requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8186requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8187run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8188 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8189 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8190 0 \
8191 -c "HTTP/1.0 200 OK" \
8192 -c "Protocol is TLSv1.3" \
8193 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8194 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8195 -c "NamedGroup: secp256r1 ( 17 )" \
8196 -c "Verifying peer X.509 certificate... ok" \
8197 -C "received HelloRetryRequest message"
8198
8199requires_gnutls_tls1_3
8200requires_gnutls_next_no_ticket
8201requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8202requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8203requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8204requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8205requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8206requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8207run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8208 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8209 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8210 0 \
8211 -c "HTTP/1.0 200 OK" \
8212 -c "Protocol is TLSv1.3" \
8213 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8214 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8215 -c "NamedGroup: secp384r1 ( 18 )" \
8216 -c "Verifying peer X.509 certificate... ok" \
8217 -C "received HelloRetryRequest message"
8218
8219requires_gnutls_tls1_3
8220requires_gnutls_next_no_ticket
8221requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8222requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8223requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8224requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8225requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8226requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8227run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8228 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8229 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8230 0 \
8231 -c "HTTP/1.0 200 OK" \
8232 -c "Protocol is TLSv1.3" \
8233 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8234 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8235 -c "NamedGroup: secp384r1 ( 18 )" \
8236 -c "Verifying peer X.509 certificate... ok" \
8237 -C "received HelloRetryRequest message"
8238
8239requires_gnutls_tls1_3
8240requires_gnutls_next_no_ticket
8241requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8242requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8243requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8244requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8245requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8246requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8247run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8248 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8249 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8250 0 \
8251 -c "HTTP/1.0 200 OK" \
8252 -c "Protocol is TLSv1.3" \
8253 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8254 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8255 -c "NamedGroup: secp384r1 ( 18 )" \
8256 -c "Verifying peer X.509 certificate... ok" \
8257 -C "received HelloRetryRequest message"
8258
8259requires_gnutls_tls1_3
8260requires_gnutls_next_no_ticket
8261requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8262requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8263requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8264requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8265requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8266requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8267requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8268run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8269 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8270 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8271 0 \
8272 -c "HTTP/1.0 200 OK" \
8273 -c "Protocol is TLSv1.3" \
8274 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8275 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8276 -c "NamedGroup: secp384r1 ( 18 )" \
8277 -c "Verifying peer X.509 certificate... ok" \
8278 -C "received HelloRetryRequest message"
8279
8280requires_gnutls_tls1_3
8281requires_gnutls_next_no_ticket
8282requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8283requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8284requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8285requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8286requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8287requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8288run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8289 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8290 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8291 0 \
8292 -c "HTTP/1.0 200 OK" \
8293 -c "Protocol is TLSv1.3" \
8294 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8295 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8296 -c "NamedGroup: secp521r1 ( 19 )" \
8297 -c "Verifying peer X.509 certificate... ok" \
8298 -C "received HelloRetryRequest message"
8299
8300requires_gnutls_tls1_3
8301requires_gnutls_next_no_ticket
8302requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8303requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8304requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8305requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8306requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8307requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8308run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8309 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8310 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8311 0 \
8312 -c "HTTP/1.0 200 OK" \
8313 -c "Protocol is TLSv1.3" \
8314 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8315 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8316 -c "NamedGroup: secp521r1 ( 19 )" \
8317 -c "Verifying peer X.509 certificate... ok" \
8318 -C "received HelloRetryRequest message"
8319
8320requires_gnutls_tls1_3
8321requires_gnutls_next_no_ticket
8322requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8323requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8324requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8325requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8326requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8327requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8328run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8329 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8330 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8331 0 \
8332 -c "HTTP/1.0 200 OK" \
8333 -c "Protocol is TLSv1.3" \
8334 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8335 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8336 -c "NamedGroup: secp521r1 ( 19 )" \
8337 -c "Verifying peer X.509 certificate... ok" \
8338 -C "received HelloRetryRequest message"
8339
8340requires_gnutls_tls1_3
8341requires_gnutls_next_no_ticket
8342requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8343requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8344requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8345requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8346requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8347requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8348requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8349run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8350 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8351 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8352 0 \
8353 -c "HTTP/1.0 200 OK" \
8354 -c "Protocol is TLSv1.3" \
8355 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8356 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8357 -c "NamedGroup: secp521r1 ( 19 )" \
8358 -c "Verifying peer X.509 certificate... ok" \
8359 -C "received HelloRetryRequest message"
8360
8361requires_gnutls_tls1_3
8362requires_gnutls_next_no_ticket
8363requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8364requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8365requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8366requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8367requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8368requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8369run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8370 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8371 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8372 0 \
8373 -c "HTTP/1.0 200 OK" \
8374 -c "Protocol is TLSv1.3" \
8375 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8376 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8377 -c "NamedGroup: x25519 ( 1d )" \
8378 -c "Verifying peer X.509 certificate... ok" \
8379 -C "received HelloRetryRequest message"
8380
8381requires_gnutls_tls1_3
8382requires_gnutls_next_no_ticket
8383requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8384requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8385requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8386requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8387requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8388requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8389run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8390 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8391 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8392 0 \
8393 -c "HTTP/1.0 200 OK" \
8394 -c "Protocol is TLSv1.3" \
8395 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8396 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8397 -c "NamedGroup: x25519 ( 1d )" \
8398 -c "Verifying peer X.509 certificate... ok" \
8399 -C "received HelloRetryRequest message"
8400
8401requires_gnutls_tls1_3
8402requires_gnutls_next_no_ticket
8403requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8404requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8405requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8407requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8408requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8409run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8410 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8411 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8412 0 \
8413 -c "HTTP/1.0 200 OK" \
8414 -c "Protocol is TLSv1.3" \
8415 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8416 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8417 -c "NamedGroup: x25519 ( 1d )" \
8418 -c "Verifying peer X.509 certificate... ok" \
8419 -C "received HelloRetryRequest message"
8420
8421requires_gnutls_tls1_3
8422requires_gnutls_next_no_ticket
8423requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8424requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8425requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8427requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8428requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8429requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8430run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8431 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8432 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8433 0 \
8434 -c "HTTP/1.0 200 OK" \
8435 -c "Protocol is TLSv1.3" \
8436 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8437 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8438 -c "NamedGroup: x25519 ( 1d )" \
8439 -c "Verifying peer X.509 certificate... ok" \
8440 -C "received HelloRetryRequest message"
8441
8442requires_gnutls_tls1_3
8443requires_gnutls_next_no_ticket
8444requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8445requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8446requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8447requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8448requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8449requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8450run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8451 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8452 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8453 0 \
8454 -c "HTTP/1.0 200 OK" \
8455 -c "Protocol is TLSv1.3" \
8456 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8457 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8458 -c "NamedGroup: x448 ( 1e )" \
8459 -c "Verifying peer X.509 certificate... ok" \
8460 -C "received HelloRetryRequest message"
8461
8462requires_gnutls_tls1_3
8463requires_gnutls_next_no_ticket
8464requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8465requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8466requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8467requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8468requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8469requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8470run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8471 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8472 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8473 0 \
8474 -c "HTTP/1.0 200 OK" \
8475 -c "Protocol is TLSv1.3" \
8476 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8477 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8478 -c "NamedGroup: x448 ( 1e )" \
8479 -c "Verifying peer X.509 certificate... ok" \
8480 -C "received HelloRetryRequest message"
8481
8482requires_gnutls_tls1_3
8483requires_gnutls_next_no_ticket
8484requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8485requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8486requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8487requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8488requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8489requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8490run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8491 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8492 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8493 0 \
8494 -c "HTTP/1.0 200 OK" \
8495 -c "Protocol is TLSv1.3" \
8496 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8497 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8498 -c "NamedGroup: x448 ( 1e )" \
8499 -c "Verifying peer X.509 certificate... ok" \
8500 -C "received HelloRetryRequest message"
8501
8502requires_gnutls_tls1_3
8503requires_gnutls_next_no_ticket
8504requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8505requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8506requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8507requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8508requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8509requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8510requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8511run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8512 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8513 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8514 0 \
8515 -c "HTTP/1.0 200 OK" \
8516 -c "Protocol is TLSv1.3" \
8517 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8518 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8519 -c "NamedGroup: x448 ( 1e )" \
8520 -c "Verifying peer X.509 certificate... ok" \
8521 -C "received HelloRetryRequest message"
8522
8523requires_gnutls_tls1_3
8524requires_gnutls_next_no_ticket
8525requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8526requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8527requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8528requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8529requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8530requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8531requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8532run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8533 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8534 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8535 0 \
8536 -c "HTTP/1.0 200 OK" \
8537 -c "Protocol is TLSv1.3" \
8538 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8539 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8540 -c "NamedGroup: ffdhe2048 ( 100 )" \
8541 -c "Verifying peer X.509 certificate... ok" \
8542 -C "received HelloRetryRequest message"
8543
8544requires_gnutls_tls1_3
8545requires_gnutls_next_no_ticket
8546requires_gnutls_next_disable_tls13_compat
8547requires_config_enabled MBEDTLS_SSL_CLI_C
8548requires_config_enabled MBEDTLS_DEBUG_C
8549requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8550requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8551requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8552requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8553run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8554 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8555 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8556 0 \
8557 -c "HTTP/1.0 200 OK" \
8558 -c "Protocol is TLSv1.3" \
8559 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8560 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8561 -c "NamedGroup: ffdhe2048 ( 100 )" \
8562 -c "Verifying peer X.509 certificate... ok" \
8563 -C "received HelloRetryRequest message"
8564
8565requires_gnutls_tls1_3
8566requires_gnutls_next_no_ticket
8567requires_gnutls_next_disable_tls13_compat
8568requires_config_enabled MBEDTLS_SSL_CLI_C
8569requires_config_enabled MBEDTLS_DEBUG_C
8570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8572requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8573requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8574run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8575 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8576 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8577 0 \
8578 -c "HTTP/1.0 200 OK" \
8579 -c "Protocol is TLSv1.3" \
8580 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8581 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8582 -c "NamedGroup: ffdhe2048 ( 100 )" \
8583 -c "Verifying peer X.509 certificate... ok" \
8584 -C "received HelloRetryRequest message"
8585
8586requires_gnutls_tls1_3
8587requires_gnutls_next_no_ticket
8588requires_gnutls_next_disable_tls13_compat
8589requires_config_enabled MBEDTLS_SSL_CLI_C
8590requires_config_enabled MBEDTLS_DEBUG_C
8591requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8592requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8593requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8594requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]8595requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8596run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8597 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
8598 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]8599 0 \
8600 -c "HTTP/1.0 200 OK" \
8601 -c "Protocol is TLSv1.3" \
8602 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8603 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8604 -c "NamedGroup: ffdhe2048 ( 100 )" \
8605 -c "Verifying peer X.509 certificate... ok" \
8606 -C "received HelloRetryRequest message"
8607
8608requires_gnutls_tls1_3
8609requires_gnutls_next_no_ticket
8610requires_gnutls_next_disable_tls13_compat
8611requires_config_enabled MBEDTLS_SSL_CLI_C
8612requires_config_enabled MBEDTLS_DEBUG_C
8613requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
8614requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8615requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8616run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8617 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8618 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8619 0 \
8620 -c "HTTP/1.0 200 OK" \
8621 -c "Protocol is TLSv1.3" \
8622 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8623 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8624 -c "NamedGroup: secp256r1 ( 17 )" \
8625 -c "Verifying peer X.509 certificate... ok" \
8626 -C "received HelloRetryRequest message"
8627
8628requires_gnutls_tls1_3
8629requires_gnutls_next_no_ticket
8630requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8631requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8632requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8633requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8634requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8635requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8636run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8637 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8638 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8639 0 \
8640 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8641 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8642 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8643 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8644 -c "NamedGroup: secp256r1 ( 17 )" \
8645 -c "Verifying peer X.509 certificate... ok" \
8646 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8647
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8648requires_gnutls_tls1_3
8649requires_gnutls_next_no_ticket
8650requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8651requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8652requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8653requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8654requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8655requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8656run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8657 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8658 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8659 0 \
8660 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8661 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8662 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8663 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8664 -c "NamedGroup: secp256r1 ( 17 )" \
8665 -c "Verifying peer X.509 certificate... ok" \
8666 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8667
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8668requires_gnutls_tls1_3
8669requires_gnutls_next_no_ticket
8670requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8671requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8672requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8673requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8674requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8675requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8676requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8677run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8678 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
8679 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8680 0 \
8681 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8682 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8683 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8684 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8685 -c "NamedGroup: secp256r1 ( 17 )" \
8686 -c "Verifying peer X.509 certificate... ok" \
8687 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8688
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8689requires_gnutls_tls1_3
8690requires_gnutls_next_no_ticket
8691requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8692requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8693requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8694requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8695requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8696requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8697run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8698 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8699 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8700 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8701 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8702 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8703 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8704 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8705 -c "NamedGroup: secp384r1 ( 18 )" \
8706 -c "Verifying peer X.509 certificate... ok" \
8707 -C "received HelloRetryRequest message"
8708
8709requires_gnutls_tls1_3
8710requires_gnutls_next_no_ticket
8711requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8712requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8713requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8714requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8715requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8716requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8717run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8718 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8719 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8720 0 \
8721 -c "HTTP/1.0 200 OK" \
8722 -c "Protocol is TLSv1.3" \
8723 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8724 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8725 -c "NamedGroup: secp384r1 ( 18 )" \
8726 -c "Verifying peer X.509 certificate... ok" \
8727 -C "received HelloRetryRequest message"
8728
8729requires_gnutls_tls1_3
8730requires_gnutls_next_no_ticket
8731requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8732requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8733requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8734requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8735requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8736requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8737run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8738 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8739 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8740 0 \
8741 -c "HTTP/1.0 200 OK" \
8742 -c "Protocol is TLSv1.3" \
8743 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8744 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8745 -c "NamedGroup: secp384r1 ( 18 )" \
8746 -c "Verifying peer X.509 certificate... ok" \
8747 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8748
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8749requires_gnutls_tls1_3
8750requires_gnutls_next_no_ticket
8751requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8752requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8753requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8754requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8756requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8757requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8758run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8759 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
8760 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8761 0 \
8762 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8763 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8764 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8765 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8766 -c "NamedGroup: secp384r1 ( 18 )" \
8767 -c "Verifying peer X.509 certificate... ok" \
8768 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8769
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8770requires_gnutls_tls1_3
8771requires_gnutls_next_no_ticket
8772requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8773requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8774requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8775requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8776requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8777requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8778run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8779 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8780 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8781 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8782 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8783 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8784 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8785 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8786 -c "NamedGroup: secp521r1 ( 19 )" \
8787 -c "Verifying peer X.509 certificate... ok" \
8788 -C "received HelloRetryRequest message"
8789
8790requires_gnutls_tls1_3
8791requires_gnutls_next_no_ticket
8792requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8793requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8794requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8795requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8797requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8798run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8799 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8800 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8801 0 \
8802 -c "HTTP/1.0 200 OK" \
8803 -c "Protocol is TLSv1.3" \
8804 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8805 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8806 -c "NamedGroup: secp521r1 ( 19 )" \
8807 -c "Verifying peer X.509 certificate... ok" \
8808 -C "received HelloRetryRequest message"
8809
8810requires_gnutls_tls1_3
8811requires_gnutls_next_no_ticket
8812requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8813requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8814requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8815requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8816requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8817requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8818run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8819 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8820 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8821 0 \
8822 -c "HTTP/1.0 200 OK" \
8823 -c "Protocol is TLSv1.3" \
8824 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8825 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8826 -c "NamedGroup: secp521r1 ( 19 )" \
8827 -c "Verifying peer X.509 certificate... ok" \
8828 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8829
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8830requires_gnutls_tls1_3
8831requires_gnutls_next_no_ticket
8832requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8833requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8834requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8835requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8836requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8837requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8838requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8839run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8840 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
8841 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8842 0 \
8843 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8844 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8845 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8846 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8847 -c "NamedGroup: secp521r1 ( 19 )" \
8848 -c "Verifying peer X.509 certificate... ok" \
8849 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8850
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8851requires_gnutls_tls1_3
8852requires_gnutls_next_no_ticket
8853requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8854requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8855requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8856requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8857requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8858requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8859run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8860 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8861 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8862 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8863 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8864 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8865 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8866 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8867 -c "NamedGroup: x25519 ( 1d )" \
8868 -c "Verifying peer X.509 certificate... ok" \
8869 -C "received HelloRetryRequest message"
8870
8871requires_gnutls_tls1_3
8872requires_gnutls_next_no_ticket
8873requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8874requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8875requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8876requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8877requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8878requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8879run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8880 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8881 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8882 0 \
8883 -c "HTTP/1.0 200 OK" \
8884 -c "Protocol is TLSv1.3" \
8885 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8886 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8887 -c "NamedGroup: x25519 ( 1d )" \
8888 -c "Verifying peer X.509 certificate... ok" \
8889 -C "received HelloRetryRequest message"
8890
8891requires_gnutls_tls1_3
8892requires_gnutls_next_no_ticket
8893requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8894requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8895requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8897requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8898requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8899run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8900 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8901 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8902 0 \
8903 -c "HTTP/1.0 200 OK" \
8904 -c "Protocol is TLSv1.3" \
8905 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8906 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8907 -c "NamedGroup: x25519 ( 1d )" \
8908 -c "Verifying peer X.509 certificate... ok" \
8909 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8910
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8911requires_gnutls_tls1_3
8912requires_gnutls_next_no_ticket
8913requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8914requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8915requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8916requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8917requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8918requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8919requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]8920run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8921 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
8922 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8923 0 \
8924 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8925 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8926 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8927 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8928 -c "NamedGroup: x25519 ( 1d )" \
8929 -c "Verifying peer X.509 certificate... ok" \
8930 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8931
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8932requires_gnutls_tls1_3
8933requires_gnutls_next_no_ticket
8934requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8935requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8936requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8937requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8938requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8939requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8940run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8941 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8942 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8943 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8944 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]8945 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]8946 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8947 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8948 -c "NamedGroup: x448 ( 1e )" \
8949 -c "Verifying peer X.509 certificate... ok" \
8950 -C "received HelloRetryRequest message"
8951
8952requires_gnutls_tls1_3
8953requires_gnutls_next_no_ticket
8954requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8955requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8956requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8957requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8958requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8959requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8960run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8961 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8962 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8963 0 \
8964 -c "HTTP/1.0 200 OK" \
8965 -c "Protocol is TLSv1.3" \
8966 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8967 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8968 -c "NamedGroup: x448 ( 1e )" \
8969 -c "Verifying peer X.509 certificate... ok" \
8970 -C "received HelloRetryRequest message"
8971
8972requires_gnutls_tls1_3
8973requires_gnutls_next_no_ticket
8974requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8975requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8976requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8977requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8978requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]8979requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8980run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]8981 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
8982 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]8983 0 \
8984 -c "HTTP/1.0 200 OK" \
8985 -c "Protocol is TLSv1.3" \
8986 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
8987 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]8988 -c "NamedGroup: x448 ( 1e )" \
8989 -c "Verifying peer X.509 certificate... ok" \
8990 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]8991
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8992requires_gnutls_tls1_3
8993requires_gnutls_next_no_ticket
8994requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8995requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8996requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]8997requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]8998requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]8999requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9000requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]9001run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9002 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
9003 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9004 0 \
9005 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]9006 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]9007 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]9008 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]9009 -c "NamedGroup: x448 ( 1e )" \
9010 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]9011 -C "received HelloRetryRequest message"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]9012
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9013requires_gnutls_tls1_3
9014requires_gnutls_next_no_ticket
9015requires_gnutls_next_disable_tls13_compat
9016requires_config_enabled MBEDTLS_SSL_CLI_C
9017requires_config_enabled MBEDTLS_DEBUG_C
9018requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9019requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9020requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9021requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9022run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9023 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9024 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9025 0 \
9026 -c "HTTP/1.0 200 OK" \
9027 -c "Protocol is TLSv1.3" \
9028 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9029 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9030 -c "NamedGroup: ffdhe2048 ( 100 )" \
9031 -c "Verifying peer X.509 certificate... ok" \
9032 -C "received HelloRetryRequest message"
9033
9034requires_gnutls_tls1_3
9035requires_gnutls_next_no_ticket
9036requires_gnutls_next_disable_tls13_compat
9037requires_config_enabled MBEDTLS_SSL_CLI_C
9038requires_config_enabled MBEDTLS_DEBUG_C
9039requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9040requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9041requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9042requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9043run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9044 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp384r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9045 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9046 0 \
9047 -c "HTTP/1.0 200 OK" \
9048 -c "Protocol is TLSv1.3" \
9049 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9050 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9051 -c "NamedGroup: ffdhe2048 ( 100 )" \
9052 -c "Verifying peer X.509 certificate... ok" \
9053 -C "received HelloRetryRequest message"
9054
9055requires_gnutls_tls1_3
9056requires_gnutls_next_no_ticket
9057requires_gnutls_next_disable_tls13_compat
9058requires_config_enabled MBEDTLS_SSL_CLI_C
9059requires_config_enabled MBEDTLS_DEBUG_C
9060requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9061requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9062requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9063requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9064run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9065 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp521r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9066 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9067 0 \
9068 -c "HTTP/1.0 200 OK" \
9069 -c "Protocol is TLSv1.3" \
9070 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9071 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9072 -c "NamedGroup: ffdhe2048 ( 100 )" \
9073 -c "Verifying peer X.509 certificate... ok" \
9074 -C "received HelloRetryRequest message"
9075
9076requires_gnutls_tls1_3
9077requires_gnutls_next_no_ticket
9078requires_gnutls_next_disable_tls13_compat
9079requires_config_enabled MBEDTLS_SSL_CLI_C
9080requires_config_enabled MBEDTLS_DEBUG_C
9081requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9082requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9083requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9084requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9085requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9086run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9087 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
9088 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9089 0 \
9090 -c "HTTP/1.0 200 OK" \
9091 -c "Protocol is TLSv1.3" \
9092 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9093 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9094 -c "NamedGroup: ffdhe2048 ( 100 )" \
9095 -c "Verifying peer X.509 certificate... ok" \
9096 -C "received HelloRetryRequest message"
9097
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9098requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9099requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9100requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9102requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9103requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9104requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9105requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9106requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9107requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9108run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9109 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9110 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9111 0 \
9112 -s "Protocol is TLSv1.3" \
9113 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9114 -s "received signature algorithm: 0x403" \
9115 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9116 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9117 -c "Protocol is TLSv1.3" \
9118 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9119 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9120 -c "NamedGroup: secp256r1 ( 17 )" \
9121 -c "Verifying peer X.509 certificate... ok" \
9122 -C "received HelloRetryRequest message"
9123
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9124requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9125requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9126requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9127requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9128requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9129requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9130requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9131requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9132requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9133requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9134run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9135 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9136 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9137 0 \
9138 -s "Protocol is TLSv1.3" \
9139 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9140 -s "received signature algorithm: 0x503" \
9141 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9142 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9143 -c "Protocol is TLSv1.3" \
9144 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9145 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9146 -c "NamedGroup: secp256r1 ( 17 )" \
9147 -c "Verifying peer X.509 certificate... ok" \
9148 -C "received HelloRetryRequest message"
9149
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9150requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9151requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9152requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9153requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9154requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9155requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9156requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9157requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9158requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9159requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9160run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9161 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9162 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9163 0 \
9164 -s "Protocol is TLSv1.3" \
9165 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9166 -s "received signature algorithm: 0x603" \
9167 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9168 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9169 -c "Protocol is TLSv1.3" \
9170 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9171 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9172 -c "NamedGroup: secp256r1 ( 17 )" \
9173 -c "Verifying peer X.509 certificate... ok" \
9174 -C "received HelloRetryRequest message"
9175
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9176requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9177requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9178requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9180requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9181requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9182requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9183requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9184requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9185requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9186requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9187requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9188run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9189 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9190 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9191 0 \
9192 -s "Protocol is TLSv1.3" \
9193 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9194 -s "received signature algorithm: 0x804" \
9195 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9196 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9197 -c "Protocol is TLSv1.3" \
9198 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9199 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9200 -c "NamedGroup: secp256r1 ( 17 )" \
9201 -c "Verifying peer X.509 certificate... ok" \
9202 -C "received HelloRetryRequest message"
9203
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9204requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9205requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9207requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9208requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9209requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9210requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9211requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9212requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9213requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9214run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9215 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9216 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9217 0 \
9218 -s "Protocol is TLSv1.3" \
9219 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9220 -s "received signature algorithm: 0x403" \
9221 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9222 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9223 -c "Protocol is TLSv1.3" \
9224 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9225 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9226 -c "NamedGroup: secp384r1 ( 18 )" \
9227 -c "Verifying peer X.509 certificate... ok" \
9228 -C "received HelloRetryRequest message"
9229
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9230requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9231requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9232requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9233requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9234requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9235requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9236requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9237requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9239requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9240run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9241 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9242 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9243 0 \
9244 -s "Protocol is TLSv1.3" \
9245 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9246 -s "received signature algorithm: 0x503" \
9247 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9248 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9249 -c "Protocol is TLSv1.3" \
9250 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9251 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9252 -c "NamedGroup: secp384r1 ( 18 )" \
9253 -c "Verifying peer X.509 certificate... ok" \
9254 -C "received HelloRetryRequest message"
9255
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9256requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9257requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9258requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9259requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9260requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9261requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9262requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9263requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9264requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9265requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9266run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9267 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9268 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9269 0 \
9270 -s "Protocol is TLSv1.3" \
9271 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9272 -s "received signature algorithm: 0x603" \
9273 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9274 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9275 -c "Protocol is TLSv1.3" \
9276 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9277 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9278 -c "NamedGroup: secp384r1 ( 18 )" \
9279 -c "Verifying peer X.509 certificate... ok" \
9280 -C "received HelloRetryRequest message"
9281
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9282requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9283requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9284requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9286requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9287requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9288requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9289requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9291requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9292requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9293requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9294run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9295 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9296 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9297 0 \
9298 -s "Protocol is TLSv1.3" \
9299 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9300 -s "received signature algorithm: 0x804" \
9301 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9302 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9303 -c "Protocol is TLSv1.3" \
9304 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9305 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9306 -c "NamedGroup: secp384r1 ( 18 )" \
9307 -c "Verifying peer X.509 certificate... ok" \
9308 -C "received HelloRetryRequest message"
9309
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9310requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9311requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9312requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9313requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9314requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9315requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9316requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9317requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9318requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9319requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9320run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9321 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9322 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9323 0 \
9324 -s "Protocol is TLSv1.3" \
9325 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9326 -s "received signature algorithm: 0x403" \
9327 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9328 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9329 -c "Protocol is TLSv1.3" \
9330 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9331 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9332 -c "NamedGroup: secp521r1 ( 19 )" \
9333 -c "Verifying peer X.509 certificate... ok" \
9334 -C "received HelloRetryRequest message"
9335
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9336requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9337requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9338requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9340requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9341requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9342requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9343requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9344requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9345requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9346run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9347 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9348 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9349 0 \
9350 -s "Protocol is TLSv1.3" \
9351 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9352 -s "received signature algorithm: 0x503" \
9353 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9354 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9355 -c "Protocol is TLSv1.3" \
9356 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9357 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9358 -c "NamedGroup: secp521r1 ( 19 )" \
9359 -c "Verifying peer X.509 certificate... ok" \
9360 -C "received HelloRetryRequest message"
9361
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9362requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9363requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9364requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9365requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9366requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9367requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9368requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9369requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9370requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9371requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9372run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9373 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9374 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9375 0 \
9376 -s "Protocol is TLSv1.3" \
9377 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9378 -s "received signature algorithm: 0x603" \
9379 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9380 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9381 -c "Protocol is TLSv1.3" \
9382 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9383 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9384 -c "NamedGroup: secp521r1 ( 19 )" \
9385 -c "Verifying peer X.509 certificate... ok" \
9386 -C "received HelloRetryRequest message"
9387
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9388requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9389requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9390requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9391requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9392requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9393requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9394requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9395requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9396requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9397requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9398requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9399requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9400run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9401 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9402 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9403 0 \
9404 -s "Protocol is TLSv1.3" \
9405 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9406 -s "received signature algorithm: 0x804" \
9407 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9408 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9409 -c "Protocol is TLSv1.3" \
9410 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9411 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9412 -c "NamedGroup: secp521r1 ( 19 )" \
9413 -c "Verifying peer X.509 certificate... ok" \
9414 -C "received HelloRetryRequest message"
9415
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9416requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9417requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9418requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9419requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9420requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9421requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9422requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9423requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9424requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9425requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9426run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9427 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9428 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9429 0 \
9430 -s "Protocol is TLSv1.3" \
9431 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9432 -s "received signature algorithm: 0x403" \
9433 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9434 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9435 -c "Protocol is TLSv1.3" \
9436 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9437 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9438 -c "NamedGroup: x25519 ( 1d )" \
9439 -c "Verifying peer X.509 certificate... ok" \
9440 -C "received HelloRetryRequest message"
9441
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9442requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9443requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9444requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9445requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9446requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9447requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9448requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9449requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9450requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9451requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9452run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9453 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9454 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9455 0 \
9456 -s "Protocol is TLSv1.3" \
9457 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9458 -s "received signature algorithm: 0x503" \
9459 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9460 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9461 -c "Protocol is TLSv1.3" \
9462 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9463 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9464 -c "NamedGroup: x25519 ( 1d )" \
9465 -c "Verifying peer X.509 certificate... ok" \
9466 -C "received HelloRetryRequest message"
9467
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9468requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9469requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9470requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9471requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9472requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9473requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9474requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9475requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9476requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9477requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9478run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9479 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9480 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9481 0 \
9482 -s "Protocol is TLSv1.3" \
9483 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9484 -s "received signature algorithm: 0x603" \
9485 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9486 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9487 -c "Protocol is TLSv1.3" \
9488 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9489 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9490 -c "NamedGroup: x25519 ( 1d )" \
9491 -c "Verifying peer X.509 certificate... ok" \
9492 -C "received HelloRetryRequest message"
9493
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9494requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9495requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9496requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9497requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9498requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9499requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9500requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9501requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9502requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9503requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9504requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9505requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9506run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9507 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9508 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9509 0 \
9510 -s "Protocol is TLSv1.3" \
9511 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9512 -s "received signature algorithm: 0x804" \
9513 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9514 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9515 -c "Protocol is TLSv1.3" \
9516 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9517 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9518 -c "NamedGroup: x25519 ( 1d )" \
9519 -c "Verifying peer X.509 certificate... ok" \
9520 -C "received HelloRetryRequest message"
9521
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9522requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9523requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9524requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9525requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9526requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9527requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9528requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9529requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9530requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9531requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9532run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9533 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9534 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9535 0 \
9536 -s "Protocol is TLSv1.3" \
9537 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9538 -s "received signature algorithm: 0x403" \
9539 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9540 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9541 -c "Protocol is TLSv1.3" \
9542 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9543 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9544 -c "NamedGroup: x448 ( 1e )" \
9545 -c "Verifying peer X.509 certificate... ok" \
9546 -C "received HelloRetryRequest message"
9547
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9548requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9549requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9550requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9551requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9552requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9553requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9554requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9555requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9556requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9557requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9558run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9559 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9560 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9561 0 \
9562 -s "Protocol is TLSv1.3" \
9563 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9564 -s "received signature algorithm: 0x503" \
9565 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9566 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9567 -c "Protocol is TLSv1.3" \
9568 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9569 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9570 -c "NamedGroup: x448 ( 1e )" \
9571 -c "Verifying peer X.509 certificate... ok" \
9572 -C "received HelloRetryRequest message"
9573
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9574requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9575requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9576requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9577requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9578requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9579requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9580requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9581requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9582requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9583requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9584run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9585 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9586 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9587 0 \
9588 -s "Protocol is TLSv1.3" \
9589 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9590 -s "received signature algorithm: 0x603" \
9591 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9592 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9593 -c "Protocol is TLSv1.3" \
9594 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9595 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9596 -c "NamedGroup: x448 ( 1e )" \
9597 -c "Verifying peer X.509 certificate... ok" \
9598 -C "received HelloRetryRequest message"
9599
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9600requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9601requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9602requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9603requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9604requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9605requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9606requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9607requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9608requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9609requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9610requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9611requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9612run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9613 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9614 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9615 0 \
9616 -s "Protocol is TLSv1.3" \
9617 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9618 -s "received signature algorithm: 0x804" \
9619 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9620 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9621 -c "Protocol is TLSv1.3" \
9622 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9623 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9624 -c "NamedGroup: x448 ( 1e )" \
9625 -c "Verifying peer X.509 certificate... ok" \
9626 -C "received HelloRetryRequest message"
9627
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9628requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9629requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9630requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9631requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9632requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9633requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9634requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9635requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9636requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9637requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9638requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9639requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9640run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9641 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9642 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9643 0 \
9644 -s "Protocol is TLSv1.3" \
9645 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9646 -s "received signature algorithm: 0x403" \
9647 -s "got named group: ffdhe2048(0100)" \
9648 -s "Certificate verification was skipped" \
9649 -c "Protocol is TLSv1.3" \
9650 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9651 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9652 -c "NamedGroup: ffdhe2048 ( 100 )" \
9653 -c "Verifying peer X.509 certificate... ok" \
9654 -C "received HelloRetryRequest message"
9655
9656requires_config_enabled MBEDTLS_SSL_SRV_C
9657requires_config_enabled MBEDTLS_DEBUG_C
9658requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9659requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9660requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9661requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9662requires_config_enabled MBEDTLS_SSL_CLI_C
9663requires_config_enabled MBEDTLS_DEBUG_C
9664requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9665requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9666requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9667requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9668run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9669 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9670 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9671 0 \
9672 -s "Protocol is TLSv1.3" \
9673 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9674 -s "received signature algorithm: 0x503" \
9675 -s "got named group: ffdhe2048(0100)" \
9676 -s "Certificate verification was skipped" \
9677 -c "Protocol is TLSv1.3" \
9678 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9679 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9680 -c "NamedGroup: ffdhe2048 ( 100 )" \
9681 -c "Verifying peer X.509 certificate... ok" \
9682 -C "received HelloRetryRequest message"
9683
9684requires_config_enabled MBEDTLS_SSL_SRV_C
9685requires_config_enabled MBEDTLS_DEBUG_C
9686requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9687requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9688requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9689requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9690requires_config_enabled MBEDTLS_SSL_CLI_C
9691requires_config_enabled MBEDTLS_DEBUG_C
9692requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9693requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9694requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9695requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9696run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9697 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9698 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9699 0 \
9700 -s "Protocol is TLSv1.3" \
9701 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9702 -s "received signature algorithm: 0x603" \
9703 -s "got named group: ffdhe2048(0100)" \
9704 -s "Certificate verification was skipped" \
9705 -c "Protocol is TLSv1.3" \
9706 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9707 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9708 -c "NamedGroup: ffdhe2048 ( 100 )" \
9709 -c "Verifying peer X.509 certificate... ok" \
9710 -C "received HelloRetryRequest message"
9711
9712requires_config_enabled MBEDTLS_SSL_SRV_C
9713requires_config_enabled MBEDTLS_DEBUG_C
9714requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9715requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9716requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9717requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9718requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9719requires_config_enabled MBEDTLS_SSL_CLI_C
9720requires_config_enabled MBEDTLS_DEBUG_C
9721requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9722requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9723requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9724requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]9725requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9726run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9727 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9728 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9729 0 \
9730 -s "Protocol is TLSv1.3" \
9731 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
9732 -s "received signature algorithm: 0x804" \
9733 -s "got named group: ffdhe2048(0100)" \
9734 -s "Certificate verification was skipped" \
9735 -c "Protocol is TLSv1.3" \
9736 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
9737 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9738 -c "NamedGroup: ffdhe2048 ( 100 )" \
9739 -c "Verifying peer X.509 certificate... ok" \
9740 -C "received HelloRetryRequest message"
9741
9742requires_config_enabled MBEDTLS_SSL_SRV_C
9743requires_config_enabled MBEDTLS_DEBUG_C
9744requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9745requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9746requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]9747requires_config_enabled MBEDTLS_SSL_CLI_C
9748requires_config_enabled MBEDTLS_DEBUG_C
9749requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
9750requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9751requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9752run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9753 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9754 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9755 0 \
9756 -s "Protocol is TLSv1.3" \
9757 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9758 -s "received signature algorithm: 0x403" \
9759 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9760 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9761 -c "Protocol is TLSv1.3" \
9762 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9763 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9764 -c "NamedGroup: secp256r1 ( 17 )" \
9765 -c "Verifying peer X.509 certificate... ok" \
9766 -C "received HelloRetryRequest message"
9767
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9768requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9769requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9770requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9771requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9772requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9773requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9774requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9775requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9776requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9777requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9778run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9779 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9780 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9781 0 \
9782 -s "Protocol is TLSv1.3" \
9783 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9784 -s "received signature algorithm: 0x503" \
9785 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9786 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9787 -c "Protocol is TLSv1.3" \
9788 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9789 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9790 -c "NamedGroup: secp256r1 ( 17 )" \
9791 -c "Verifying peer X.509 certificate... ok" \
9792 -C "received HelloRetryRequest message"
9793
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9794requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9795requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9796requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9797requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9798requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9799requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9800requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9801requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9802requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9803requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9804run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9805 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9806 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9807 0 \
9808 -s "Protocol is TLSv1.3" \
9809 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9810 -s "received signature algorithm: 0x603" \
9811 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9812 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9813 -c "Protocol is TLSv1.3" \
9814 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9815 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9816 -c "NamedGroup: secp256r1 ( 17 )" \
9817 -c "Verifying peer X.509 certificate... ok" \
9818 -C "received HelloRetryRequest message"
9819
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9820requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9821requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9822requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9823requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9824requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9825requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9826requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9827requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9828requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9829requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9830requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9831requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9832run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9833 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9834 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9835 0 \
9836 -s "Protocol is TLSv1.3" \
9837 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9838 -s "received signature algorithm: 0x804" \
9839 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9840 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9841 -c "Protocol is TLSv1.3" \
9842 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9843 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9844 -c "NamedGroup: secp256r1 ( 17 )" \
9845 -c "Verifying peer X.509 certificate... ok" \
9846 -C "received HelloRetryRequest message"
9847
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9848requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9849requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9850requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9851requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9852requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9853requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9854requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9855requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9856requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9857requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9858run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9859 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9860 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9861 0 \
9862 -s "Protocol is TLSv1.3" \
9863 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9864 -s "received signature algorithm: 0x403" \
9865 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9866 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9867 -c "Protocol is TLSv1.3" \
9868 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9869 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9870 -c "NamedGroup: secp384r1 ( 18 )" \
9871 -c "Verifying peer X.509 certificate... ok" \
9872 -C "received HelloRetryRequest message"
9873
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9874requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9875requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9876requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9877requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9878requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9879requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9880requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9881requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9882requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9883requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9884run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9885 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9886 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9887 0 \
9888 -s "Protocol is TLSv1.3" \
9889 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9890 -s "received signature algorithm: 0x503" \
9891 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9892 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9893 -c "Protocol is TLSv1.3" \
9894 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9895 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9896 -c "NamedGroup: secp384r1 ( 18 )" \
9897 -c "Verifying peer X.509 certificate... ok" \
9898 -C "received HelloRetryRequest message"
9899
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9900requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9901requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9902requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9903requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9904requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9905requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9906requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9907requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9908requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9909requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9910run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9911 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9912 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9913 0 \
9914 -s "Protocol is TLSv1.3" \
9915 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9916 -s "received signature algorithm: 0x603" \
9917 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9918 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9919 -c "Protocol is TLSv1.3" \
9920 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9921 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9922 -c "NamedGroup: secp384r1 ( 18 )" \
9923 -c "Verifying peer X.509 certificate... ok" \
9924 -C "received HelloRetryRequest message"
9925
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9926requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9927requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9928requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9929requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9930requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9931requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9932requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9933requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9934requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9935requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9936requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9937requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9938run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9939 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9940 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9941 0 \
9942 -s "Protocol is TLSv1.3" \
9943 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9944 -s "received signature algorithm: 0x804" \
9945 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9946 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9947 -c "Protocol is TLSv1.3" \
9948 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9949 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9950 -c "NamedGroup: secp384r1 ( 18 )" \
9951 -c "Verifying peer X.509 certificate... ok" \
9952 -C "received HelloRetryRequest message"
9953
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9954requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9955requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9956requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9957requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9958requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9959requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9960requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9961requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9962requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9963requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9964run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9965 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9966 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9967 0 \
9968 -s "Protocol is TLSv1.3" \
9969 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9970 -s "received signature algorithm: 0x403" \
9971 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9972 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9973 -c "Protocol is TLSv1.3" \
9974 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
9975 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9976 -c "NamedGroup: secp521r1 ( 19 )" \
9977 -c "Verifying peer X.509 certificate... ok" \
9978 -C "received HelloRetryRequest message"
9979
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9980requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9981requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9982requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9983requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9984requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9985requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9986requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]9987requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9988requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]9989requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9990run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]9991 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9992 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9993 0 \
9994 -s "Protocol is TLSv1.3" \
9995 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
9996 -s "received signature algorithm: 0x503" \
9997 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]9998 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9999 -c "Protocol is TLSv1.3" \
10000 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10001 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10002 -c "NamedGroup: secp521r1 ( 19 )" \
10003 -c "Verifying peer X.509 certificate... ok" \
10004 -C "received HelloRetryRequest message"
10005
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10006requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10007requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10008requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10009requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10010requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10011requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10012requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10013requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10014requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10015requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10016run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10017 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10018 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10019 0 \
10020 -s "Protocol is TLSv1.3" \
10021 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10022 -s "received signature algorithm: 0x603" \
10023 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10024 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10025 -c "Protocol is TLSv1.3" \
10026 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10027 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10028 -c "NamedGroup: secp521r1 ( 19 )" \
10029 -c "Verifying peer X.509 certificate... ok" \
10030 -C "received HelloRetryRequest message"
10031
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10032requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10033requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10034requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10035requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10036requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10037requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10038requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10039requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10040requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10041requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10042requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10043requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10044run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10045 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10046 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10047 0 \
10048 -s "Protocol is TLSv1.3" \
10049 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10050 -s "received signature algorithm: 0x804" \
10051 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10052 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10053 -c "Protocol is TLSv1.3" \
10054 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10055 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10056 -c "NamedGroup: secp521r1 ( 19 )" \
10057 -c "Verifying peer X.509 certificate... ok" \
10058 -C "received HelloRetryRequest message"
10059
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10060requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10061requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10062requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10063requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10064requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10065requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10066requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10067requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10068requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10069requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10070run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10071 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10072 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10073 0 \
10074 -s "Protocol is TLSv1.3" \
10075 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10076 -s "received signature algorithm: 0x403" \
10077 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10078 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10079 -c "Protocol is TLSv1.3" \
10080 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10081 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10082 -c "NamedGroup: x25519 ( 1d )" \
10083 -c "Verifying peer X.509 certificate... ok" \
10084 -C "received HelloRetryRequest message"
10085
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10086requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10087requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10088requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10089requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10090requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10091requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10092requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10093requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10094requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10095requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10096run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10097 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10098 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10099 0 \
10100 -s "Protocol is TLSv1.3" \
10101 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10102 -s "received signature algorithm: 0x503" \
10103 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10104 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10105 -c "Protocol is TLSv1.3" \
10106 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10107 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10108 -c "NamedGroup: x25519 ( 1d )" \
10109 -c "Verifying peer X.509 certificate... ok" \
10110 -C "received HelloRetryRequest message"
10111
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10112requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10113requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10114requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10115requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10116requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10117requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10118requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10119requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10120requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10121requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10122run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10123 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10124 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10125 0 \
10126 -s "Protocol is TLSv1.3" \
10127 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10128 -s "received signature algorithm: 0x603" \
10129 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10130 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10131 -c "Protocol is TLSv1.3" \
10132 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10133 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10134 -c "NamedGroup: x25519 ( 1d )" \
10135 -c "Verifying peer X.509 certificate... ok" \
10136 -C "received HelloRetryRequest message"
10137
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10138requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10139requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10140requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10142requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10143requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10144requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10145requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10146requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10147requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10148requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10149requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10150run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10151 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10152 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10153 0 \
10154 -s "Protocol is TLSv1.3" \
10155 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10156 -s "received signature algorithm: 0x804" \
10157 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10158 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10159 -c "Protocol is TLSv1.3" \
10160 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10161 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10162 -c "NamedGroup: x25519 ( 1d )" \
10163 -c "Verifying peer X.509 certificate... ok" \
10164 -C "received HelloRetryRequest message"
10165
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10166requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10167requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10168requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10169requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10170requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10171requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10172requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10173requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10174requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10175requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10176run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10177 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10178 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10179 0 \
10180 -s "Protocol is TLSv1.3" \
10181 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10182 -s "received signature algorithm: 0x403" \
10183 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10184 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10185 -c "Protocol is TLSv1.3" \
10186 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10187 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10188 -c "NamedGroup: x448 ( 1e )" \
10189 -c "Verifying peer X.509 certificate... ok" \
10190 -C "received HelloRetryRequest message"
10191
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10192requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10193requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10194requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10195requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10196requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10197requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10198requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10199requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10200requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10201requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10202run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10203 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10204 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10205 0 \
10206 -s "Protocol is TLSv1.3" \
10207 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10208 -s "received signature algorithm: 0x503" \
10209 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10210 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10211 -c "Protocol is TLSv1.3" \
10212 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10213 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10214 -c "NamedGroup: x448 ( 1e )" \
10215 -c "Verifying peer X.509 certificate... ok" \
10216 -C "received HelloRetryRequest message"
10217
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10218requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10219requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10220requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10222requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10223requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10224requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10225requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10226requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10227requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10228run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10229 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10230 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10231 0 \
10232 -s "Protocol is TLSv1.3" \
10233 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10234 -s "received signature algorithm: 0x603" \
10235 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10236 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10237 -c "Protocol is TLSv1.3" \
10238 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10239 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10240 -c "NamedGroup: x448 ( 1e )" \
10241 -c "Verifying peer X.509 certificate... ok" \
10242 -C "received HelloRetryRequest message"
10243
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10244requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10245requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10246requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10247requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10248requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10249requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10250requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10251requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10252requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10253requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10254requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10255requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10256run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10257 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10258 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10259 0 \
10260 -s "Protocol is TLSv1.3" \
10261 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10262 -s "received signature algorithm: 0x804" \
10263 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10264 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10265 -c "Protocol is TLSv1.3" \
10266 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10267 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10268 -c "NamedGroup: x448 ( 1e )" \
10269 -c "Verifying peer X.509 certificate... ok" \
10270 -C "received HelloRetryRequest message"
10271
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10272requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10273requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10274requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10275requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10276requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10277requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10278requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10279requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10280requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10281requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10282requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10283requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10284run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10285 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10286 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10287 0 \
10288 -s "Protocol is TLSv1.3" \
10289 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10290 -s "received signature algorithm: 0x403" \
10291 -s "got named group: ffdhe2048(0100)" \
10292 -s "Certificate verification was skipped" \
10293 -c "Protocol is TLSv1.3" \
10294 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10295 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10296 -c "NamedGroup: ffdhe2048 ( 100 )" \
10297 -c "Verifying peer X.509 certificate... ok" \
10298 -C "received HelloRetryRequest message"
10299
10300requires_config_enabled MBEDTLS_SSL_SRV_C
10301requires_config_enabled MBEDTLS_DEBUG_C
10302requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10303requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10304requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10305requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10306requires_config_enabled MBEDTLS_SSL_CLI_C
10307requires_config_enabled MBEDTLS_DEBUG_C
10308requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10309requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10310requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10311requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10312run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10313 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10314 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10315 0 \
10316 -s "Protocol is TLSv1.3" \
10317 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10318 -s "received signature algorithm: 0x503" \
10319 -s "got named group: ffdhe2048(0100)" \
10320 -s "Certificate verification was skipped" \
10321 -c "Protocol is TLSv1.3" \
10322 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10323 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10324 -c "NamedGroup: ffdhe2048 ( 100 )" \
10325 -c "Verifying peer X.509 certificate... ok" \
10326 -C "received HelloRetryRequest message"
10327
10328requires_config_enabled MBEDTLS_SSL_SRV_C
10329requires_config_enabled MBEDTLS_DEBUG_C
10330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10331requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10332requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10333requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10334requires_config_enabled MBEDTLS_SSL_CLI_C
10335requires_config_enabled MBEDTLS_DEBUG_C
10336requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10337requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10338requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10339requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10340run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10341 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10342 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10343 0 \
10344 -s "Protocol is TLSv1.3" \
10345 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10346 -s "received signature algorithm: 0x603" \
10347 -s "got named group: ffdhe2048(0100)" \
10348 -s "Certificate verification was skipped" \
10349 -c "Protocol is TLSv1.3" \
10350 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10351 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10352 -c "NamedGroup: ffdhe2048 ( 100 )" \
10353 -c "Verifying peer X.509 certificate... ok" \
10354 -C "received HelloRetryRequest message"
10355
10356requires_config_enabled MBEDTLS_SSL_SRV_C
10357requires_config_enabled MBEDTLS_DEBUG_C
10358requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10360requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10361requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10362requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10363requires_config_enabled MBEDTLS_SSL_CLI_C
10364requires_config_enabled MBEDTLS_DEBUG_C
10365requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10366requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10367requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10368requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10369requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10370run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10371 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10372 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10373 0 \
10374 -s "Protocol is TLSv1.3" \
10375 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
10376 -s "received signature algorithm: 0x804" \
10377 -s "got named group: ffdhe2048(0100)" \
10378 -s "Certificate verification was skipped" \
10379 -c "Protocol is TLSv1.3" \
10380 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
10381 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10382 -c "NamedGroup: ffdhe2048 ( 100 )" \
10383 -c "Verifying peer X.509 certificate... ok" \
10384 -C "received HelloRetryRequest message"
10385
10386requires_config_enabled MBEDTLS_SSL_SRV_C
10387requires_config_enabled MBEDTLS_DEBUG_C
10388requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10389requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10390requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10391requires_config_enabled MBEDTLS_SSL_CLI_C
10392requires_config_enabled MBEDTLS_DEBUG_C
10393requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10395requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10396run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10397 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10398 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10399 0 \
10400 -s "Protocol is TLSv1.3" \
10401 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10402 -s "received signature algorithm: 0x403" \
10403 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10404 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10405 -c "Protocol is TLSv1.3" \
10406 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10407 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10408 -c "NamedGroup: secp256r1 ( 17 )" \
10409 -c "Verifying peer X.509 certificate... ok" \
10410 -C "received HelloRetryRequest message"
10411
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10412requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10413requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10414requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10415requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10416requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10417requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10418requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10419requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10420requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10421requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10422run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10423 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10424 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10425 0 \
10426 -s "Protocol is TLSv1.3" \
10427 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10428 -s "received signature algorithm: 0x503" \
10429 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10430 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10431 -c "Protocol is TLSv1.3" \
10432 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10433 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10434 -c "NamedGroup: secp256r1 ( 17 )" \
10435 -c "Verifying peer X.509 certificate... ok" \
10436 -C "received HelloRetryRequest message"
10437
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10438requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10439requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10440requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10441requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10442requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10443requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10444requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10445requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10446requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10447requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10448run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10449 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10450 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10451 0 \
10452 -s "Protocol is TLSv1.3" \
10453 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10454 -s "received signature algorithm: 0x603" \
10455 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10456 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10457 -c "Protocol is TLSv1.3" \
10458 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10459 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10460 -c "NamedGroup: secp256r1 ( 17 )" \
10461 -c "Verifying peer X.509 certificate... ok" \
10462 -C "received HelloRetryRequest message"
10463
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10464requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10465requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10466requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10467requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10468requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10469requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10470requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10471requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10472requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10473requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10474requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10475requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10476run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10477 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10478 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10479 0 \
10480 -s "Protocol is TLSv1.3" \
10481 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10482 -s "received signature algorithm: 0x804" \
10483 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10484 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10485 -c "Protocol is TLSv1.3" \
10486 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10487 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10488 -c "NamedGroup: secp256r1 ( 17 )" \
10489 -c "Verifying peer X.509 certificate... ok" \
10490 -C "received HelloRetryRequest message"
10491
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10492requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10493requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10494requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10495requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10496requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10497requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10498requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10499requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10500requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10501requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10502run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10503 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10504 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10505 0 \
10506 -s "Protocol is TLSv1.3" \
10507 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10508 -s "received signature algorithm: 0x403" \
10509 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10510 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10511 -c "Protocol is TLSv1.3" \
10512 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10513 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10514 -c "NamedGroup: secp384r1 ( 18 )" \
10515 -c "Verifying peer X.509 certificate... ok" \
10516 -C "received HelloRetryRequest message"
10517
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10518requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10519requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10520requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10521requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10522requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10523requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10524requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10525requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10526requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10527requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10528run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10529 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10530 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10531 0 \
10532 -s "Protocol is TLSv1.3" \
10533 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10534 -s "received signature algorithm: 0x503" \
10535 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10536 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10537 -c "Protocol is TLSv1.3" \
10538 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10539 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10540 -c "NamedGroup: secp384r1 ( 18 )" \
10541 -c "Verifying peer X.509 certificate... ok" \
10542 -C "received HelloRetryRequest message"
10543
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10544requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10545requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10546requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10547requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10548requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10549requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10550requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10551requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10552requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10553requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10554run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10555 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10556 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10557 0 \
10558 -s "Protocol is TLSv1.3" \
10559 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10560 -s "received signature algorithm: 0x603" \
10561 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10562 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10563 -c "Protocol is TLSv1.3" \
10564 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10565 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10566 -c "NamedGroup: secp384r1 ( 18 )" \
10567 -c "Verifying peer X.509 certificate... ok" \
10568 -C "received HelloRetryRequest message"
10569
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10570requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10571requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10572requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10573requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10574requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10575requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10576requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10577requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10578requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10579requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10580requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10581requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10582run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10583 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10584 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10585 0 \
10586 -s "Protocol is TLSv1.3" \
10587 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10588 -s "received signature algorithm: 0x804" \
10589 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10590 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10591 -c "Protocol is TLSv1.3" \
10592 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10593 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10594 -c "NamedGroup: secp384r1 ( 18 )" \
10595 -c "Verifying peer X.509 certificate... ok" \
10596 -C "received HelloRetryRequest message"
10597
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10598requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10599requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10600requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10601requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10602requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10603requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10604requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10605requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10606requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10607requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10608run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10609 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10610 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10611 0 \
10612 -s "Protocol is TLSv1.3" \
10613 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10614 -s "received signature algorithm: 0x403" \
10615 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10616 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10617 -c "Protocol is TLSv1.3" \
10618 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10619 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10620 -c "NamedGroup: secp521r1 ( 19 )" \
10621 -c "Verifying peer X.509 certificate... ok" \
10622 -C "received HelloRetryRequest message"
10623
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10624requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10625requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10626requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10627requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10628requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10629requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10630requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10631requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10632requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10633requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10634run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10635 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10636 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10637 0 \
10638 -s "Protocol is TLSv1.3" \
10639 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10640 -s "received signature algorithm: 0x503" \
10641 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10642 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10643 -c "Protocol is TLSv1.3" \
10644 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10645 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10646 -c "NamedGroup: secp521r1 ( 19 )" \
10647 -c "Verifying peer X.509 certificate... ok" \
10648 -C "received HelloRetryRequest message"
10649
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10650requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10651requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10652requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10653requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10654requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10655requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10656requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10657requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10658requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10659requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10660run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10661 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10662 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10663 0 \
10664 -s "Protocol is TLSv1.3" \
10665 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10666 -s "received signature algorithm: 0x603" \
10667 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10668 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10669 -c "Protocol is TLSv1.3" \
10670 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10671 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10672 -c "NamedGroup: secp521r1 ( 19 )" \
10673 -c "Verifying peer X.509 certificate... ok" \
10674 -C "received HelloRetryRequest message"
10675
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10676requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10677requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10679requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10680requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10681requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10682requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10683requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10685requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10686requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10687requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10688run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10689 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10690 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10691 0 \
10692 -s "Protocol is TLSv1.3" \
10693 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10694 -s "received signature algorithm: 0x804" \
10695 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10696 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10697 -c "Protocol is TLSv1.3" \
10698 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10699 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10700 -c "NamedGroup: secp521r1 ( 19 )" \
10701 -c "Verifying peer X.509 certificate... ok" \
10702 -C "received HelloRetryRequest message"
10703
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10704requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10705requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10706requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10707requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10708requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10709requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10710requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10711requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10712requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10713requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10714run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10715 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10716 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10717 0 \
10718 -s "Protocol is TLSv1.3" \
10719 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10720 -s "received signature algorithm: 0x403" \
10721 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10722 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10723 -c "Protocol is TLSv1.3" \
10724 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10725 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10726 -c "NamedGroup: x25519 ( 1d )" \
10727 -c "Verifying peer X.509 certificate... ok" \
10728 -C "received HelloRetryRequest message"
10729
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10730requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10731requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10732requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10733requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10734requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10735requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10736requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10737requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10738requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10739requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10740run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10741 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10742 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10743 0 \
10744 -s "Protocol is TLSv1.3" \
10745 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10746 -s "received signature algorithm: 0x503" \
10747 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10748 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10749 -c "Protocol is TLSv1.3" \
10750 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10751 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10752 -c "NamedGroup: x25519 ( 1d )" \
10753 -c "Verifying peer X.509 certificate... ok" \
10754 -C "received HelloRetryRequest message"
10755
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10756requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10757requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10758requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10759requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10760requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10761requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10762requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10763requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10764requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10765requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10766run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10767 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10768 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10769 0 \
10770 -s "Protocol is TLSv1.3" \
10771 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10772 -s "received signature algorithm: 0x603" \
10773 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10774 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10775 -c "Protocol is TLSv1.3" \
10776 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10777 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10778 -c "NamedGroup: x25519 ( 1d )" \
10779 -c "Verifying peer X.509 certificate... ok" \
10780 -C "received HelloRetryRequest message"
10781
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10782requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10783requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10784requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10785requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10786requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10787requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10788requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10789requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10790requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10791requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10792requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10793requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10794run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10795 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10796 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10797 0 \
10798 -s "Protocol is TLSv1.3" \
10799 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10800 -s "received signature algorithm: 0x804" \
10801 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10802 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10803 -c "Protocol is TLSv1.3" \
10804 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10805 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10806 -c "NamedGroup: x25519 ( 1d )" \
10807 -c "Verifying peer X.509 certificate... ok" \
10808 -C "received HelloRetryRequest message"
10809
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10810requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10811requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10812requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10813requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10814requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10815requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10816requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10817requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10818requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10819requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10820run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10821 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10822 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10823 0 \
10824 -s "Protocol is TLSv1.3" \
10825 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10826 -s "received signature algorithm: 0x403" \
10827 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10828 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10829 -c "Protocol is TLSv1.3" \
10830 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10831 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10832 -c "NamedGroup: x448 ( 1e )" \
10833 -c "Verifying peer X.509 certificate... ok" \
10834 -C "received HelloRetryRequest message"
10835
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10836requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10837requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10838requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10839requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10840requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10841requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10842requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10843requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10844requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10845requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10846run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10847 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10848 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10849 0 \
10850 -s "Protocol is TLSv1.3" \
10851 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10852 -s "received signature algorithm: 0x503" \
10853 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10854 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10855 -c "Protocol is TLSv1.3" \
10856 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10857 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10858 -c "NamedGroup: x448 ( 1e )" \
10859 -c "Verifying peer X.509 certificate... ok" \
10860 -C "received HelloRetryRequest message"
10861
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10862requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10863requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10864requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10865requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10866requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10867requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10868requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10869requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10870requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10871requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10872run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10873 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10874 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10875 0 \
10876 -s "Protocol is TLSv1.3" \
10877 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10878 -s "received signature algorithm: 0x603" \
10879 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10880 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10881 -c "Protocol is TLSv1.3" \
10882 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10883 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10884 -c "NamedGroup: x448 ( 1e )" \
10885 -c "Verifying peer X.509 certificate... ok" \
10886 -C "received HelloRetryRequest message"
10887
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10888requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10889requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10890requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10891requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10892requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10893requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10894requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10895requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10896requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10897requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10898requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10899requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10900run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10901 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10902 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10903 0 \
10904 -s "Protocol is TLSv1.3" \
10905 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10906 -s "received signature algorithm: 0x804" \
10907 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]10908 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10909 -c "Protocol is TLSv1.3" \
10910 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10911 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10912 -c "NamedGroup: x448 ( 1e )" \
10913 -c "Verifying peer X.509 certificate... ok" \
10914 -C "received HelloRetryRequest message"
10915
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10916requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10917requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10918requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10919requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10920requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10921requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10922requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10923requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]10924requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10925requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10926requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10927requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10928run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10929 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10930 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10931 0 \
10932 -s "Protocol is TLSv1.3" \
10933 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10934 -s "received signature algorithm: 0x403" \
10935 -s "got named group: ffdhe2048(0100)" \
10936 -s "Certificate verification was skipped" \
10937 -c "Protocol is TLSv1.3" \
10938 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10939 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10940 -c "NamedGroup: ffdhe2048 ( 100 )" \
10941 -c "Verifying peer X.509 certificate... ok" \
10942 -C "received HelloRetryRequest message"
10943
10944requires_config_enabled MBEDTLS_SSL_SRV_C
10945requires_config_enabled MBEDTLS_DEBUG_C
10946requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10947requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10948requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10949requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10950requires_config_enabled MBEDTLS_SSL_CLI_C
10951requires_config_enabled MBEDTLS_DEBUG_C
10952requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10953requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10954requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10955requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10956run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10957 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10958 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10959 0 \
10960 -s "Protocol is TLSv1.3" \
10961 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10962 -s "received signature algorithm: 0x503" \
10963 -s "got named group: ffdhe2048(0100)" \
10964 -s "Certificate verification was skipped" \
10965 -c "Protocol is TLSv1.3" \
10966 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10967 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10968 -c "NamedGroup: ffdhe2048 ( 100 )" \
10969 -c "Verifying peer X.509 certificate... ok" \
10970 -C "received HelloRetryRequest message"
10971
10972requires_config_enabled MBEDTLS_SSL_SRV_C
10973requires_config_enabled MBEDTLS_DEBUG_C
10974requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10975requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10976requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10977requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10978requires_config_enabled MBEDTLS_SSL_CLI_C
10979requires_config_enabled MBEDTLS_DEBUG_C
10980requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
10981requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]10982requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]10983requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10984run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]10985 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10986 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]10987 0 \
10988 -s "Protocol is TLSv1.3" \
10989 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
10990 -s "received signature algorithm: 0x603" \
10991 -s "got named group: ffdhe2048(0100)" \
10992 -s "Certificate verification was skipped" \
10993 -c "Protocol is TLSv1.3" \
10994 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
10995 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10996 -c "NamedGroup: ffdhe2048 ( 100 )" \
10997 -c "Verifying peer X.509 certificate... ok" \
10998 -C "received HelloRetryRequest message"
10999
11000requires_config_enabled MBEDTLS_SSL_SRV_C
11001requires_config_enabled MBEDTLS_DEBUG_C
11002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11003requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11004requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11005requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11006requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11007requires_config_enabled MBEDTLS_SSL_CLI_C
11008requires_config_enabled MBEDTLS_DEBUG_C
11009requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11010requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11011requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11012requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11013requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11014run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11015 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11016 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11017 0 \
11018 -s "Protocol is TLSv1.3" \
11019 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
11020 -s "received signature algorithm: 0x804" \
11021 -s "got named group: ffdhe2048(0100)" \
11022 -s "Certificate verification was skipped" \
11023 -c "Protocol is TLSv1.3" \
11024 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
11025 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11026 -c "NamedGroup: ffdhe2048 ( 100 )" \
11027 -c "Verifying peer X.509 certificate... ok" \
11028 -C "received HelloRetryRequest message"
11029
11030requires_config_enabled MBEDTLS_SSL_SRV_C
11031requires_config_enabled MBEDTLS_DEBUG_C
11032requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11033requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11034requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11035requires_config_enabled MBEDTLS_SSL_CLI_C
11036requires_config_enabled MBEDTLS_DEBUG_C
11037requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11038requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11039requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11040run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11041 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11042 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11043 0 \
11044 -s "Protocol is TLSv1.3" \
11045 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11046 -s "received signature algorithm: 0x403" \
11047 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11048 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11049 -c "Protocol is TLSv1.3" \
11050 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11051 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11052 -c "NamedGroup: secp256r1 ( 17 )" \
11053 -c "Verifying peer X.509 certificate... ok" \
11054 -C "received HelloRetryRequest message"
11055
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11056requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11057requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11058requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11059requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11060requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11061requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11062requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11063requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11064requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11065requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11066run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11067 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11068 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11069 0 \
11070 -s "Protocol is TLSv1.3" \
11071 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11072 -s "received signature algorithm: 0x503" \
11073 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11074 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11075 -c "Protocol is TLSv1.3" \
11076 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11077 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11078 -c "NamedGroup: secp256r1 ( 17 )" \
11079 -c "Verifying peer X.509 certificate... ok" \
11080 -C "received HelloRetryRequest message"
11081
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11082requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11083requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11084requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11085requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11086requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11087requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11088requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11089requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11090requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11091requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11092run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11093 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11094 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11095 0 \
11096 -s "Protocol is TLSv1.3" \
11097 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11098 -s "received signature algorithm: 0x603" \
11099 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11100 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11101 -c "Protocol is TLSv1.3" \
11102 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11103 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11104 -c "NamedGroup: secp256r1 ( 17 )" \
11105 -c "Verifying peer X.509 certificate... ok" \
11106 -C "received HelloRetryRequest message"
11107
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11108requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11109requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11110requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11111requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11112requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11113requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11114requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11115requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11116requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11117requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11118requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11119requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11120run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11121 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11122 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11123 0 \
11124 -s "Protocol is TLSv1.3" \
11125 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11126 -s "received signature algorithm: 0x804" \
11127 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11128 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11129 -c "Protocol is TLSv1.3" \
11130 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11131 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11132 -c "NamedGroup: secp256r1 ( 17 )" \
11133 -c "Verifying peer X.509 certificate... ok" \
11134 -C "received HelloRetryRequest message"
11135
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11136requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11137requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11138requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11139requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11140requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11141requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11142requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11143requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11144requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11145requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11146run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11147 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11148 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11149 0 \
11150 -s "Protocol is TLSv1.3" \
11151 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11152 -s "received signature algorithm: 0x403" \
11153 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11154 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11155 -c "Protocol is TLSv1.3" \
11156 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11157 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11158 -c "NamedGroup: secp384r1 ( 18 )" \
11159 -c "Verifying peer X.509 certificate... ok" \
11160 -C "received HelloRetryRequest message"
11161
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11162requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11163requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11165requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11166requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11167requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11168requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11169requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11170requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11171requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11172run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11173 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11174 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11175 0 \
11176 -s "Protocol is TLSv1.3" \
11177 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11178 -s "received signature algorithm: 0x503" \
11179 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11180 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11181 -c "Protocol is TLSv1.3" \
11182 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11183 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11184 -c "NamedGroup: secp384r1 ( 18 )" \
11185 -c "Verifying peer X.509 certificate... ok" \
11186 -C "received HelloRetryRequest message"
11187
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11188requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11189requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11190requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11191requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11192requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11193requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11194requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11195requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11196requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11197requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11198run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11199 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11200 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11201 0 \
11202 -s "Protocol is TLSv1.3" \
11203 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11204 -s "received signature algorithm: 0x603" \
11205 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11206 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11207 -c "Protocol is TLSv1.3" \
11208 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11209 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11210 -c "NamedGroup: secp384r1 ( 18 )" \
11211 -c "Verifying peer X.509 certificate... ok" \
11212 -C "received HelloRetryRequest message"
11213
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11214requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11215requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11216requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11217requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11218requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11219requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11220requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11221requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11222requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11223requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11224requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11225requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11226run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11227 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11228 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11229 0 \
11230 -s "Protocol is TLSv1.3" \
11231 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11232 -s "received signature algorithm: 0x804" \
11233 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11234 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11235 -c "Protocol is TLSv1.3" \
11236 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11237 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11238 -c "NamedGroup: secp384r1 ( 18 )" \
11239 -c "Verifying peer X.509 certificate... ok" \
11240 -C "received HelloRetryRequest message"
11241
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11242requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11243requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11244requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11245requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11246requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11247requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11248requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11249requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11250requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11251requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11252run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11253 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11254 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11255 0 \
11256 -s "Protocol is TLSv1.3" \
11257 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11258 -s "received signature algorithm: 0x403" \
11259 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11260 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11261 -c "Protocol is TLSv1.3" \
11262 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11263 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11264 -c "NamedGroup: secp521r1 ( 19 )" \
11265 -c "Verifying peer X.509 certificate... ok" \
11266 -C "received HelloRetryRequest message"
11267
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11268requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11269requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11270requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11271requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11272requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11273requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11274requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11275requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11276requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11277requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11278run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11279 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11280 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11281 0 \
11282 -s "Protocol is TLSv1.3" \
11283 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11284 -s "received signature algorithm: 0x503" \
11285 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11286 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11287 -c "Protocol is TLSv1.3" \
11288 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11289 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11290 -c "NamedGroup: secp521r1 ( 19 )" \
11291 -c "Verifying peer X.509 certificate... ok" \
11292 -C "received HelloRetryRequest message"
11293
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11294requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11295requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11296requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11297requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11298requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11299requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11300requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11301requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11302requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11303requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11304run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11305 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11306 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11307 0 \
11308 -s "Protocol is TLSv1.3" \
11309 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11310 -s "received signature algorithm: 0x603" \
11311 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11312 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11313 -c "Protocol is TLSv1.3" \
11314 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11315 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11316 -c "NamedGroup: secp521r1 ( 19 )" \
11317 -c "Verifying peer X.509 certificate... ok" \
11318 -C "received HelloRetryRequest message"
11319
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11320requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11321requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11322requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11323requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11324requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11325requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11326requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11327requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11328requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11329requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11330requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11331requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11332run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11333 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11334 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11335 0 \
11336 -s "Protocol is TLSv1.3" \
11337 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11338 -s "received signature algorithm: 0x804" \
11339 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11340 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11341 -c "Protocol is TLSv1.3" \
11342 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11343 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11344 -c "NamedGroup: secp521r1 ( 19 )" \
11345 -c "Verifying peer X.509 certificate... ok" \
11346 -C "received HelloRetryRequest message"
11347
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11348requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11349requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11350requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11351requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11352requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11353requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11354requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11355requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11356requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11357requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11358run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11359 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11360 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11361 0 \
11362 -s "Protocol is TLSv1.3" \
11363 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11364 -s "received signature algorithm: 0x403" \
11365 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11366 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11367 -c "Protocol is TLSv1.3" \
11368 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11369 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11370 -c "NamedGroup: x25519 ( 1d )" \
11371 -c "Verifying peer X.509 certificate... ok" \
11372 -C "received HelloRetryRequest message"
11373
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11374requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11375requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11376requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11377requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11378requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11379requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11380requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11381requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11382requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11383requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11384run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11385 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11386 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11387 0 \
11388 -s "Protocol is TLSv1.3" \
11389 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11390 -s "received signature algorithm: 0x503" \
11391 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11392 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11393 -c "Protocol is TLSv1.3" \
11394 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11395 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11396 -c "NamedGroup: x25519 ( 1d )" \
11397 -c "Verifying peer X.509 certificate... ok" \
11398 -C "received HelloRetryRequest message"
11399
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11400requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11401requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11402requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11403requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11404requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11405requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11406requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11407requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11408requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11409requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11410run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11411 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11412 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11413 0 \
11414 -s "Protocol is TLSv1.3" \
11415 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11416 -s "received signature algorithm: 0x603" \
11417 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11418 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11419 -c "Protocol is TLSv1.3" \
11420 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11421 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11422 -c "NamedGroup: x25519 ( 1d )" \
11423 -c "Verifying peer X.509 certificate... ok" \
11424 -C "received HelloRetryRequest message"
11425
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11426requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11427requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11428requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11429requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11430requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11431requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11432requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11433requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11434requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11435requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11436requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11437requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11438run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11439 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11440 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11441 0 \
11442 -s "Protocol is TLSv1.3" \
11443 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11444 -s "received signature algorithm: 0x804" \
11445 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11446 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11447 -c "Protocol is TLSv1.3" \
11448 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11449 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11450 -c "NamedGroup: x25519 ( 1d )" \
11451 -c "Verifying peer X.509 certificate... ok" \
11452 -C "received HelloRetryRequest message"
11453
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11454requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11455requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11456requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11457requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11458requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11459requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11460requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11461requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11462requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11463requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11464run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11465 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11466 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11467 0 \
11468 -s "Protocol is TLSv1.3" \
11469 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11470 -s "received signature algorithm: 0x403" \
11471 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11472 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11473 -c "Protocol is TLSv1.3" \
11474 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11475 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11476 -c "NamedGroup: x448 ( 1e )" \
11477 -c "Verifying peer X.509 certificate... ok" \
11478 -C "received HelloRetryRequest message"
11479
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11480requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11481requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11482requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11483requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11484requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11485requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11486requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11487requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11488requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11489requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11490run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11491 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11492 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11493 0 \
11494 -s "Protocol is TLSv1.3" \
11495 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11496 -s "received signature algorithm: 0x503" \
11497 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11498 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11499 -c "Protocol is TLSv1.3" \
11500 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11501 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11502 -c "NamedGroup: x448 ( 1e )" \
11503 -c "Verifying peer X.509 certificate... ok" \
11504 -C "received HelloRetryRequest message"
11505
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11506requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11507requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11508requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11509requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11510requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11511requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11512requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11513requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11514requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11515requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11516run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11517 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11518 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11519 0 \
11520 -s "Protocol is TLSv1.3" \
11521 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11522 -s "received signature algorithm: 0x603" \
11523 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11524 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11525 -c "Protocol is TLSv1.3" \
11526 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11527 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11528 -c "NamedGroup: x448 ( 1e )" \
11529 -c "Verifying peer X.509 certificate... ok" \
11530 -C "received HelloRetryRequest message"
11531
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11532requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11533requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11534requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11535requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11536requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11537requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11538requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11539requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11540requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11541requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11542requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11543requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11544run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11545 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11546 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11547 0 \
11548 -s "Protocol is TLSv1.3" \
11549 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11550 -s "received signature algorithm: 0x804" \
11551 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11552 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11553 -c "Protocol is TLSv1.3" \
11554 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11555 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11556 -c "NamedGroup: x448 ( 1e )" \
11557 -c "Verifying peer X.509 certificate... ok" \
11558 -C "received HelloRetryRequest message"
11559
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11560requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11561requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11564requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11565requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11566requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11567requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11568requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11569requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11570requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11571requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11572run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11573 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11574 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11575 0 \
11576 -s "Protocol is TLSv1.3" \
11577 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11578 -s "received signature algorithm: 0x403" \
11579 -s "got named group: ffdhe2048(0100)" \
11580 -s "Certificate verification was skipped" \
11581 -c "Protocol is TLSv1.3" \
11582 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11583 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11584 -c "NamedGroup: ffdhe2048 ( 100 )" \
11585 -c "Verifying peer X.509 certificate... ok" \
11586 -C "received HelloRetryRequest message"
11587
11588requires_config_enabled MBEDTLS_SSL_SRV_C
11589requires_config_enabled MBEDTLS_DEBUG_C
11590requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11591requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11592requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11593requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11594requires_config_enabled MBEDTLS_SSL_CLI_C
11595requires_config_enabled MBEDTLS_DEBUG_C
11596requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11597requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11598requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11599requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11600run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11601 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11602 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11603 0 \
11604 -s "Protocol is TLSv1.3" \
11605 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11606 -s "received signature algorithm: 0x503" \
11607 -s "got named group: ffdhe2048(0100)" \
11608 -s "Certificate verification was skipped" \
11609 -c "Protocol is TLSv1.3" \
11610 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11611 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11612 -c "NamedGroup: ffdhe2048 ( 100 )" \
11613 -c "Verifying peer X.509 certificate... ok" \
11614 -C "received HelloRetryRequest message"
11615
11616requires_config_enabled MBEDTLS_SSL_SRV_C
11617requires_config_enabled MBEDTLS_DEBUG_C
11618requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11620requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11621requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11622requires_config_enabled MBEDTLS_SSL_CLI_C
11623requires_config_enabled MBEDTLS_DEBUG_C
11624requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11625requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11626requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11627requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11628run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11629 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11630 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11631 0 \
11632 -s "Protocol is TLSv1.3" \
11633 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11634 -s "received signature algorithm: 0x603" \
11635 -s "got named group: ffdhe2048(0100)" \
11636 -s "Certificate verification was skipped" \
11637 -c "Protocol is TLSv1.3" \
11638 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11639 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11640 -c "NamedGroup: ffdhe2048 ( 100 )" \
11641 -c "Verifying peer X.509 certificate... ok" \
11642 -C "received HelloRetryRequest message"
11643
11644requires_config_enabled MBEDTLS_SSL_SRV_C
11645requires_config_enabled MBEDTLS_DEBUG_C
11646requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11647requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11648requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11649requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11650requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11651requires_config_enabled MBEDTLS_SSL_CLI_C
11652requires_config_enabled MBEDTLS_DEBUG_C
11653requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11654requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11655requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11656requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]11657requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11658run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11659 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11660 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11661 0 \
11662 -s "Protocol is TLSv1.3" \
11663 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
11664 -s "received signature algorithm: 0x804" \
11665 -s "got named group: ffdhe2048(0100)" \
11666 -s "Certificate verification was skipped" \
11667 -c "Protocol is TLSv1.3" \
11668 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
11669 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11670 -c "NamedGroup: ffdhe2048 ( 100 )" \
11671 -c "Verifying peer X.509 certificate... ok" \
11672 -C "received HelloRetryRequest message"
11673
11674requires_config_enabled MBEDTLS_SSL_SRV_C
11675requires_config_enabled MBEDTLS_DEBUG_C
11676requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11677requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11678requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]11679requires_config_enabled MBEDTLS_SSL_CLI_C
11680requires_config_enabled MBEDTLS_DEBUG_C
11681requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
11682requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11683requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11684run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11685 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11686 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11687 0 \
11688 -s "Protocol is TLSv1.3" \
11689 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11690 -s "received signature algorithm: 0x403" \
11691 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11692 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11693 -c "Protocol is TLSv1.3" \
11694 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11695 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11696 -c "NamedGroup: secp256r1 ( 17 )" \
11697 -c "Verifying peer X.509 certificate... ok" \
11698 -C "received HelloRetryRequest message"
11699
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11700requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11701requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11702requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11703requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11704requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11705requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11706requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11707requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11708requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11709requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11710run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11711 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11712 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11713 0 \
11714 -s "Protocol is TLSv1.3" \
11715 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11716 -s "received signature algorithm: 0x503" \
11717 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11718 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11719 -c "Protocol is TLSv1.3" \
11720 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11721 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11722 -c "NamedGroup: secp256r1 ( 17 )" \
11723 -c "Verifying peer X.509 certificate... ok" \
11724 -C "received HelloRetryRequest message"
11725
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11726requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11727requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11728requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11729requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11730requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11731requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11732requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11733requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11734requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11735requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11736run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11737 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11738 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11739 0 \
11740 -s "Protocol is TLSv1.3" \
11741 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11742 -s "received signature algorithm: 0x603" \
11743 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11744 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11745 -c "Protocol is TLSv1.3" \
11746 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11747 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11748 -c "NamedGroup: secp256r1 ( 17 )" \
11749 -c "Verifying peer X.509 certificate... ok" \
11750 -C "received HelloRetryRequest message"
11751
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11752requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11753requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11754requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11756requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11757requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11758requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11759requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11760requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11761requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11762requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11763requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11764run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11765 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11766 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11767 0 \
11768 -s "Protocol is TLSv1.3" \
11769 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11770 -s "received signature algorithm: 0x804" \
11771 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11772 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11773 -c "Protocol is TLSv1.3" \
11774 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11775 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11776 -c "NamedGroup: secp256r1 ( 17 )" \
11777 -c "Verifying peer X.509 certificate... ok" \
11778 -C "received HelloRetryRequest message"
11779
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11780requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11781requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11782requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11783requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11784requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11785requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11786requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11787requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11788requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11789requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11790run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11791 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11792 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11793 0 \
11794 -s "Protocol is TLSv1.3" \
11795 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11796 -s "received signature algorithm: 0x403" \
11797 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11798 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11799 -c "Protocol is TLSv1.3" \
11800 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11801 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11802 -c "NamedGroup: secp384r1 ( 18 )" \
11803 -c "Verifying peer X.509 certificate... ok" \
11804 -C "received HelloRetryRequest message"
11805
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11806requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11807requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11808requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11809requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11810requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11811requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11812requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11813requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11814requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11815requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11816run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11817 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11818 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11819 0 \
11820 -s "Protocol is TLSv1.3" \
11821 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11822 -s "received signature algorithm: 0x503" \
11823 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11824 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11825 -c "Protocol is TLSv1.3" \
11826 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11827 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11828 -c "NamedGroup: secp384r1 ( 18 )" \
11829 -c "Verifying peer X.509 certificate... ok" \
11830 -C "received HelloRetryRequest message"
11831
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11832requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11833requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11834requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11835requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11836requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11837requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11838requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11839requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11840requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11841requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11842run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11843 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11844 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11845 0 \
11846 -s "Protocol is TLSv1.3" \
11847 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11848 -s "received signature algorithm: 0x603" \
11849 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11850 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11851 -c "Protocol is TLSv1.3" \
11852 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11853 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11854 -c "NamedGroup: secp384r1 ( 18 )" \
11855 -c "Verifying peer X.509 certificate... ok" \
11856 -C "received HelloRetryRequest message"
11857
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11858requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11859requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11860requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11861requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11862requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11863requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11864requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11865requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11866requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11867requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11868requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11869requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11870run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11871 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11872 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11873 0 \
11874 -s "Protocol is TLSv1.3" \
11875 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11876 -s "received signature algorithm: 0x804" \
11877 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11878 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11879 -c "Protocol is TLSv1.3" \
11880 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11881 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11882 -c "NamedGroup: secp384r1 ( 18 )" \
11883 -c "Verifying peer X.509 certificate... ok" \
11884 -C "received HelloRetryRequest message"
11885
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11886requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11887requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11888requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11889requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11890requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11891requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11892requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11893requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11894requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11895requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11896run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11897 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11898 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11899 0 \
11900 -s "Protocol is TLSv1.3" \
11901 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11902 -s "received signature algorithm: 0x403" \
11903 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11904 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11905 -c "Protocol is TLSv1.3" \
11906 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11907 -c "Certificate Verify: Signature algorithm ( 0403 )" \
11908 -c "NamedGroup: secp521r1 ( 19 )" \
11909 -c "Verifying peer X.509 certificate... ok" \
11910 -C "received HelloRetryRequest message"
11911
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11912requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11913requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11914requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11915requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11916requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11917requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11918requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11919requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11920requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11921requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11922run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11923 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11924 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11925 0 \
11926 -s "Protocol is TLSv1.3" \
11927 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11928 -s "received signature algorithm: 0x503" \
11929 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11930 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11931 -c "Protocol is TLSv1.3" \
11932 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11933 -c "Certificate Verify: Signature algorithm ( 0503 )" \
11934 -c "NamedGroup: secp521r1 ( 19 )" \
11935 -c "Verifying peer X.509 certificate... ok" \
11936 -C "received HelloRetryRequest message"
11937
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11938requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11939requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11940requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11941requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11942requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11943requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11944requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11945requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11946requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11947requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11948run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11949 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11950 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11951 0 \
11952 -s "Protocol is TLSv1.3" \
11953 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11954 -s "received signature algorithm: 0x603" \
11955 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11956 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11957 -c "Protocol is TLSv1.3" \
11958 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11959 -c "Certificate Verify: Signature algorithm ( 0603 )" \
11960 -c "NamedGroup: secp521r1 ( 19 )" \
11961 -c "Verifying peer X.509 certificate... ok" \
11962 -C "received HelloRetryRequest message"
11963
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11964requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11965requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11966requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11967requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11968requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11969requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11970requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11971requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11972requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11973requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11974requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11975requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11976run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]11977 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11978 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11979 0 \
11980 -s "Protocol is TLSv1.3" \
11981 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
11982 -s "received signature algorithm: 0x804" \
11983 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]11984 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11985 -c "Protocol is TLSv1.3" \
11986 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
11987 -c "Certificate Verify: Signature algorithm ( 0804 )" \
11988 -c "NamedGroup: secp521r1 ( 19 )" \
11989 -c "Verifying peer X.509 certificate... ok" \
11990 -C "received HelloRetryRequest message"
11991
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11992requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11993requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11994requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11995requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]11996requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11997requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11998requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]11999requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12000requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12001requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12002run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12003 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12004 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12005 0 \
12006 -s "Protocol is TLSv1.3" \
12007 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12008 -s "received signature algorithm: 0x403" \
12009 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12010 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12011 -c "Protocol is TLSv1.3" \
12012 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12013 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12014 -c "NamedGroup: x25519 ( 1d )" \
12015 -c "Verifying peer X.509 certificate... ok" \
12016 -C "received HelloRetryRequest message"
12017
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12018requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12019requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12020requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12021requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12022requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12023requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12024requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12025requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12026requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12027requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12028run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12029 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12030 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12031 0 \
12032 -s "Protocol is TLSv1.3" \
12033 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12034 -s "received signature algorithm: 0x503" \
12035 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12036 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12037 -c "Protocol is TLSv1.3" \
12038 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12039 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12040 -c "NamedGroup: x25519 ( 1d )" \
12041 -c "Verifying peer X.509 certificate... ok" \
12042 -C "received HelloRetryRequest message"
12043
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12044requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12045requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12046requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12047requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12048requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12049requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12050requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12051requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12052requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12053requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12054run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12055 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12056 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12057 0 \
12058 -s "Protocol is TLSv1.3" \
12059 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12060 -s "received signature algorithm: 0x603" \
12061 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12062 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12063 -c "Protocol is TLSv1.3" \
12064 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12065 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12066 -c "NamedGroup: x25519 ( 1d )" \
12067 -c "Verifying peer X.509 certificate... ok" \
12068 -C "received HelloRetryRequest message"
12069
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12070requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12071requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12072requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12073requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12074requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12075requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12076requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12077requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12078requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12079requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12080requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12081requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12082run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12083 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12084 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12085 0 \
12086 -s "Protocol is TLSv1.3" \
12087 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12088 -s "received signature algorithm: 0x804" \
12089 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12090 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12091 -c "Protocol is TLSv1.3" \
12092 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12093 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12094 -c "NamedGroup: x25519 ( 1d )" \
12095 -c "Verifying peer X.509 certificate... ok" \
12096 -C "received HelloRetryRequest message"
12097
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12098requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12099requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12100requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12102requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12103requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12104requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12105requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12106requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12107requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12108run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12109 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12110 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12111 0 \
12112 -s "Protocol is TLSv1.3" \
12113 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12114 -s "received signature algorithm: 0x403" \
12115 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12116 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12117 -c "Protocol is TLSv1.3" \
12118 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12119 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12120 -c "NamedGroup: x448 ( 1e )" \
12121 -c "Verifying peer X.509 certificate... ok" \
12122 -C "received HelloRetryRequest message"
12123
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12124requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12125requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12126requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12127requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12128requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12129requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12130requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12131requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12132requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12133requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12134run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12135 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12136 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12137 0 \
12138 -s "Protocol is TLSv1.3" \
12139 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12140 -s "received signature algorithm: 0x503" \
12141 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12142 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12143 -c "Protocol is TLSv1.3" \
12144 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12145 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12146 -c "NamedGroup: x448 ( 1e )" \
12147 -c "Verifying peer X.509 certificate... ok" \
12148 -C "received HelloRetryRequest message"
12149
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12150requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12151requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12152requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12153requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12154requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12155requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12156requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12157requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12158requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12159requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12160run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12161 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12162 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12163 0 \
12164 -s "Protocol is TLSv1.3" \
12165 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12166 -s "received signature algorithm: 0x603" \
12167 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12168 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12169 -c "Protocol is TLSv1.3" \
12170 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12171 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12172 -c "NamedGroup: x448 ( 1e )" \
12173 -c "Verifying peer X.509 certificate... ok" \
12174 -C "received HelloRetryRequest message"
12175
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12176requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12177requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12178requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12180requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12181requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12182requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12183requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12184requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12185requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12186requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12187requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12188run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12189 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12190 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12191 0 \
12192 -s "Protocol is TLSv1.3" \
12193 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12194 -s "received signature algorithm: 0x804" \
12195 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12196 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12197 -c "Protocol is TLSv1.3" \
12198 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12199 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12200 -c "NamedGroup: x448 ( 1e )" \
12201 -c "Verifying peer X.509 certificate... ok" \
12202 -C "received HelloRetryRequest message"
12203
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12204requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]12205requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12207requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12208requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12209requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12210requires_config_enabled MBEDTLS_SSL_CLI_C
12211requires_config_enabled MBEDTLS_DEBUG_C
12212requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12213requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12214requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12215requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12216run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12217 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12218 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12219 0 \
12220 -s "Protocol is TLSv1.3" \
12221 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12222 -s "received signature algorithm: 0x403" \
12223 -s "got named group: ffdhe2048(0100)" \
12224 -s "Certificate verification was skipped" \
12225 -c "Protocol is TLSv1.3" \
12226 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12227 -c "Certificate Verify: Signature algorithm ( 0403 )" \
12228 -c "NamedGroup: ffdhe2048 ( 100 )" \
12229 -c "Verifying peer X.509 certificate... ok" \
12230 -C "received HelloRetryRequest message"
12231
12232requires_config_enabled MBEDTLS_SSL_SRV_C
12233requires_config_enabled MBEDTLS_DEBUG_C
12234requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12235requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12236requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12237requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12238requires_config_enabled MBEDTLS_SSL_CLI_C
12239requires_config_enabled MBEDTLS_DEBUG_C
12240requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12241requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12242requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12243requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12244run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12245 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12246 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12247 0 \
12248 -s "Protocol is TLSv1.3" \
12249 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12250 -s "received signature algorithm: 0x503" \
12251 -s "got named group: ffdhe2048(0100)" \
12252 -s "Certificate verification was skipped" \
12253 -c "Protocol is TLSv1.3" \
12254 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12255 -c "Certificate Verify: Signature algorithm ( 0503 )" \
12256 -c "NamedGroup: ffdhe2048 ( 100 )" \
12257 -c "Verifying peer X.509 certificate... ok" \
12258 -C "received HelloRetryRequest message"
12259
12260requires_config_enabled MBEDTLS_SSL_SRV_C
12261requires_config_enabled MBEDTLS_DEBUG_C
12262requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12263requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12264requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12265requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12266requires_config_enabled MBEDTLS_SSL_CLI_C
12267requires_config_enabled MBEDTLS_DEBUG_C
12268requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12269requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12270requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12271requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12272run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12273 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12274 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12275 0 \
12276 -s "Protocol is TLSv1.3" \
12277 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12278 -s "received signature algorithm: 0x603" \
12279 -s "got named group: ffdhe2048(0100)" \
12280 -s "Certificate verification was skipped" \
12281 -c "Protocol is TLSv1.3" \
12282 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12283 -c "Certificate Verify: Signature algorithm ( 0603 )" \
12284 -c "NamedGroup: ffdhe2048 ( 100 )" \
12285 -c "Verifying peer X.509 certificate... ok" \
12286 -C "received HelloRetryRequest message"
12287
12288requires_config_enabled MBEDTLS_SSL_SRV_C
12289requires_config_enabled MBEDTLS_DEBUG_C
12290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12291requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12292requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12293requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12294requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12295requires_config_enabled MBEDTLS_SSL_CLI_C
12296requires_config_enabled MBEDTLS_DEBUG_C
12297requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12298requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12299requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12300requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12301requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12302run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12303 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12304 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12305 0 \
12306 -s "Protocol is TLSv1.3" \
12307 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
12308 -s "received signature algorithm: 0x804" \
12309 -s "got named group: ffdhe2048(0100)" \
12310 -s "Certificate verification was skipped" \
12311 -c "Protocol is TLSv1.3" \
12312 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
12313 -c "Certificate Verify: Signature algorithm ( 0804 )" \
12314 -c "NamedGroup: ffdhe2048 ( 100 )" \
12315 -c "Verifying peer X.509 certificate... ok" \
12316 -C "received HelloRetryRequest message"
12317
12318requires_config_enabled MBEDTLS_SSL_SRV_C
12319requires_config_enabled MBEDTLS_DEBUG_C
12320requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12321requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12322requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12323requires_openssl_tls1_3
12324run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12325 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12326 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12327 0 \
12328 -s "Protocol is TLSv1.3" \
12329 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12330 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12331 -s "HRR selected_group: secp384r1"
12332
12333requires_config_enabled MBEDTLS_SSL_SRV_C
12334requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12335requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12336requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12337requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12338requires_openssl_tls1_3
12339run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12340 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12341 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12342 0 \
12343 -s "Protocol is TLSv1.3" \
12344 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12345 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12346 -s "HRR selected_group: secp521r1"
12347
12348requires_config_enabled MBEDTLS_SSL_SRV_C
12349requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12350requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12351requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12352requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12353requires_openssl_tls1_3
12354run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12355 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12356 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12357 0 \
12358 -s "Protocol is TLSv1.3" \
12359 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12360 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12361 -s "HRR selected_group: x25519"
12362
12363requires_config_enabled MBEDTLS_SSL_SRV_C
12364requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12365requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12366requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12367requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12368requires_openssl_tls1_3
12369run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12370 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12371 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12372 0 \
12373 -s "Protocol is TLSv1.3" \
12374 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12375 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12376 -s "HRR selected_group: x448"
12377
12378requires_config_enabled MBEDTLS_SSL_SRV_C
12379requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12380requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12381requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12382requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12383requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12384requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12385run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12386 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12387 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-256:ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12388 0 \
12389 -s "Protocol is TLSv1.3" \
12390 -s "got named group: ffdhe2048(0100)" \
12391 -s "Certificate verification was skipped" \
12392 -s "HRR selected_group: ffdhe2048"
12393
12394requires_config_enabled MBEDTLS_SSL_SRV_C
12395requires_config_enabled MBEDTLS_DEBUG_C
12396requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12397requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12398requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12399requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12400run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12401 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12402 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12403 0 \
12404 -s "Protocol is TLSv1.3" \
12405 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12406 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12407 -s "HRR selected_group: secp256r1"
12408
12409requires_config_enabled MBEDTLS_SSL_SRV_C
12410requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12411requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12412requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12413requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12414requires_openssl_tls1_3
12415run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12416 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12417 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12418 0 \
12419 -s "Protocol is TLSv1.3" \
12420 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12421 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12422 -s "HRR selected_group: secp521r1"
12423
12424requires_config_enabled MBEDTLS_SSL_SRV_C
12425requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12427requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12428requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12429requires_openssl_tls1_3
12430run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12431 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12432 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12433 0 \
12434 -s "Protocol is TLSv1.3" \
12435 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12436 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12437 -s "HRR selected_group: x25519"
12438
12439requires_config_enabled MBEDTLS_SSL_SRV_C
12440requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12441requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12442requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12443requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12444requires_openssl_tls1_3
12445run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12446 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12447 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12448 0 \
12449 -s "Protocol is TLSv1.3" \
12450 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12451 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12452 -s "HRR selected_group: x448"
12453
12454requires_config_enabled MBEDTLS_SSL_SRV_C
12455requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12456requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12457requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12458requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12459requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12460requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12461run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12462 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12463 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-384:ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12464 0 \
12465 -s "Protocol is TLSv1.3" \
12466 -s "got named group: ffdhe2048(0100)" \
12467 -s "Certificate verification was skipped" \
12468 -s "HRR selected_group: ffdhe2048"
12469
12470requires_config_enabled MBEDTLS_SSL_SRV_C
12471requires_config_enabled MBEDTLS_DEBUG_C
12472requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12473requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12474requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12475requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12476run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12477 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12478 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12479 0 \
12480 -s "Protocol is TLSv1.3" \
12481 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12482 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12483 -s "HRR selected_group: secp256r1"
12484
12485requires_config_enabled MBEDTLS_SSL_SRV_C
12486requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12487requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12488requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12489requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12490requires_openssl_tls1_3
12491run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12492 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12493 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12494 0 \
12495 -s "Protocol is TLSv1.3" \
12496 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12497 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12498 -s "HRR selected_group: secp384r1"
12499
12500requires_config_enabled MBEDTLS_SSL_SRV_C
12501requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12502requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12503requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12504requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12505requires_openssl_tls1_3
12506run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12507 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12508 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12509 0 \
12510 -s "Protocol is TLSv1.3" \
12511 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12512 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12513 -s "HRR selected_group: x25519"
12514
12515requires_config_enabled MBEDTLS_SSL_SRV_C
12516requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12517requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12518requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12519requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12520requires_openssl_tls1_3
12521run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12522 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12523 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12524 0 \
12525 -s "Protocol is TLSv1.3" \
12526 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12527 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12528 -s "HRR selected_group: x448"
12529
12530requires_config_enabled MBEDTLS_SSL_SRV_C
12531requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12532requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12533requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12534requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12535requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12536requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12537run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12538 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12539 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups P-521:ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12540 0 \
12541 -s "Protocol is TLSv1.3" \
12542 -s "got named group: ffdhe2048(0100)" \
12543 -s "Certificate verification was skipped" \
12544 -s "HRR selected_group: ffdhe2048"
12545
12546requires_config_enabled MBEDTLS_SSL_SRV_C
12547requires_config_enabled MBEDTLS_DEBUG_C
12548requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12549requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12550requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12551requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12552run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12553 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12554 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12555 0 \
12556 -s "Protocol is TLSv1.3" \
12557 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12558 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12559 -s "HRR selected_group: secp256r1"
12560
12561requires_config_enabled MBEDTLS_SSL_SRV_C
12562requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12563requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12564requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12565requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12566requires_openssl_tls1_3
12567run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12568 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12569 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12570 0 \
12571 -s "Protocol is TLSv1.3" \
12572 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12573 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12574 -s "HRR selected_group: secp384r1"
12575
12576requires_config_enabled MBEDTLS_SSL_SRV_C
12577requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12578requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12579requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12580requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12581requires_openssl_tls1_3
12582run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12583 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12584 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12585 0 \
12586 -s "Protocol is TLSv1.3" \
12587 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12588 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12589 -s "HRR selected_group: secp521r1"
12590
12591requires_config_enabled MBEDTLS_SSL_SRV_C
12592requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12593requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12594requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12595requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12596requires_openssl_tls1_3
12597run_test "TLS 1.3 O->m: HRR x25519 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12598 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12599 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12600 0 \
12601 -s "Protocol is TLSv1.3" \
12602 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12603 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12604 -s "HRR selected_group: x448"
12605
12606requires_config_enabled MBEDTLS_SSL_SRV_C
12607requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12608requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12609requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12610requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12611requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12612requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12613run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12614 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12615 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X25519:ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12616 0 \
12617 -s "Protocol is TLSv1.3" \
12618 -s "got named group: ffdhe2048(0100)" \
12619 -s "Certificate verification was skipped" \
12620 -s "HRR selected_group: ffdhe2048"
12621
12622requires_config_enabled MBEDTLS_SSL_SRV_C
12623requires_config_enabled MBEDTLS_DEBUG_C
12624requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12625requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12626requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12627requires_openssl_tls1_3
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12628run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12629 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12630 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12631 0 \
12632 -s "Protocol is TLSv1.3" \
12633 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12634 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12635 -s "HRR selected_group: secp256r1"
12636
12637requires_config_enabled MBEDTLS_SSL_SRV_C
12638requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12639requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12640requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12641requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12642requires_openssl_tls1_3
12643run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12644 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12645 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12646 0 \
12647 -s "Protocol is TLSv1.3" \
12648 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12649 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12650 -s "HRR selected_group: secp384r1"
12651
12652requires_config_enabled MBEDTLS_SSL_SRV_C
12653requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12654requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12655requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12656requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12657requires_openssl_tls1_3
12658run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12659 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12660 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12661 0 \
12662 -s "Protocol is TLSv1.3" \
12663 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12664 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12665 -s "HRR selected_group: secp521r1"
12666
12667requires_config_enabled MBEDTLS_SSL_SRV_C
12668requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12669requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12670requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12671requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12672requires_openssl_tls1_3
12673run_test "TLS 1.3 O->m: HRR x448 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12674 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12675 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12676 0 \
12677 -s "Protocol is TLSv1.3" \
12678 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12679 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12680 -s "HRR selected_group: x25519"
12681
12682requires_config_enabled MBEDTLS_SSL_SRV_C
12683requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12684requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12685requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12686requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12687requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12688requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12689run_test "TLS 1.3 O->m: HRR x448 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12690 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12691 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups X448:ffdhe2048 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12692 0 \
12693 -s "Protocol is TLSv1.3" \
12694 -s "got named group: ffdhe2048(0100)" \
12695 -s "Certificate verification was skipped" \
12696 -s "HRR selected_group: ffdhe2048"
12697
12698requires_config_enabled MBEDTLS_SSL_SRV_C
12699requires_config_enabled MBEDTLS_DEBUG_C
12700requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12701requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12702requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12703requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12704run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12705 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12706 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-256 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12707 0 \
12708 -s "Protocol is TLSv1.3" \
12709 -s "got named group: secp256r1(0017)" \
12710 -s "Certificate verification was skipped" \
12711 -s "HRR selected_group: secp256r1"
12712
12713requires_config_enabled MBEDTLS_SSL_SRV_C
12714requires_config_enabled MBEDTLS_DEBUG_C
12715requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12716requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12717requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12718requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12719run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12720 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12721 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-384 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12722 0 \
12723 -s "Protocol is TLSv1.3" \
12724 -s "got named group: secp384r1(0018)" \
12725 -s "Certificate verification was skipped" \
12726 -s "HRR selected_group: secp384r1"
12727
12728requires_config_enabled MBEDTLS_SSL_SRV_C
12729requires_config_enabled MBEDTLS_DEBUG_C
12730requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12731requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12732requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12733requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12734run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12735 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12736 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:P-521 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12737 0 \
12738 -s "Protocol is TLSv1.3" \
12739 -s "got named group: secp521r1(0019)" \
12740 -s "Certificate verification was skipped" \
12741 -s "HRR selected_group: secp521r1"
12742
12743requires_config_enabled MBEDTLS_SSL_SRV_C
12744requires_config_enabled MBEDTLS_DEBUG_C
12745requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12746requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12747requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12748requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12749run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12750 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12751 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:X25519 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12752 0 \
12753 -s "Protocol is TLSv1.3" \
12754 -s "got named group: x25519(001d)" \
12755 -s "Certificate verification was skipped" \
12756 -s "HRR selected_group: x25519"
12757
12758requires_config_enabled MBEDTLS_SSL_SRV_C
12759requires_config_enabled MBEDTLS_DEBUG_C
12760requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12761requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12762requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]12763requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12764run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12765 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12766 "$O_NEXT_CLI_NO_CERT -CAfile $DATA_FILES_PATH/test-ca2.crt -groups ffdhe2048:X448 -msg -tls1_3" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12767 0 \
12768 -s "Protocol is TLSv1.3" \
12769 -s "got named group: x448(001e)" \
12770 -s "Certificate verification was skipped" \
12771 -s "HRR selected_group: x448"
12772
12773requires_config_enabled MBEDTLS_SSL_SRV_C
12774requires_config_enabled MBEDTLS_DEBUG_C
12775requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12776requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12777requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12778requires_gnutls_tls1_3
12779requires_gnutls_next_no_ticket
12780requires_gnutls_next_disable_tls13_compat
12781run_test "TLS 1.3 G->m: HRR secp256r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12782 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12783 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12784 0 \
12785 -s "Protocol is TLSv1.3" \
12786 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12787 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12788 -s "HRR selected_group: secp384r1"
12789
12790requires_config_enabled MBEDTLS_SSL_SRV_C
12791requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12792requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12793requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12794requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12795requires_gnutls_tls1_3
12796requires_gnutls_next_no_ticket
12797requires_gnutls_next_disable_tls13_compat
12798run_test "TLS 1.3 G->m: HRR secp256r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12799 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12800 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12801 0 \
12802 -s "Protocol is TLSv1.3" \
12803 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12804 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12805 -s "HRR selected_group: secp521r1"
12806
12807requires_config_enabled MBEDTLS_SSL_SRV_C
12808requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12809requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12810requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12811requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12812requires_gnutls_tls1_3
12813requires_gnutls_next_no_ticket
12814requires_gnutls_next_disable_tls13_compat
12815run_test "TLS 1.3 G->m: HRR secp256r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12816 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12817 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12818 0 \
12819 -s "Protocol is TLSv1.3" \
12820 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12821 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12822 -s "HRR selected_group: x25519"
12823
12824requires_config_enabled MBEDTLS_SSL_SRV_C
12825requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12826requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12827requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12828requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12829requires_gnutls_tls1_3
12830requires_gnutls_next_no_ticket
12831requires_gnutls_next_disable_tls13_compat
12832run_test "TLS 1.3 G->m: HRR secp256r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12833 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12834 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12835 0 \
12836 -s "Protocol is TLSv1.3" \
12837 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12838 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12839 -s "HRR selected_group: x448"
12840
12841requires_config_enabled MBEDTLS_SSL_SRV_C
12842requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12843requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12844requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12845requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12846requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12847requires_gnutls_tls1_3
12848requires_gnutls_next_no_ticket
12849requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12850run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12851 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12852 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12853 0 \
12854 -s "Protocol is TLSv1.3" \
12855 -s "got named group: ffdhe2048(0100)" \
12856 -s "Certificate verification was skipped" \
12857 -s "HRR selected_group: ffdhe2048"
12858
12859requires_config_enabled MBEDTLS_SSL_SRV_C
12860requires_config_enabled MBEDTLS_DEBUG_C
12861requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12862requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12863requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12864requires_gnutls_tls1_3
12865requires_gnutls_next_no_ticket
12866requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12867run_test "TLS 1.3 G->m: HRR secp384r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12868 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12869 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12870 0 \
12871 -s "Protocol is TLSv1.3" \
12872 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12873 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12874 -s "HRR selected_group: secp256r1"
12875
12876requires_config_enabled MBEDTLS_SSL_SRV_C
12877requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12878requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12879requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12880requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12881requires_gnutls_tls1_3
12882requires_gnutls_next_no_ticket
12883requires_gnutls_next_disable_tls13_compat
12884run_test "TLS 1.3 G->m: HRR secp384r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12885 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12886 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12887 0 \
12888 -s "Protocol is TLSv1.3" \
12889 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12890 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12891 -s "HRR selected_group: secp521r1"
12892
12893requires_config_enabled MBEDTLS_SSL_SRV_C
12894requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12895requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12896requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12897requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12898requires_gnutls_tls1_3
12899requires_gnutls_next_no_ticket
12900requires_gnutls_next_disable_tls13_compat
12901run_test "TLS 1.3 G->m: HRR secp384r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12902 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12903 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12904 0 \
12905 -s "Protocol is TLSv1.3" \
12906 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12907 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12908 -s "HRR selected_group: x25519"
12909
12910requires_config_enabled MBEDTLS_SSL_SRV_C
12911requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12912requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12913requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12914requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12915requires_gnutls_tls1_3
12916requires_gnutls_next_no_ticket
12917requires_gnutls_next_disable_tls13_compat
12918run_test "TLS 1.3 G->m: HRR secp384r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12919 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12920 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12921 0 \
12922 -s "Protocol is TLSv1.3" \
12923 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12924 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12925 -s "HRR selected_group: x448"
12926
12927requires_config_enabled MBEDTLS_SSL_SRV_C
12928requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12929requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12930requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12931requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]12932requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12933requires_gnutls_tls1_3
12934requires_gnutls_next_no_ticket
12935requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12936run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12937 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12938 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12939 0 \
12940 -s "Protocol is TLSv1.3" \
12941 -s "got named group: ffdhe2048(0100)" \
12942 -s "Certificate verification was skipped" \
12943 -s "HRR selected_group: ffdhe2048"
12944
12945requires_config_enabled MBEDTLS_SSL_SRV_C
12946requires_config_enabled MBEDTLS_DEBUG_C
12947requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12948requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12949requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]12950requires_gnutls_tls1_3
12951requires_gnutls_next_no_ticket
12952requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12953run_test "TLS 1.3 G->m: HRR secp521r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12954 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12955 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12956 0 \
12957 -s "Protocol is TLSv1.3" \
12958 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12959 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12960 -s "HRR selected_group: secp256r1"
12961
12962requires_config_enabled MBEDTLS_SSL_SRV_C
12963requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12964requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12965requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12966requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12967requires_gnutls_tls1_3
12968requires_gnutls_next_no_ticket
12969requires_gnutls_next_disable_tls13_compat
12970run_test "TLS 1.3 G->m: HRR secp521r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12971 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12972 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12973 0 \
12974 -s "Protocol is TLSv1.3" \
12975 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12976 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12977 -s "HRR selected_group: secp384r1"
12978
12979requires_config_enabled MBEDTLS_SSL_SRV_C
12980requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12981requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12982requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]12983requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12984requires_gnutls_tls1_3
12985requires_gnutls_next_no_ticket
12986requires_gnutls_next_disable_tls13_compat
12987run_test "TLS 1.3 G->m: HRR secp521r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]12988 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12989 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12990 0 \
12991 -s "Protocol is TLSv1.3" \
12992 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]12993 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12994 -s "HRR selected_group: x25519"
12995
12996requires_config_enabled MBEDTLS_SSL_SRV_C
12997requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]12998requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12999requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13000requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13001requires_gnutls_tls1_3
13002requires_gnutls_next_no_ticket
13003requires_gnutls_next_disable_tls13_compat
13004run_test "TLS 1.3 G->m: HRR secp521r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13005 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13006 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13007 0 \
13008 -s "Protocol is TLSv1.3" \
13009 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13010 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13011 -s "HRR selected_group: x448"
13012
13013requires_config_enabled MBEDTLS_SSL_SRV_C
13014requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13015requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13016requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13017requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13018requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13019requires_gnutls_tls1_3
13020requires_gnutls_next_no_ticket
13021requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13022run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13023 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13024 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13025 0 \
13026 -s "Protocol is TLSv1.3" \
13027 -s "got named group: ffdhe2048(0100)" \
13028 -s "Certificate verification was skipped" \
13029 -s "HRR selected_group: ffdhe2048"
13030
13031requires_config_enabled MBEDTLS_SSL_SRV_C
13032requires_config_enabled MBEDTLS_DEBUG_C
13033requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13034requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13035requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13036requires_gnutls_tls1_3
13037requires_gnutls_next_no_ticket
13038requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13039run_test "TLS 1.3 G->m: HRR x25519 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13040 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13041 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13042 0 \
13043 -s "Protocol is TLSv1.3" \
13044 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13045 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13046 -s "HRR selected_group: secp256r1"
13047
13048requires_config_enabled MBEDTLS_SSL_SRV_C
13049requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13050requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13051requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13052requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13053requires_gnutls_tls1_3
13054requires_gnutls_next_no_ticket
13055requires_gnutls_next_disable_tls13_compat
13056run_test "TLS 1.3 G->m: HRR x25519 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13057 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13058 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13059 0 \
13060 -s "Protocol is TLSv1.3" \
13061 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13062 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13063 -s "HRR selected_group: secp384r1"
13064
13065requires_config_enabled MBEDTLS_SSL_SRV_C
13066requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13067requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13068requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13069requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13070requires_gnutls_tls1_3
13071requires_gnutls_next_no_ticket
13072requires_gnutls_next_disable_tls13_compat
13073run_test "TLS 1.3 G->m: HRR x25519 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13074 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13075 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13076 0 \
13077 -s "Protocol is TLSv1.3" \
13078 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13079 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13080 -s "HRR selected_group: secp521r1"
13081
13082requires_config_enabled MBEDTLS_SSL_SRV_C
13083requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13084requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13085requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13086requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13087requires_gnutls_tls1_3
13088requires_gnutls_next_no_ticket
13089requires_gnutls_next_disable_tls13_compat
13090run_test "TLS 1.3 G->m: HRR x25519 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13091 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13092 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13093 0 \
13094 -s "Protocol is TLSv1.3" \
13095 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13096 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13097 -s "HRR selected_group: x448"
13098
13099requires_config_enabled MBEDTLS_SSL_SRV_C
13100requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13101requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13102requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13103requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13104requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13105requires_gnutls_tls1_3
13106requires_gnutls_next_no_ticket
13107requires_gnutls_next_disable_tls13_compat
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13108run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13109 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13110 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13111 0 \
13112 -s "Protocol is TLSv1.3" \
13113 -s "got named group: ffdhe2048(0100)" \
13114 -s "Certificate verification was skipped" \
13115 -s "HRR selected_group: ffdhe2048"
13116
13117requires_config_enabled MBEDTLS_SSL_SRV_C
13118requires_config_enabled MBEDTLS_DEBUG_C
13119requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13120requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13121requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13122requires_gnutls_tls1_3
13123requires_gnutls_next_no_ticket
13124requires_gnutls_next_disable_tls13_compat
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13125run_test "TLS 1.3 G->m: HRR x448 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13126 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13127 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13128 0 \
13129 -s "Protocol is TLSv1.3" \
13130 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13131 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13132 -s "HRR selected_group: secp256r1"
13133
13134requires_config_enabled MBEDTLS_SSL_SRV_C
13135requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13136requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13137requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13138requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13139requires_gnutls_tls1_3
13140requires_gnutls_next_no_ticket
13141requires_gnutls_next_disable_tls13_compat
13142run_test "TLS 1.3 G->m: HRR x448 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13143 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13144 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13145 0 \
13146 -s "Protocol is TLSv1.3" \
13147 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13148 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13149 -s "HRR selected_group: secp384r1"
13150
13151requires_config_enabled MBEDTLS_SSL_SRV_C
13152requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13153requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13154requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13155requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13156requires_gnutls_tls1_3
13157requires_gnutls_next_no_ticket
13158requires_gnutls_next_disable_tls13_compat
13159run_test "TLS 1.3 G->m: HRR x448 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13160 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13161 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13162 0 \
13163 -s "Protocol is TLSv1.3" \
13164 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13165 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13166 -s "HRR selected_group: secp521r1"
13167
13168requires_config_enabled MBEDTLS_SSL_SRV_C
13169requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13170requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13171requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13172requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13173requires_gnutls_tls1_3
13174requires_gnutls_next_no_ticket
13175requires_gnutls_next_disable_tls13_compat
13176run_test "TLS 1.3 G->m: HRR x448 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13177 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13178 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13179 0 \
13180 -s "Protocol is TLSv1.3" \
13181 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]13182 -s "Certificate verification was skipped" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13183 -s "HRR selected_group: x25519"
13184
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13185requires_config_enabled MBEDTLS_SSL_SRV_C
13186requires_config_enabled MBEDTLS_DEBUG_C
13187requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13188requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13189requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13190requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13191requires_gnutls_tls1_3
13192requires_gnutls_next_no_ticket
13193requires_gnutls_next_disable_tls13_compat
13194run_test "TLS 1.3 G->m: HRR x448 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13195 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13196 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13197 0 \
13198 -s "Protocol is TLSv1.3" \
13199 -s "got named group: ffdhe2048(0100)" \
13200 -s "Certificate verification was skipped" \
13201 -s "HRR selected_group: ffdhe2048"
13202
13203requires_config_enabled MBEDTLS_SSL_SRV_C
13204requires_config_enabled MBEDTLS_DEBUG_C
13205requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13206requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13207requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13208requires_gnutls_tls1_3
13209requires_gnutls_next_no_ticket
13210requires_gnutls_next_disable_tls13_compat
13211run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13212 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13213 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13214 0 \
13215 -s "Protocol is TLSv1.3" \
13216 -s "got named group: secp256r1(0017)" \
13217 -s "Certificate verification was skipped" \
13218 -s "HRR selected_group: secp256r1"
13219
13220requires_config_enabled MBEDTLS_SSL_SRV_C
13221requires_config_enabled MBEDTLS_DEBUG_C
13222requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13223requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13224requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13225requires_gnutls_tls1_3
13226requires_gnutls_next_no_ticket
13227requires_gnutls_next_disable_tls13_compat
13228run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13229 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13230 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13231 0 \
13232 -s "Protocol is TLSv1.3" \
13233 -s "got named group: secp384r1(0018)" \
13234 -s "Certificate verification was skipped" \
13235 -s "HRR selected_group: secp384r1"
13236
13237requires_config_enabled MBEDTLS_SSL_SRV_C
13238requires_config_enabled MBEDTLS_DEBUG_C
13239requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13240requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13241requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13242requires_gnutls_tls1_3
13243requires_gnutls_next_no_ticket
13244requires_gnutls_next_disable_tls13_compat
13245run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13246 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13247 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13248 0 \
13249 -s "Protocol is TLSv1.3" \
13250 -s "got named group: secp521r1(0019)" \
13251 -s "Certificate verification was skipped" \
13252 -s "HRR selected_group: secp521r1"
13253
13254requires_config_enabled MBEDTLS_SSL_SRV_C
13255requires_config_enabled MBEDTLS_DEBUG_C
13256requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13258requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13259requires_gnutls_tls1_3
13260requires_gnutls_next_no_ticket
13261requires_gnutls_next_disable_tls13_compat
13262run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13263 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13264 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13265 0 \
13266 -s "Protocol is TLSv1.3" \
13267 -s "got named group: x25519(001d)" \
13268 -s "Certificate verification was skipped" \
13269 -s "HRR selected_group: x25519"
13270
13271requires_config_enabled MBEDTLS_SSL_SRV_C
13272requires_config_enabled MBEDTLS_DEBUG_C
13273requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13274requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13275requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13276requires_gnutls_tls1_3
13277requires_gnutls_next_no_ticket
13278requires_gnutls_next_disable_tls13_compat
13279run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13280 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13281 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13282 0 \
13283 -s "Protocol is TLSv1.3" \
13284 -s "got named group: x448(001e)" \
13285 -s "Certificate verification was skipped" \
13286 -s "HRR selected_group: x448"
13287
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13288requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13289requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13290requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13291requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13292requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13293requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13294run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13295 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13296 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13297 0 \
13298 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13299 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13300 -c "NamedGroup: secp256r1 ( 17 )" \
13301 -c "NamedGroup: secp384r1 ( 18 )" \
13302 -c "Verifying peer X.509 certificate... ok" \
13303 -c "received HelloRetryRequest message" \
13304 -c "selected_group ( 24 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13305
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13306requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13307requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13308requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13309requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13310requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13311requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]13312run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13313 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13314 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13315 0 \
13316 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13317 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13318 -c "NamedGroup: secp256r1 ( 17 )" \
13319 -c "NamedGroup: secp521r1 ( 19 )" \
13320 -c "Verifying peer X.509 certificate... ok" \
13321 -c "received HelloRetryRequest message" \
13322 -c "selected_group ( 25 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13323
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13324requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13325requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13326requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13327requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13328requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13329requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]13330run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13331 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13332 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13333 0 \
13334 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13335 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13336 -c "NamedGroup: secp256r1 ( 17 )" \
13337 -c "NamedGroup: x25519 ( 1d )" \
13338 -c "Verifying peer X.509 certificate... ok" \
13339 -c "received HelloRetryRequest message" \
13340 -c "selected_group ( 29 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13341
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13342requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13343requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13344requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13345requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13346requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13347requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]13348run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13349 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13350 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13351 0 \
13352 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13353 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13354 -c "NamedGroup: secp256r1 ( 17 )" \
13355 -c "NamedGroup: x448 ( 1e )" \
13356 -c "Verifying peer X.509 certificate... ok" \
13357 -c "received HelloRetryRequest message" \
13358 -c "selected_group ( 30 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13359
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]13360requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13361requires_config_enabled MBEDTLS_SSL_CLI_C
13362requires_config_enabled MBEDTLS_DEBUG_C
13363requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13364requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13365requires_config_enabled PSA_WANT_ALG_ECDH
13366requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13367requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13368run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13369 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13370 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13371 0 \
13372 -c "HTTP/1.0 200 ok" \
13373 -c "Protocol is TLSv1.3" \
13374 -c "NamedGroup: secp256r1 ( 17 )" \
13375 -c "NamedGroup: ffdhe2048 ( 100 )" \
13376 -c "Verifying peer X.509 certificate... ok" \
13377 -c "received HelloRetryRequest message" \
13378 -c "selected_group ( 256 )"
13379
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13380requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13381requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13382requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13383requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13384requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13385requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13386run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13387 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13388 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13389 0 \
13390 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13391 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13392 -c "NamedGroup: secp384r1 ( 18 )" \
13393 -c "NamedGroup: secp256r1 ( 17 )" \
13394 -c "Verifying peer X.509 certificate... ok" \
13395 -c "received HelloRetryRequest message" \
13396 -c "selected_group ( 23 )"
13397
13398requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13399requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13400requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13401requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13402requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13403requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13404run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13405 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13406 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13407 0 \
13408 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13409 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13410 -c "NamedGroup: secp384r1 ( 18 )" \
13411 -c "NamedGroup: secp521r1 ( 19 )" \
13412 -c "Verifying peer X.509 certificate... ok" \
13413 -c "received HelloRetryRequest message" \
13414 -c "selected_group ( 25 )"
13415
13416requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13417requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13418requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13419requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13420requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13421requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13422run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13423 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13424 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13425 0 \
13426 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13427 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13428 -c "NamedGroup: secp384r1 ( 18 )" \
13429 -c "NamedGroup: x25519 ( 1d )" \
13430 -c "Verifying peer X.509 certificate... ok" \
13431 -c "received HelloRetryRequest message" \
13432 -c "selected_group ( 29 )"
13433
13434requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13435requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13436requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13437requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13438requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13439requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13440run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13441 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13442 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13443 0 \
13444 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13445 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13446 -c "NamedGroup: secp384r1 ( 18 )" \
13447 -c "NamedGroup: x448 ( 1e )" \
13448 -c "Verifying peer X.509 certificate... ok" \
13449 -c "received HelloRetryRequest message" \
13450 -c "selected_group ( 30 )"
13451
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]13452requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13453requires_config_enabled MBEDTLS_SSL_CLI_C
13454requires_config_enabled MBEDTLS_DEBUG_C
13455requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13456requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13457requires_config_enabled PSA_WANT_ALG_ECDH
13458requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13459requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13460run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13461 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13462 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13463 0 \
13464 -c "HTTP/1.0 200 ok" \
13465 -c "Protocol is TLSv1.3" \
13466 -c "NamedGroup: secp384r1 ( 18 )" \
13467 -c "NamedGroup: ffdhe2048 ( 100 )" \
13468 -c "Verifying peer X.509 certificate... ok" \
13469 -c "received HelloRetryRequest message" \
13470 -c "selected_group ( 256 )"
13471
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13472requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13473requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13474requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13475requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13476requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13477requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13478run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13479 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13480 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13481 0 \
13482 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13483 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13484 -c "NamedGroup: secp521r1 ( 19 )" \
13485 -c "NamedGroup: secp256r1 ( 17 )" \
13486 -c "Verifying peer X.509 certificate... ok" \
13487 -c "received HelloRetryRequest message" \
13488 -c "selected_group ( 23 )"
13489
13490requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13491requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13492requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13493requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13494requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13495requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13496run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13497 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13498 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13499 0 \
13500 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13501 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13502 -c "NamedGroup: secp521r1 ( 19 )" \
13503 -c "NamedGroup: secp384r1 ( 18 )" \
13504 -c "Verifying peer X.509 certificate... ok" \
13505 -c "received HelloRetryRequest message" \
13506 -c "selected_group ( 24 )"
13507
13508requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13509requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13510requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13511requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13512requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13513requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13514run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13515 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13516 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13517 0 \
13518 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13519 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13520 -c "NamedGroup: secp521r1 ( 19 )" \
13521 -c "NamedGroup: x25519 ( 1d )" \
13522 -c "Verifying peer X.509 certificate... ok" \
13523 -c "received HelloRetryRequest message" \
13524 -c "selected_group ( 29 )"
13525
13526requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13527requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13528requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13529requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13530requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13531requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13532run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13533 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13534 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13535 0 \
13536 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13537 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13538 -c "NamedGroup: secp521r1 ( 19 )" \
13539 -c "NamedGroup: x448 ( 1e )" \
13540 -c "Verifying peer X.509 certificate... ok" \
13541 -c "received HelloRetryRequest message" \
13542 -c "selected_group ( 30 )"
13543
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]13544requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13545requires_config_enabled MBEDTLS_SSL_CLI_C
13546requires_config_enabled MBEDTLS_DEBUG_C
13547requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13548requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13549requires_config_enabled PSA_WANT_ALG_ECDH
13550requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13551requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13552run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13553 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13554 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13555 0 \
13556 -c "HTTP/1.0 200 ok" \
13557 -c "Protocol is TLSv1.3" \
13558 -c "NamedGroup: secp521r1 ( 19 )" \
13559 -c "NamedGroup: ffdhe2048 ( 100 )" \
13560 -c "Verifying peer X.509 certificate... ok" \
13561 -c "received HelloRetryRequest message" \
13562 -c "selected_group ( 256 )"
13563
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13564requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13565requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13566requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13567requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13568requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13569requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13570run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13571 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13572 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13573 0 \
13574 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13575 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13576 -c "NamedGroup: x25519 ( 1d )" \
13577 -c "NamedGroup: secp256r1 ( 17 )" \
13578 -c "Verifying peer X.509 certificate... ok" \
13579 -c "received HelloRetryRequest message" \
13580 -c "selected_group ( 23 )"
13581
13582requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13583requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13584requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13585requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13586requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13587requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13588run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13589 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13590 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13591 0 \
13592 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13593 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13594 -c "NamedGroup: x25519 ( 1d )" \
13595 -c "NamedGroup: secp384r1 ( 18 )" \
13596 -c "Verifying peer X.509 certificate... ok" \
13597 -c "received HelloRetryRequest message" \
13598 -c "selected_group ( 24 )"
13599
13600requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13601requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13602requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13603requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13604requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13605requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13606run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13607 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13608 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13609 0 \
13610 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13611 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13612 -c "NamedGroup: x25519 ( 1d )" \
13613 -c "NamedGroup: secp521r1 ( 19 )" \
13614 -c "Verifying peer X.509 certificate... ok" \
13615 -c "received HelloRetryRequest message" \
13616 -c "selected_group ( 25 )"
13617
13618requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13619requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13620requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13621requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13622requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13623requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13624run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13625 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13626 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13627 0 \
13628 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13629 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13630 -c "NamedGroup: x25519 ( 1d )" \
13631 -c "NamedGroup: x448 ( 1e )" \
13632 -c "Verifying peer X.509 certificate... ok" \
13633 -c "received HelloRetryRequest message" \
13634 -c "selected_group ( 30 )"
13635
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]13636requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13637requires_config_enabled MBEDTLS_SSL_CLI_C
13638requires_config_enabled MBEDTLS_DEBUG_C
13639requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13640requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13641requires_config_enabled PSA_WANT_ALG_ECDH
13642requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13643requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13644run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13645 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13646 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13647 0 \
13648 -c "HTTP/1.0 200 ok" \
13649 -c "Protocol is TLSv1.3" \
13650 -c "NamedGroup: x25519 ( 1d )" \
13651 -c "NamedGroup: ffdhe2048 ( 100 )" \
13652 -c "Verifying peer X.509 certificate... ok" \
13653 -c "received HelloRetryRequest message" \
13654 -c "selected_group ( 256 )"
13655
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13656requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13657requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13658requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13659requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13660requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13661requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13662run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13663 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13664 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13665 0 \
13666 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13667 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13668 -c "NamedGroup: x448 ( 1e )" \
13669 -c "NamedGroup: secp256r1 ( 17 )" \
13670 -c "Verifying peer X.509 certificate... ok" \
13671 -c "received HelloRetryRequest message" \
13672 -c "selected_group ( 23 )"
13673
13674requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13675requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13676requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13677requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13678requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13679requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13680run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13681 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13682 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13683 0 \
13684 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13685 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13686 -c "NamedGroup: x448 ( 1e )" \
13687 -c "NamedGroup: secp384r1 ( 18 )" \
13688 -c "Verifying peer X.509 certificate... ok" \
13689 -c "received HelloRetryRequest message" \
13690 -c "selected_group ( 24 )"
13691
13692requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13693requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13694requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13695requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13696requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13697requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13698run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13699 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13700 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13701 0 \
13702 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13703 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13704 -c "NamedGroup: x448 ( 1e )" \
13705 -c "NamedGroup: secp521r1 ( 19 )" \
13706 -c "Verifying peer X.509 certificate... ok" \
13707 -c "received HelloRetryRequest message" \
13708 -c "selected_group ( 25 )"
13709
13710requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13711requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13712requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13713requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13714requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13715requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13716run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13717 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13718 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13719 0 \
13720 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13721 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13722 -c "NamedGroup: x448 ( 1e )" \
13723 -c "NamedGroup: x25519 ( 1d )" \
13724 -c "Verifying peer X.509 certificate... ok" \
13725 -c "received HelloRetryRequest message" \
13726 -c "selected_group ( 29 )"
13727
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200[diff] [blame]13728requires_openssl_tls1_3_with_ffdh
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13729requires_config_enabled MBEDTLS_SSL_CLI_C
13730requires_config_enabled MBEDTLS_DEBUG_C
13731requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13732requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13733requires_config_enabled PSA_WANT_ALG_ECDH
13734requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13735requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13736run_test "TLS 1.3 m->O: HRR x448 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13737 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13738 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13739 0 \
13740 -c "HTTP/1.0 200 ok" \
13741 -c "Protocol is TLSv1.3" \
13742 -c "NamedGroup: x448 ( 1e )" \
13743 -c "NamedGroup: ffdhe2048 ( 100 )" \
13744 -c "Verifying peer X.509 certificate... ok" \
13745 -c "received HelloRetryRequest message" \
13746 -c "selected_group ( 256 )"
13747
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13748requires_openssl_tls1_3
13749requires_config_enabled MBEDTLS_SSL_CLI_C
13750requires_config_enabled MBEDTLS_DEBUG_C
13751requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13752requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13753requires_config_enabled PSA_WANT_ALG_ECDH
13754requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13755requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13756run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13757 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13758 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13759 0 \
13760 -c "HTTP/1.0 200 ok" \
13761 -c "Protocol is TLSv1.3" \
13762 -c "NamedGroup: ffdhe2048 ( 100 )" \
13763 -c "NamedGroup: secp256r1 ( 17 )" \
13764 -c "Verifying peer X.509 certificate... ok" \
13765 -c "received HelloRetryRequest message" \
13766 -c "selected_group ( 23 )"
13767
13768requires_openssl_tls1_3
13769requires_config_enabled MBEDTLS_SSL_CLI_C
13770requires_config_enabled MBEDTLS_DEBUG_C
13771requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13772requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13773requires_config_enabled PSA_WANT_ALG_ECDH
13774requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13775requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13776run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13777 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13778 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13779 0 \
13780 -c "HTTP/1.0 200 ok" \
13781 -c "Protocol is TLSv1.3" \
13782 -c "NamedGroup: ffdhe2048 ( 100 )" \
13783 -c "NamedGroup: secp384r1 ( 18 )" \
13784 -c "Verifying peer X.509 certificate... ok" \
13785 -c "received HelloRetryRequest message" \
13786 -c "selected_group ( 24 )"
13787
13788requires_openssl_tls1_3
13789requires_config_enabled MBEDTLS_SSL_CLI_C
13790requires_config_enabled MBEDTLS_DEBUG_C
13791requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13792requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13793requires_config_enabled PSA_WANT_ALG_ECDH
13794requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13795requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13796run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13797 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13798 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13799 0 \
13800 -c "HTTP/1.0 200 ok" \
13801 -c "Protocol is TLSv1.3" \
13802 -c "NamedGroup: ffdhe2048 ( 100 )" \
13803 -c "NamedGroup: secp521r1 ( 19 )" \
13804 -c "Verifying peer X.509 certificate... ok" \
13805 -c "received HelloRetryRequest message" \
13806 -c "selected_group ( 25 )"
13807
13808requires_openssl_tls1_3
13809requires_config_enabled MBEDTLS_SSL_CLI_C
13810requires_config_enabled MBEDTLS_DEBUG_C
13811requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13812requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13813requires_config_enabled PSA_WANT_ALG_ECDH
13814requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13815requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13816run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13817 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13818 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13819 0 \
13820 -c "HTTP/1.0 200 ok" \
13821 -c "Protocol is TLSv1.3" \
13822 -c "NamedGroup: ffdhe2048 ( 100 )" \
13823 -c "NamedGroup: x25519 ( 1d )" \
13824 -c "Verifying peer X.509 certificate... ok" \
13825 -c "received HelloRetryRequest message" \
13826 -c "selected_group ( 29 )"
13827
13828requires_openssl_tls1_3
13829requires_config_enabled MBEDTLS_SSL_CLI_C
13830requires_config_enabled MBEDTLS_DEBUG_C
13831requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13832requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13833requires_config_enabled PSA_WANT_ALG_ECDH
13834requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13835requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13836run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13837 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/ecdsa_secp256r1.crt -key $DATA_FILES_PATH/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
13838 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13839 0 \
13840 -c "HTTP/1.0 200 ok" \
13841 -c "Protocol is TLSv1.3" \
13842 -c "NamedGroup: ffdhe2048 ( 100 )" \
13843 -c "NamedGroup: x448 ( 1e )" \
13844 -c "Verifying peer X.509 certificate... ok" \
13845 -c "received HelloRetryRequest message" \
13846 -c "selected_group ( 30 )"
13847
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13848requires_gnutls_tls1_3
13849requires_gnutls_next_no_ticket
13850requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13851requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13852requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13853requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13854requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13855requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13856run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13857 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
13858 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13859 0 \
13860 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13861 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13862 -c "NamedGroup: secp256r1 ( 17 )" \
13863 -c "NamedGroup: secp384r1 ( 18 )" \
13864 -c "Verifying peer X.509 certificate... ok" \
13865 -c "received HelloRetryRequest message" \
13866 -c "selected_group ( 24 )"
13867
13868requires_gnutls_tls1_3
13869requires_gnutls_next_no_ticket
13870requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13871requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13872requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13873requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13874requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13875requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13876run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13877 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
13878 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13879 0 \
13880 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13881 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13882 -c "NamedGroup: secp256r1 ( 17 )" \
13883 -c "NamedGroup: secp521r1 ( 19 )" \
13884 -c "Verifying peer X.509 certificate... ok" \
13885 -c "received HelloRetryRequest message" \
13886 -c "selected_group ( 25 )"
13887
13888requires_gnutls_tls1_3
13889requires_gnutls_next_no_ticket
13890requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13891requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13892requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13893requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13894requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13895requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13896run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13897 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
13898 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13899 0 \
13900 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13901 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13902 -c "NamedGroup: secp256r1 ( 17 )" \
13903 -c "NamedGroup: x25519 ( 1d )" \
13904 -c "Verifying peer X.509 certificate... ok" \
13905 -c "received HelloRetryRequest message" \
13906 -c "selected_group ( 29 )"
13907
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13908requires_gnutls_tls1_3
13909requires_gnutls_next_no_ticket
13910requires_gnutls_next_disable_tls13_compat
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13911requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13912requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13913requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13914requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13915requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]13916run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13917 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
13918 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]13919 0 \
13920 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13921 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]13922 -c "NamedGroup: secp256r1 ( 17 )" \
13923 -c "NamedGroup: x448 ( 1e )" \
13924 -c "Verifying peer X.509 certificate... ok" \
13925 -c "received HelloRetryRequest message" \
13926 -c "selected_group ( 30 )"
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13927
13928requires_gnutls_tls1_3
13929requires_gnutls_next_no_ticket
13930requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13931requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13932requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13933requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13934requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13935requires_config_enabled PSA_WANT_ALG_ECDH
13936requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]13937requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13938run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13939 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
13940 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]13941 0 \
13942 -c "HTTP/1.0 200 OK" \
13943 -c "Protocol is TLSv1.3" \
13944 -c "NamedGroup: secp256r1 ( 17 )" \
13945 -c "NamedGroup: ffdhe2048 ( 100 )" \
13946 -c "Verifying peer X.509 certificate... ok" \
13947 -c "received HelloRetryRequest message" \
13948 -c "selected_group ( 256 )"
13949
13950requires_gnutls_tls1_3
13951requires_gnutls_next_no_ticket
13952requires_gnutls_next_disable_tls13_compat
13953requires_config_enabled MBEDTLS_SSL_CLI_C
13954requires_config_enabled MBEDTLS_DEBUG_C
13955requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13956requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13957requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13958run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13959 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
13960 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13961 0 \
13962 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13963 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13964 -c "NamedGroup: secp384r1 ( 18 )" \
13965 -c "NamedGroup: secp256r1 ( 17 )" \
13966 -c "Verifying peer X.509 certificate... ok" \
13967 -c "received HelloRetryRequest message" \
13968 -c "selected_group ( 23 )"
13969
13970requires_gnutls_tls1_3
13971requires_gnutls_next_no_ticket
13972requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13973requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13974requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13975requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13976requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13977requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13978run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13979 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
13980 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13981 0 \
13982 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]13983 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13984 -c "NamedGroup: secp384r1 ( 18 )" \
13985 -c "NamedGroup: secp521r1 ( 19 )" \
13986 -c "Verifying peer X.509 certificate... ok" \
13987 -c "received HelloRetryRequest message" \
13988 -c "selected_group ( 25 )"
13989
13990requires_gnutls_tls1_3
13991requires_gnutls_next_no_ticket
13992requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13993requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]13994requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]13995requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13996requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]13997requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]13998run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]13999 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
14000 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14001 0 \
14002 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14003 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14004 -c "NamedGroup: secp384r1 ( 18 )" \
14005 -c "NamedGroup: x25519 ( 1d )" \
14006 -c "Verifying peer X.509 certificate... ok" \
14007 -c "received HelloRetryRequest message" \
14008 -c "selected_group ( 29 )"
14009
14010requires_gnutls_tls1_3
14011requires_gnutls_next_no_ticket
14012requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14013requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14014requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14015requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14016requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14017requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14018run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14019 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
14020 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14021 0 \
14022 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14023 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14024 -c "NamedGroup: secp384r1 ( 18 )" \
14025 -c "NamedGroup: x448 ( 1e )" \
14026 -c "Verifying peer X.509 certificate... ok" \
14027 -c "received HelloRetryRequest message" \
14028 -c "selected_group ( 30 )"
14029
14030requires_gnutls_tls1_3
14031requires_gnutls_next_no_ticket
14032requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14033requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14034requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14035requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14036requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14037requires_config_enabled PSA_WANT_ALG_ECDH
14038requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14039requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14040run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14041 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14042 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14043 0 \
14044 -c "HTTP/1.0 200 OK" \
14045 -c "Protocol is TLSv1.3" \
14046 -c "NamedGroup: secp384r1 ( 18 )" \
14047 -c "NamedGroup: ffdhe2048 ( 100 )" \
14048 -c "Verifying peer X.509 certificate... ok" \
14049 -c "received HelloRetryRequest message" \
14050 -c "selected_group ( 256 )"
14051
14052requires_gnutls_tls1_3
14053requires_gnutls_next_no_ticket
14054requires_gnutls_next_disable_tls13_compat
14055requires_config_enabled MBEDTLS_SSL_CLI_C
14056requires_config_enabled MBEDTLS_DEBUG_C
14057requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14058requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14059requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14060run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14061 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
14062 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14063 0 \
14064 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14065 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14066 -c "NamedGroup: secp521r1 ( 19 )" \
14067 -c "NamedGroup: secp256r1 ( 17 )" \
14068 -c "Verifying peer X.509 certificate... ok" \
14069 -c "received HelloRetryRequest message" \
14070 -c "selected_group ( 23 )"
14071
14072requires_gnutls_tls1_3
14073requires_gnutls_next_no_ticket
14074requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14075requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14076requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14077requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14078requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14079requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14080run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14081 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
14082 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14083 0 \
14084 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14085 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14086 -c "NamedGroup: secp521r1 ( 19 )" \
14087 -c "NamedGroup: secp384r1 ( 18 )" \
14088 -c "Verifying peer X.509 certificate... ok" \
14089 -c "received HelloRetryRequest message" \
14090 -c "selected_group ( 24 )"
14091
14092requires_gnutls_tls1_3
14093requires_gnutls_next_no_ticket
14094requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14095requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14096requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14097requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14098requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14099requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14100run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14101 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
14102 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14103 0 \
14104 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14105 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14106 -c "NamedGroup: secp521r1 ( 19 )" \
14107 -c "NamedGroup: x25519 ( 1d )" \
14108 -c "Verifying peer X.509 certificate... ok" \
14109 -c "received HelloRetryRequest message" \
14110 -c "selected_group ( 29 )"
14111
14112requires_gnutls_tls1_3
14113requires_gnutls_next_no_ticket
14114requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14115requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14116requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14117requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14118requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14119requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14120run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14121 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
14122 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14123 0 \
14124 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14125 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14126 -c "NamedGroup: secp521r1 ( 19 )" \
14127 -c "NamedGroup: x448 ( 1e )" \
14128 -c "Verifying peer X.509 certificate... ok" \
14129 -c "received HelloRetryRequest message" \
14130 -c "selected_group ( 30 )"
14131
14132requires_gnutls_tls1_3
14133requires_gnutls_next_no_ticket
14134requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14135requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14136requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14137requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14138requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14139requires_config_enabled PSA_WANT_ALG_ECDH
14140requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14141requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14142run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14143 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14144 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14145 0 \
14146 -c "HTTP/1.0 200 OK" \
14147 -c "Protocol is TLSv1.3" \
14148 -c "NamedGroup: secp521r1 ( 19 )" \
14149 -c "NamedGroup: ffdhe2048 ( 100 )" \
14150 -c "Verifying peer X.509 certificate... ok" \
14151 -c "received HelloRetryRequest message" \
14152 -c "selected_group ( 256 )"
14153
14154requires_gnutls_tls1_3
14155requires_gnutls_next_no_ticket
14156requires_gnutls_next_disable_tls13_compat
14157requires_config_enabled MBEDTLS_SSL_CLI_C
14158requires_config_enabled MBEDTLS_DEBUG_C
14159requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14160requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14161requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14162run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14163 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
14164 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14165 0 \
14166 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14167 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14168 -c "NamedGroup: x25519 ( 1d )" \
14169 -c "NamedGroup: secp256r1 ( 17 )" \
14170 -c "Verifying peer X.509 certificate... ok" \
14171 -c "received HelloRetryRequest message" \
14172 -c "selected_group ( 23 )"
14173
14174requires_gnutls_tls1_3
14175requires_gnutls_next_no_ticket
14176requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14177requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14178requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14180requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14181requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14182run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14183 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
14184 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14185 0 \
14186 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14187 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14188 -c "NamedGroup: x25519 ( 1d )" \
14189 -c "NamedGroup: secp384r1 ( 18 )" \
14190 -c "Verifying peer X.509 certificate... ok" \
14191 -c "received HelloRetryRequest message" \
14192 -c "selected_group ( 24 )"
14193
14194requires_gnutls_tls1_3
14195requires_gnutls_next_no_ticket
14196requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14197requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14198requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14199requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14200requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14201requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14202run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14203 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
14204 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14205 0 \
14206 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14207 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14208 -c "NamedGroup: x25519 ( 1d )" \
14209 -c "NamedGroup: secp521r1 ( 19 )" \
14210 -c "Verifying peer X.509 certificate... ok" \
14211 -c "received HelloRetryRequest message" \
14212 -c "selected_group ( 25 )"
14213
14214requires_gnutls_tls1_3
14215requires_gnutls_next_no_ticket
14216requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14217requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14218requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14219requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14221requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14222run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14223 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
14224 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14225 0 \
14226 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14227 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14228 -c "NamedGroup: x25519 ( 1d )" \
14229 -c "NamedGroup: x448 ( 1e )" \
14230 -c "Verifying peer X.509 certificate... ok" \
14231 -c "received HelloRetryRequest message" \
14232 -c "selected_group ( 30 )"
14233
14234requires_gnutls_tls1_3
14235requires_gnutls_next_no_ticket
14236requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14237requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14238requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14239requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14240requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14241requires_config_enabled PSA_WANT_ALG_ECDH
14242requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14243requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14244run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14245 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14246 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14247 0 \
14248 -c "HTTP/1.0 200 OK" \
14249 -c "Protocol is TLSv1.3" \
14250 -c "NamedGroup: x25519 ( 1d )" \
14251 -c "NamedGroup: ffdhe2048 ( 100 )" \
14252 -c "Verifying peer X.509 certificate... ok" \
14253 -c "received HelloRetryRequest message" \
14254 -c "selected_group ( 256 )"
14255
14256requires_gnutls_tls1_3
14257requires_gnutls_next_no_ticket
14258requires_gnutls_next_disable_tls13_compat
14259requires_config_enabled MBEDTLS_SSL_CLI_C
14260requires_config_enabled MBEDTLS_DEBUG_C
14261requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14262requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14263requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14264run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14265 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
14266 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14267 0 \
14268 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14269 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14270 -c "NamedGroup: x448 ( 1e )" \
14271 -c "NamedGroup: secp256r1 ( 17 )" \
14272 -c "Verifying peer X.509 certificate... ok" \
14273 -c "received HelloRetryRequest message" \
14274 -c "selected_group ( 23 )"
14275
14276requires_gnutls_tls1_3
14277requires_gnutls_next_no_ticket
14278requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14279requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14280requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14281requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14282requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14283requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14284run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14285 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
14286 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14287 0 \
14288 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14289 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14290 -c "NamedGroup: x448 ( 1e )" \
14291 -c "NamedGroup: secp384r1 ( 18 )" \
14292 -c "Verifying peer X.509 certificate... ok" \
14293 -c "received HelloRetryRequest message" \
14294 -c "selected_group ( 24 )"
14295
14296requires_gnutls_tls1_3
14297requires_gnutls_next_no_ticket
14298requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14299requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14300requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14301requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14302requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14303requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14304run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14305 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
14306 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14307 0 \
14308 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14309 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14310 -c "NamedGroup: x448 ( 1e )" \
14311 -c "NamedGroup: secp521r1 ( 19 )" \
14312 -c "Verifying peer X.509 certificate... ok" \
14313 -c "received HelloRetryRequest message" \
14314 -c "selected_group ( 25 )"
14315
14316requires_gnutls_tls1_3
14317requires_gnutls_next_no_ticket
14318requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14319requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14320requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14321requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14322requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14323requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14324run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14325 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
14326 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14327 0 \
14328 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]14329 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]14330 -c "NamedGroup: x448 ( 1e )" \
14331 -c "NamedGroup: x25519 ( 1d )" \
14332 -c "Verifying peer X.509 certificate... ok" \
14333 -c "received HelloRetryRequest message" \
14334 -c "selected_group ( 29 )"
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14335
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14336requires_gnutls_tls1_3
14337requires_gnutls_next_no_ticket
14338requires_gnutls_next_disable_tls13_compat
14339requires_config_enabled MBEDTLS_SSL_CLI_C
14340requires_config_enabled MBEDTLS_DEBUG_C
14341requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14342requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14343requires_config_enabled PSA_WANT_ALG_ECDH
14344requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14345requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14346run_test "TLS 1.3 m->G: HRR x448 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14347 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
14348 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14349 0 \
14350 -c "HTTP/1.0 200 OK" \
14351 -c "Protocol is TLSv1.3" \
14352 -c "NamedGroup: x448 ( 1e )" \
14353 -c "NamedGroup: ffdhe2048 ( 100 )" \
14354 -c "Verifying peer X.509 certificate... ok" \
14355 -c "received HelloRetryRequest message" \
14356 -c "selected_group ( 256 )"
14357
14358requires_gnutls_tls1_3
14359requires_gnutls_next_no_ticket
14360requires_gnutls_next_disable_tls13_compat
14361requires_config_enabled MBEDTLS_SSL_CLI_C
14362requires_config_enabled MBEDTLS_DEBUG_C
14363requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14364requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14365requires_config_enabled PSA_WANT_ALG_ECDH
14366requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14367requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14368run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14369 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
14370 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14371 0 \
14372 -c "HTTP/1.0 200 OK" \
14373 -c "Protocol is TLSv1.3" \
14374 -c "NamedGroup: ffdhe2048 ( 100 )" \
14375 -c "NamedGroup: secp256r1 ( 17 )" \
14376 -c "Verifying peer X.509 certificate... ok" \
14377 -c "received HelloRetryRequest message" \
14378 -c "selected_group ( 23 )"
14379
14380requires_gnutls_tls1_3
14381requires_gnutls_next_no_ticket
14382requires_gnutls_next_disable_tls13_compat
14383requires_config_enabled MBEDTLS_SSL_CLI_C
14384requires_config_enabled MBEDTLS_DEBUG_C
14385requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14386requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14387requires_config_enabled PSA_WANT_ALG_ECDH
14388requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14389requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14390run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14391 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
14392 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14393 0 \
14394 -c "HTTP/1.0 200 OK" \
14395 -c "Protocol is TLSv1.3" \
14396 -c "NamedGroup: ffdhe2048 ( 100 )" \
14397 -c "NamedGroup: secp384r1 ( 18 )" \
14398 -c "Verifying peer X.509 certificate... ok" \
14399 -c "received HelloRetryRequest message" \
14400 -c "selected_group ( 24 )"
14401
14402requires_gnutls_tls1_3
14403requires_gnutls_next_no_ticket
14404requires_gnutls_next_disable_tls13_compat
14405requires_config_enabled MBEDTLS_SSL_CLI_C
14406requires_config_enabled MBEDTLS_DEBUG_C
14407requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14408requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14409requires_config_enabled PSA_WANT_ALG_ECDH
14410requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14411requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14412run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14413 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
14414 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14415 0 \
14416 -c "HTTP/1.0 200 OK" \
14417 -c "Protocol is TLSv1.3" \
14418 -c "NamedGroup: ffdhe2048 ( 100 )" \
14419 -c "NamedGroup: secp521r1 ( 19 )" \
14420 -c "Verifying peer X.509 certificate... ok" \
14421 -c "received HelloRetryRequest message" \
14422 -c "selected_group ( 25 )"
14423
14424requires_gnutls_tls1_3
14425requires_gnutls_next_no_ticket
14426requires_gnutls_next_disable_tls13_compat
14427requires_config_enabled MBEDTLS_SSL_CLI_C
14428requires_config_enabled MBEDTLS_DEBUG_C
14429requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14430requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14431requires_config_enabled PSA_WANT_ALG_ECDH
14432requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14433requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14434run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14435 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
14436 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14437 0 \
14438 -c "HTTP/1.0 200 OK" \
14439 -c "Protocol is TLSv1.3" \
14440 -c "NamedGroup: ffdhe2048 ( 100 )" \
14441 -c "NamedGroup: x25519 ( 1d )" \
14442 -c "Verifying peer X.509 certificate... ok" \
14443 -c "received HelloRetryRequest message" \
14444 -c "selected_group ( 29 )"
14445
14446requires_gnutls_tls1_3
14447requires_gnutls_next_no_ticket
14448requires_gnutls_next_disable_tls13_compat
14449requires_config_enabled MBEDTLS_SSL_CLI_C
14450requires_config_enabled MBEDTLS_DEBUG_C
14451requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14452requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14453requires_config_enabled PSA_WANT_ALG_ECDH
14454requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14455requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14456run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14457 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/ecdsa_secp256r1.crt --x509keyfile $DATA_FILES_PATH/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
14458 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14459 0 \
14460 -c "HTTP/1.0 200 OK" \
14461 -c "Protocol is TLSv1.3" \
14462 -c "NamedGroup: ffdhe2048 ( 100 )" \
14463 -c "NamedGroup: x448 ( 1e )" \
14464 -c "Verifying peer X.509 certificate... ok" \
14465 -c "received HelloRetryRequest message" \
14466 -c "selected_group ( 30 )"
14467
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14468requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14469requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14470requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14471requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14472requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14473requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14474requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14475requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14476requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14477requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14478run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14479 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14480 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14481 0 \
14482 -s "Protocol is TLSv1.3" \
14483 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14484 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14485 -c "Protocol is TLSv1.3" \
14486 -c "NamedGroup: secp256r1 ( 17 )" \
14487 -c "NamedGroup: secp384r1 ( 18 )" \
14488 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14489 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14490 -c "received HelloRetryRequest message" \
14491 -c "selected_group ( 24 )"
14492
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14493requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14494requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14495requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14496requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14497requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14498requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14499requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14500requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14501requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14502requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14503run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14504 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14505 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14506 0 \
14507 -s "Protocol is TLSv1.3" \
14508 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14509 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14510 -c "Protocol is TLSv1.3" \
14511 -c "NamedGroup: secp256r1 ( 17 )" \
14512 -c "NamedGroup: secp521r1 ( 19 )" \
14513 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14514 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14515 -c "received HelloRetryRequest message" \
14516 -c "selected_group ( 25 )"
14517
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14518requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14519requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14520requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14521requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14522requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14523requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14524requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14525requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14526requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14527requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14528run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14529 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14530 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14531 0 \
14532 -s "Protocol is TLSv1.3" \
14533 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14534 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14535 -c "Protocol is TLSv1.3" \
14536 -c "NamedGroup: secp256r1 ( 17 )" \
14537 -c "NamedGroup: x25519 ( 1d )" \
14538 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14539 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14540 -c "received HelloRetryRequest message" \
14541 -c "selected_group ( 29 )"
14542
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14543requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14544requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14545requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14546requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14547requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14548requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14549requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14550requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14551requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14552requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14553run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14554 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14555 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14556 0 \
14557 -s "Protocol is TLSv1.3" \
14558 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14559 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14560 -c "Protocol is TLSv1.3" \
14561 -c "NamedGroup: secp256r1 ( 17 )" \
14562 -c "NamedGroup: x448 ( 1e )" \
14563 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14564 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14565 -c "received HelloRetryRequest message" \
14566 -c "selected_group ( 30 )"
14567
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14568requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14569requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14570requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14571requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14572requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14573requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14574requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14575requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14576requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14577requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14578requires_config_enabled PSA_WANT_ALG_ECDH
14579requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14580requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14581run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14582 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14583 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14584 0 \
14585 -s "Protocol is TLSv1.3" \
14586 -s "got named group: ffdhe2048(0100)" \
14587 -s "Certificate verification was skipped" \
14588 -c "Protocol is TLSv1.3" \
14589 -c "NamedGroup: secp256r1 ( 17 )" \
14590 -c "NamedGroup: ffdhe2048 ( 100 )" \
14591 -c "Verifying peer X.509 certificate... ok" \
14592 -s "HRR selected_group: ffdhe2048" \
14593 -c "received HelloRetryRequest message" \
14594 -c "selected_group ( 256 )"
14595
14596requires_config_enabled MBEDTLS_SSL_SRV_C
14597requires_config_enabled MBEDTLS_DEBUG_C
14598requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14599requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14600requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14601requires_config_enabled MBEDTLS_SSL_CLI_C
14602requires_config_enabled MBEDTLS_DEBUG_C
14603requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14604requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14605requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14606run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14607 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14608 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14609 0 \
14610 -s "Protocol is TLSv1.3" \
14611 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14612 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14613 -c "Protocol is TLSv1.3" \
14614 -c "NamedGroup: secp384r1 ( 18 )" \
14615 -c "NamedGroup: secp256r1 ( 17 )" \
14616 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14617 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14618 -c "received HelloRetryRequest message" \
14619 -c "selected_group ( 23 )"
14620
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14621requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14622requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14623requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14624requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14625requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14626requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14627requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14628requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14629requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14630requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14631run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14632 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14633 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14634 0 \
14635 -s "Protocol is TLSv1.3" \
14636 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14637 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14638 -c "Protocol is TLSv1.3" \
14639 -c "NamedGroup: secp384r1 ( 18 )" \
14640 -c "NamedGroup: secp521r1 ( 19 )" \
14641 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14642 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14643 -c "received HelloRetryRequest message" \
14644 -c "selected_group ( 25 )"
14645
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14646requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14647requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14648requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14649requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14650requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14651requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14652requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14653requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14654requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14655requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14656run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14657 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14658 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14659 0 \
14660 -s "Protocol is TLSv1.3" \
14661 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14662 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14663 -c "Protocol is TLSv1.3" \
14664 -c "NamedGroup: secp384r1 ( 18 )" \
14665 -c "NamedGroup: x25519 ( 1d )" \
14666 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14667 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14668 -c "received HelloRetryRequest message" \
14669 -c "selected_group ( 29 )"
14670
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14671requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14672requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14673requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14674requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14675requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14676requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14677requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14678requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14679requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14680requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14681run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14682 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14683 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14684 0 \
14685 -s "Protocol is TLSv1.3" \
14686 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14687 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14688 -c "Protocol is TLSv1.3" \
14689 -c "NamedGroup: secp384r1 ( 18 )" \
14690 -c "NamedGroup: x448 ( 1e )" \
14691 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14692 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14693 -c "received HelloRetryRequest message" \
14694 -c "selected_group ( 30 )"
14695
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14696requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14697requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14698requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14700requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14701requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14702requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14703requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14704requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14705requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14706requires_config_enabled PSA_WANT_ALG_ECDH
14707requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14708requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14709run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14710 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14711 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14712 0 \
14713 -s "Protocol is TLSv1.3" \
14714 -s "got named group: ffdhe2048(0100)" \
14715 -s "Certificate verification was skipped" \
14716 -c "Protocol is TLSv1.3" \
14717 -c "NamedGroup: secp384r1 ( 18 )" \
14718 -c "NamedGroup: ffdhe2048 ( 100 )" \
14719 -c "Verifying peer X.509 certificate... ok" \
14720 -s "HRR selected_group: ffdhe2048" \
14721 -c "received HelloRetryRequest message" \
14722 -c "selected_group ( 256 )"
14723
14724requires_config_enabled MBEDTLS_SSL_SRV_C
14725requires_config_enabled MBEDTLS_DEBUG_C
14726requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14727requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14728requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14729requires_config_enabled MBEDTLS_SSL_CLI_C
14730requires_config_enabled MBEDTLS_DEBUG_C
14731requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14732requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14733requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14734run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14735 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14736 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14737 0 \
14738 -s "Protocol is TLSv1.3" \
14739 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14740 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14741 -c "Protocol is TLSv1.3" \
14742 -c "NamedGroup: secp521r1 ( 19 )" \
14743 -c "NamedGroup: secp256r1 ( 17 )" \
14744 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14745 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14746 -c "received HelloRetryRequest message" \
14747 -c "selected_group ( 23 )"
14748
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14749requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14750requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14751requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14752requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14753requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14754requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14755requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14756requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14758requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14759run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14760 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14761 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14762 0 \
14763 -s "Protocol is TLSv1.3" \
14764 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14765 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14766 -c "Protocol is TLSv1.3" \
14767 -c "NamedGroup: secp521r1 ( 19 )" \
14768 -c "NamedGroup: secp384r1 ( 18 )" \
14769 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14770 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14771 -c "received HelloRetryRequest message" \
14772 -c "selected_group ( 24 )"
14773
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14774requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14775requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14776requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14777requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14778requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14779requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14780requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14781requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14782requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14783requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14784run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14785 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14786 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14787 0 \
14788 -s "Protocol is TLSv1.3" \
14789 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14790 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14791 -c "Protocol is TLSv1.3" \
14792 -c "NamedGroup: secp521r1 ( 19 )" \
14793 -c "NamedGroup: x25519 ( 1d )" \
14794 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14795 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14796 -c "received HelloRetryRequest message" \
14797 -c "selected_group ( 29 )"
14798
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14799requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14800requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14801requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14802requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14803requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14804requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14805requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14806requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14807requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14808requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14809run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14810 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14811 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14812 0 \
14813 -s "Protocol is TLSv1.3" \
14814 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14815 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14816 -c "Protocol is TLSv1.3" \
14817 -c "NamedGroup: secp521r1 ( 19 )" \
14818 -c "NamedGroup: x448 ( 1e )" \
14819 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14820 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14821 -c "received HelloRetryRequest message" \
14822 -c "selected_group ( 30 )"
14823
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14824requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14825requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14826requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14827requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14828requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14829requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14830requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14831requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14832requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14833requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14834requires_config_enabled PSA_WANT_ALG_ECDH
14835requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14836requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14837run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14838 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14839 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14840 0 \
14841 -s "Protocol is TLSv1.3" \
14842 -s "got named group: ffdhe2048(0100)" \
14843 -s "Certificate verification was skipped" \
14844 -c "Protocol is TLSv1.3" \
14845 -c "NamedGroup: secp521r1 ( 19 )" \
14846 -c "NamedGroup: ffdhe2048 ( 100 )" \
14847 -c "Verifying peer X.509 certificate... ok" \
14848 -s "HRR selected_group: ffdhe2048" \
14849 -c "received HelloRetryRequest message" \
14850 -c "selected_group ( 256 )"
14851
14852requires_config_enabled MBEDTLS_SSL_SRV_C
14853requires_config_enabled MBEDTLS_DEBUG_C
14854requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14856requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14857requires_config_enabled MBEDTLS_SSL_CLI_C
14858requires_config_enabled MBEDTLS_DEBUG_C
14859requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14860requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14861requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14862run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14863 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14864 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14865 0 \
14866 -s "Protocol is TLSv1.3" \
14867 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14868 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14869 -c "Protocol is TLSv1.3" \
14870 -c "NamedGroup: x25519 ( 1d )" \
14871 -c "NamedGroup: secp256r1 ( 17 )" \
14872 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14873 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14874 -c "received HelloRetryRequest message" \
14875 -c "selected_group ( 23 )"
14876
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14877requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14878requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14879requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14880requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14881requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14882requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14883requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14884requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14885requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14886requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14887run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14888 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14889 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14890 0 \
14891 -s "Protocol is TLSv1.3" \
14892 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14893 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14894 -c "Protocol is TLSv1.3" \
14895 -c "NamedGroup: x25519 ( 1d )" \
14896 -c "NamedGroup: secp384r1 ( 18 )" \
14897 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14898 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14899 -c "received HelloRetryRequest message" \
14900 -c "selected_group ( 24 )"
14901
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14902requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14903requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14904requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14905requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14906requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14907requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14908requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14909requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14910requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14911requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14912run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14913 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14914 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14915 0 \
14916 -s "Protocol is TLSv1.3" \
14917 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14918 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14919 -c "Protocol is TLSv1.3" \
14920 -c "NamedGroup: x25519 ( 1d )" \
14921 -c "NamedGroup: secp521r1 ( 19 )" \
14922 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14923 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14924 -c "received HelloRetryRequest message" \
14925 -c "selected_group ( 25 )"
14926
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14927requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14928requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14929requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14930requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14931requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14932requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14933requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14934requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14935requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14936requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14937run_test "TLS 1.3 m->m: HRR x25519 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14938 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14939 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14940 0 \
14941 -s "Protocol is TLSv1.3" \
14942 -s "got named group: x448(001e)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14943 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14944 -c "Protocol is TLSv1.3" \
14945 -c "NamedGroup: x25519 ( 1d )" \
14946 -c "NamedGroup: x448 ( 1e )" \
14947 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14948 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14949 -c "received HelloRetryRequest message" \
14950 -c "selected_group ( 30 )"
14951
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]14952requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14953requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14954requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14955requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14956requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14957requires_config_enabled PSA_WANT_DH_RFC7919_2048
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14958requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]14959requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]14960requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14961requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14962requires_config_enabled PSA_WANT_ALG_ECDH
14963requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]14964requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14965run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14966 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14967 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14968 0 \
14969 -s "Protocol is TLSv1.3" \
14970 -s "got named group: ffdhe2048(0100)" \
14971 -s "Certificate verification was skipped" \
14972 -c "Protocol is TLSv1.3" \
14973 -c "NamedGroup: x25519 ( 1d )" \
14974 -c "NamedGroup: ffdhe2048 ( 100 )" \
14975 -c "Verifying peer X.509 certificate... ok" \
14976 -s "HRR selected_group: ffdhe2048" \
14977 -c "received HelloRetryRequest message" \
14978 -c "selected_group ( 256 )"
14979
14980requires_config_enabled MBEDTLS_SSL_SRV_C
14981requires_config_enabled MBEDTLS_DEBUG_C
14982requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14983requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14984requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]14985requires_config_enabled MBEDTLS_SSL_CLI_C
14986requires_config_enabled MBEDTLS_DEBUG_C
14987requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
14988requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]14989requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14990run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]14991 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
14992 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14993 0 \
14994 -s "Protocol is TLSv1.3" \
14995 -s "got named group: secp256r1(0017)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]14996 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]14997 -c "Protocol is TLSv1.3" \
14998 -c "NamedGroup: x448 ( 1e )" \
14999 -c "NamedGroup: secp256r1 ( 17 )" \
15000 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15001 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15002 -c "received HelloRetryRequest message" \
15003 -c "selected_group ( 23 )"
15004
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15005requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15006requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15007requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15008requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15009requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15010requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15011requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15012requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15013requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15014requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15015run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]15016 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15017 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15018 0 \
15019 -s "Protocol is TLSv1.3" \
15020 -s "got named group: secp384r1(0018)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15021 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15022 -c "Protocol is TLSv1.3" \
15023 -c "NamedGroup: x448 ( 1e )" \
15024 -c "NamedGroup: secp384r1 ( 18 )" \
15025 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15026 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15027 -c "received HelloRetryRequest message" \
15028 -c "selected_group ( 24 )"
15029
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15030requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15031requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15032requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15033requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15034requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15035requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15036requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15037requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15038requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15039requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15040run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]15041 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15042 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15043 0 \
15044 -s "Protocol is TLSv1.3" \
15045 -s "got named group: secp521r1(0019)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15046 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15047 -c "Protocol is TLSv1.3" \
15048 -c "NamedGroup: x448 ( 1e )" \
15049 -c "NamedGroup: secp521r1 ( 19 )" \
15050 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15051 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15052 -c "received HelloRetryRequest message" \
15053 -c "selected_group ( 25 )"
15054
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]15055requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15056requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15057requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15058requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15059requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15060requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15061requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron928cbd32022-10-04 16:14:26 +0200[diff] [blame]15062requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15063requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15064requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15065run_test "TLS 1.3 m->m: HRR x448 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]15066 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15067 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15068 0 \
15069 -s "Protocol is TLSv1.3" \
15070 -s "got named group: x25519(001d)" \
Ronald Croneac00ad2022-09-13 10:16:31 +0200[diff] [blame]15071 -s "Certificate verification was skipped" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15072 -c "Protocol is TLSv1.3" \
15073 -c "NamedGroup: x448 ( 1e )" \
15074 -c "NamedGroup: x25519 ( 1d )" \
15075 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]15076 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]15077 -c "received HelloRetryRequest message" \
15078 -c "selected_group ( 29 )"
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15079
15080requires_config_enabled MBEDTLS_SSL_SRV_C
15081requires_config_enabled MBEDTLS_DEBUG_C
15082requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15084requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15085requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15086requires_config_enabled MBEDTLS_SSL_CLI_C
15087requires_config_enabled MBEDTLS_DEBUG_C
15088requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15089requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15090requires_config_enabled PSA_WANT_ALG_ECDH
15091requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15092requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15093run_test "TLS 1.3 m->m: HRR x448 -> ffdhe2048" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]15094 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15095 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15096 0 \
15097 -s "Protocol is TLSv1.3" \
15098 -s "got named group: ffdhe2048(0100)" \
15099 -s "Certificate verification was skipped" \
15100 -c "Protocol is TLSv1.3" \
15101 -c "NamedGroup: x448 ( 1e )" \
15102 -c "NamedGroup: ffdhe2048 ( 100 )" \
15103 -c "Verifying peer X.509 certificate... ok" \
15104 -s "HRR selected_group: ffdhe2048" \
15105 -c "received HelloRetryRequest message" \
15106 -c "selected_group ( 256 )"
15107
15108requires_config_enabled MBEDTLS_SSL_SRV_C
15109requires_config_enabled MBEDTLS_DEBUG_C
15110requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15111requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15112requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15113requires_config_enabled MBEDTLS_SSL_CLI_C
15114requires_config_enabled MBEDTLS_DEBUG_C
15115requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15116requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15117requires_config_enabled PSA_WANT_ALG_ECDH
15118requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15119requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15120run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp256r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]15121 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15122 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15123 0 \
15124 -s "Protocol is TLSv1.3" \
15125 -s "got named group: secp256r1(0017)" \
15126 -s "Certificate verification was skipped" \
15127 -c "Protocol is TLSv1.3" \
15128 -c "NamedGroup: ffdhe2048 ( 100 )" \
15129 -c "NamedGroup: secp256r1 ( 17 )" \
15130 -c "Verifying peer X.509 certificate... ok" \
15131 -s "HRR selected_group: secp256r1" \
15132 -c "received HelloRetryRequest message" \
15133 -c "selected_group ( 23 )"
15134
15135requires_config_enabled MBEDTLS_SSL_SRV_C
15136requires_config_enabled MBEDTLS_DEBUG_C
15137requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15138requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15139requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15140requires_config_enabled MBEDTLS_SSL_CLI_C
15141requires_config_enabled MBEDTLS_DEBUG_C
15142requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15143requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15144requires_config_enabled PSA_WANT_ALG_ECDH
15145requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15146requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15147run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp384r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]15148 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15149 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15150 0 \
15151 -s "Protocol is TLSv1.3" \
15152 -s "got named group: secp384r1(0018)" \
15153 -s "Certificate verification was skipped" \
15154 -c "Protocol is TLSv1.3" \
15155 -c "NamedGroup: ffdhe2048 ( 100 )" \
15156 -c "NamedGroup: secp384r1 ( 18 )" \
15157 -c "Verifying peer X.509 certificate... ok" \
15158 -s "HRR selected_group: secp384r1" \
15159 -c "received HelloRetryRequest message" \
15160 -c "selected_group ( 24 )"
15161
15162requires_config_enabled MBEDTLS_SSL_SRV_C
15163requires_config_enabled MBEDTLS_DEBUG_C
15164requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15165requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15166requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15167requires_config_enabled MBEDTLS_SSL_CLI_C
15168requires_config_enabled MBEDTLS_DEBUG_C
15169requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15170requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15171requires_config_enabled PSA_WANT_ALG_ECDH
15172requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15173requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15174run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp521r1" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]15175 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15176 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15177 0 \
15178 -s "Protocol is TLSv1.3" \
15179 -s "got named group: secp521r1(0019)" \
15180 -s "Certificate verification was skipped" \
15181 -c "Protocol is TLSv1.3" \
15182 -c "NamedGroup: ffdhe2048 ( 100 )" \
15183 -c "NamedGroup: secp521r1 ( 19 )" \
15184 -c "Verifying peer X.509 certificate... ok" \
15185 -s "HRR selected_group: secp521r1" \
15186 -c "received HelloRetryRequest message" \
15187 -c "selected_group ( 25 )"
15188
15189requires_config_enabled MBEDTLS_SSL_SRV_C
15190requires_config_enabled MBEDTLS_DEBUG_C
15191requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15192requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15193requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15194requires_config_enabled MBEDTLS_SSL_CLI_C
15195requires_config_enabled MBEDTLS_DEBUG_C
15196requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15197requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15198requires_config_enabled PSA_WANT_ALG_ECDH
15199requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15200requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15201run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x25519" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]15202 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15203 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15204 0 \
15205 -s "Protocol is TLSv1.3" \
15206 -s "got named group: x25519(001d)" \
15207 -s "Certificate verification was skipped" \
15208 -c "Protocol is TLSv1.3" \
15209 -c "NamedGroup: ffdhe2048 ( 100 )" \
15210 -c "NamedGroup: x25519 ( 1d )" \
15211 -c "Verifying peer X.509 certificate... ok" \
15212 -s "HRR selected_group: x25519" \
15213 -c "received HelloRetryRequest message" \
15214 -c "selected_group ( 29 )"
15215
15216requires_config_enabled MBEDTLS_SSL_SRV_C
15217requires_config_enabled MBEDTLS_DEBUG_C
15218requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15220requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15221requires_config_enabled MBEDTLS_SSL_CLI_C
15222requires_config_enabled MBEDTLS_DEBUG_C
15223requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
15224requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekielc31a7982023-06-27 10:53:33 +0200[diff] [blame]15225requires_config_enabled PSA_WANT_ALG_ECDH
15226requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti18371ee2024-01-18 09:49:39 +0100[diff] [blame]15227requires_config_enabled PSA_WANT_DH_RFC7919_2048
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15228run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x448" \
David Horstmann77074902024-07-03 13:44:10 +0100[diff] [blame^]15229 "$P_SRV crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
15230 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200[diff] [blame]15231 0 \
15232 -s "Protocol is TLSv1.3" \
15233 -s "got named group: x448(001e)" \
15234 -s "Certificate verification was skipped" \
15235 -c "Protocol is TLSv1.3" \
15236 -c "NamedGroup: ffdhe2048 ( 100 )" \
15237 -c "NamedGroup: x448 ( 1e )" \
15238 -c "Verifying peer X.509 certificate... ok" \
15239 -s "HRR selected_group: x448" \
15240 -c "received HelloRetryRequest message" \
15241 -c "selected_group ( 30 )"