TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7f5e5adfa35c27c1c2375fa0609cb0da0c8b9d8a / . / tests / opt-testcases / tls13-compat.sh
blob: b8907dcf2f96d18b88e517c4b60e1c0f438b6294 [file] [log] [blame]
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1#!/bin/sh
2
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3# tests/opt-testcases/tls13-compat.sh
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# Purpose
21#
22# List TLS1.3 compat test cases. They are generated by
23# `generate_tls13_compat_tests.py -a`.
24#
25# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
26# AND REGENERATE THIS FILE.
27#
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]28requires_openssl_tls1_3
29requires_config_enabled MBEDTLS_DEBUG_C
30requires_config_enabled MBEDTLS_SSL_CLI_C
31requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
32requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
33run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]34 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
35 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
36 0 \
37 -c "HTTP/1.0 200 ok" \
38 -c "ECDH curve: secp256r1" \
39 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
40 -c "Certificate Verify: Signature algorithm ( 0403 )" \
41 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]42requires_gnutls_tls1_3
43requires_gnutls_next_no_ticket
44requires_gnutls_next_disable_tls13_compat
45requires_config_enabled MBEDTLS_DEBUG_C
46requires_config_enabled MBEDTLS_SSL_CLI_C
47requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
48requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
49run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]50 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-SECP256R1:+SHA256:+AEAD:+AES-128-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
51 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
52 0 \
53 -c "HTTP/1.0 200 OK" \
54 -c "ECDH curve: secp256r1" \
55 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
56 -c "Certificate Verify: Signature algorithm ( 0403 )" \
57 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]58requires_openssl_tls1_3
59requires_config_enabled MBEDTLS_DEBUG_C
60requires_config_enabled MBEDTLS_SSL_CLI_C
61requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
62requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
63run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]64 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
65 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
66 0 \
67 -c "HTTP/1.0 200 ok" \
68 -c "ECDH curve: secp384r1" \
69 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
70 -c "Certificate Verify: Signature algorithm ( 0403 )" \
71 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]72requires_gnutls_tls1_3
73requires_gnutls_next_no_ticket
74requires_gnutls_next_disable_tls13_compat
75requires_config_enabled MBEDTLS_DEBUG_C
76requires_config_enabled MBEDTLS_SSL_CLI_C
77requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
78requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
79run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]80 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
81 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
82 0 \
83 -c "HTTP/1.0 200 OK" \
84 -c "ECDH curve: secp384r1" \
85 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
86 -c "Certificate Verify: Signature algorithm ( 0403 )" \
87 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]88requires_openssl_tls1_3
89requires_config_enabled MBEDTLS_DEBUG_C
90requires_config_enabled MBEDTLS_SSL_CLI_C
91requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
92requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
93run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]94 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
95 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
96 0 \
97 -c "HTTP/1.0 200 ok" \
98 -c "ECDH curve: secp521r1" \
99 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
100 -c "Certificate Verify: Signature algorithm ( 0403 )" \
101 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]102requires_gnutls_tls1_3
103requires_gnutls_next_no_ticket
104requires_gnutls_next_disable_tls13_compat
105requires_config_enabled MBEDTLS_DEBUG_C
106requires_config_enabled MBEDTLS_SSL_CLI_C
107requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
108requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
109run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]110 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
111 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
112 0 \
113 -c "HTTP/1.0 200 OK" \
114 -c "ECDH curve: secp521r1" \
115 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
116 -c "Certificate Verify: Signature algorithm ( 0403 )" \
117 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]118requires_openssl_tls1_3
119requires_config_enabled MBEDTLS_DEBUG_C
120requires_config_enabled MBEDTLS_SSL_CLI_C
121requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
122requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
123run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]124 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
125 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
126 0 \
127 -c "HTTP/1.0 200 ok" \
128 -c "ECDH curve: x25519" \
129 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
130 -c "Certificate Verify: Signature algorithm ( 0403 )" \
131 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]132requires_gnutls_tls1_3
133requires_gnutls_next_no_ticket
134requires_gnutls_next_disable_tls13_compat
135requires_config_enabled MBEDTLS_DEBUG_C
136requires_config_enabled MBEDTLS_SSL_CLI_C
137requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
138requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
139run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]140 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-X25519:+SHA256:+AEAD:+AES-128-GCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
141 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
142 0 \
143 -c "HTTP/1.0 200 OK" \
144 -c "ECDH curve: x25519" \
145 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
146 -c "Certificate Verify: Signature algorithm ( 0403 )" \
147 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]148requires_openssl_tls1_3
149requires_config_enabled MBEDTLS_DEBUG_C
150requires_config_enabled MBEDTLS_SSL_CLI_C
151requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
152requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
153run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]154 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
155 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
156 0 \
157 -c "HTTP/1.0 200 ok" \
158 -c "ECDH curve: x448" \
159 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
160 -c "Certificate Verify: Signature algorithm ( 0403 )" \
161 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]162requires_gnutls_tls1_3
163requires_gnutls_next_no_ticket
164requires_gnutls_next_disable_tls13_compat
165requires_config_enabled MBEDTLS_DEBUG_C
166requires_config_enabled MBEDTLS_SSL_CLI_C
167requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
168requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
169run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]170 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+AEAD:+AES-128-GCM:+GROUP-X448:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
171 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
172 0 \
173 -c "HTTP/1.0 200 OK" \
174 -c "ECDH curve: x448" \
175 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
176 -c "Certificate Verify: Signature algorithm ( 0403 )" \
177 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]178requires_openssl_tls1_3
179requires_config_enabled MBEDTLS_DEBUG_C
180requires_config_enabled MBEDTLS_SSL_CLI_C
181requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
182requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
183run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]184 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
185 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
186 0 \
187 -c "HTTP/1.0 200 ok" \
188 -c "ECDH curve: secp256r1" \
189 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
190 -c "Certificate Verify: Signature algorithm ( 0503 )" \
191 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]192requires_gnutls_tls1_3
193requires_gnutls_next_no_ticket
194requires_gnutls_next_disable_tls13_compat
195requires_config_enabled MBEDTLS_DEBUG_C
196requires_config_enabled MBEDTLS_SSL_CLI_C
197requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
198requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
199run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]200 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-SECP256R1:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
201 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
202 0 \
203 -c "HTTP/1.0 200 OK" \
204 -c "ECDH curve: secp256r1" \
205 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
206 -c "Certificate Verify: Signature algorithm ( 0503 )" \
207 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]208requires_openssl_tls1_3
209requires_config_enabled MBEDTLS_DEBUG_C
210requires_config_enabled MBEDTLS_SSL_CLI_C
211requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
212requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
213run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]214 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
215 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
216 0 \
217 -c "HTTP/1.0 200 ok" \
218 -c "ECDH curve: secp384r1" \
219 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
220 -c "Certificate Verify: Signature algorithm ( 0503 )" \
221 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]222requires_gnutls_tls1_3
223requires_gnutls_next_no_ticket
224requires_gnutls_next_disable_tls13_compat
225requires_config_enabled MBEDTLS_DEBUG_C
226requires_config_enabled MBEDTLS_SSL_CLI_C
227requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
228requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
229run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]230 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
231 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
232 0 \
233 -c "HTTP/1.0 200 OK" \
234 -c "ECDH curve: secp384r1" \
235 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
236 -c "Certificate Verify: Signature algorithm ( 0503 )" \
237 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]238requires_openssl_tls1_3
239requires_config_enabled MBEDTLS_DEBUG_C
240requires_config_enabled MBEDTLS_SSL_CLI_C
241requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
242requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
243run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]244 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
245 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
246 0 \
247 -c "HTTP/1.0 200 ok" \
248 -c "ECDH curve: secp521r1" \
249 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
250 -c "Certificate Verify: Signature algorithm ( 0503 )" \
251 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]252requires_gnutls_tls1_3
253requires_gnutls_next_no_ticket
254requires_gnutls_next_disable_tls13_compat
255requires_config_enabled MBEDTLS_DEBUG_C
256requires_config_enabled MBEDTLS_SSL_CLI_C
257requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
258requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
259run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]260 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
261 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
262 0 \
263 -c "HTTP/1.0 200 OK" \
264 -c "ECDH curve: secp521r1" \
265 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
266 -c "Certificate Verify: Signature algorithm ( 0503 )" \
267 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]268requires_openssl_tls1_3
269requires_config_enabled MBEDTLS_DEBUG_C
270requires_config_enabled MBEDTLS_SSL_CLI_C
271requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
272requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
273run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]274 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
275 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
276 0 \
277 -c "HTTP/1.0 200 ok" \
278 -c "ECDH curve: x25519" \
279 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
280 -c "Certificate Verify: Signature algorithm ( 0503 )" \
281 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]282requires_gnutls_tls1_3
283requires_gnutls_next_no_ticket
284requires_gnutls_next_disable_tls13_compat
285requires_config_enabled MBEDTLS_DEBUG_C
286requires_config_enabled MBEDTLS_SSL_CLI_C
287requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
288requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
289run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]290 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-X25519:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
291 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
292 0 \
293 -c "HTTP/1.0 200 OK" \
294 -c "ECDH curve: x25519" \
295 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
296 -c "Certificate Verify: Signature algorithm ( 0503 )" \
297 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]298requires_openssl_tls1_3
299requires_config_enabled MBEDTLS_DEBUG_C
300requires_config_enabled MBEDTLS_SSL_CLI_C
301requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
302requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
303run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]304 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
305 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
306 0 \
307 -c "HTTP/1.0 200 ok" \
308 -c "ECDH curve: x448" \
309 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
310 -c "Certificate Verify: Signature algorithm ( 0503 )" \
311 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]312requires_gnutls_tls1_3
313requires_gnutls_next_no_ticket
314requires_gnutls_next_disable_tls13_compat
315requires_config_enabled MBEDTLS_DEBUG_C
316requires_config_enabled MBEDTLS_SSL_CLI_C
317requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
318requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
319run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]320 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-GCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
321 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
322 0 \
323 -c "HTTP/1.0 200 OK" \
324 -c "ECDH curve: x448" \
325 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
326 -c "Certificate Verify: Signature algorithm ( 0503 )" \
327 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]328requires_openssl_tls1_3
329requires_config_enabled MBEDTLS_DEBUG_C
330requires_config_enabled MBEDTLS_SSL_CLI_C
331requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
332requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
333run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]334 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
335 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
336 0 \
337 -c "HTTP/1.0 200 ok" \
338 -c "ECDH curve: secp256r1" \
339 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
340 -c "Certificate Verify: Signature algorithm ( 0603 )" \
341 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]342requires_gnutls_tls1_3
343requires_gnutls_next_no_ticket
344requires_gnutls_next_disable_tls13_compat
345requires_config_enabled MBEDTLS_DEBUG_C
346requires_config_enabled MBEDTLS_SSL_CLI_C
347requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
348requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
349run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]350 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+SHA256:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
351 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
352 0 \
353 -c "HTTP/1.0 200 OK" \
354 -c "ECDH curve: secp256r1" \
355 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
356 -c "Certificate Verify: Signature algorithm ( 0603 )" \
357 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]358requires_openssl_tls1_3
359requires_config_enabled MBEDTLS_DEBUG_C
360requires_config_enabled MBEDTLS_SSL_CLI_C
361requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
362requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
363run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]364 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
365 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
366 0 \
367 -c "HTTP/1.0 200 ok" \
368 -c "ECDH curve: secp384r1" \
369 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
370 -c "Certificate Verify: Signature algorithm ( 0603 )" \
371 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]372requires_gnutls_tls1_3
373requires_gnutls_next_no_ticket
374requires_gnutls_next_disable_tls13_compat
375requires_config_enabled MBEDTLS_DEBUG_C
376requires_config_enabled MBEDTLS_SSL_CLI_C
377requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
378requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
379run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]380 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
381 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
382 0 \
383 -c "HTTP/1.0 200 OK" \
384 -c "ECDH curve: secp384r1" \
385 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
386 -c "Certificate Verify: Signature algorithm ( 0603 )" \
387 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]388requires_openssl_tls1_3
389requires_config_enabled MBEDTLS_DEBUG_C
390requires_config_enabled MBEDTLS_SSL_CLI_C
391requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
392requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
393run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]394 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
395 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
396 0 \
397 -c "HTTP/1.0 200 ok" \
398 -c "ECDH curve: secp521r1" \
399 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
400 -c "Certificate Verify: Signature algorithm ( 0603 )" \
401 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]402requires_gnutls_tls1_3
403requires_gnutls_next_no_ticket
404requires_gnutls_next_disable_tls13_compat
405requires_config_enabled MBEDTLS_DEBUG_C
406requires_config_enabled MBEDTLS_SSL_CLI_C
407requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
408requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
409run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]410 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
411 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
412 0 \
413 -c "HTTP/1.0 200 OK" \
414 -c "ECDH curve: secp521r1" \
415 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
416 -c "Certificate Verify: Signature algorithm ( 0603 )" \
417 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]418requires_openssl_tls1_3
419requires_config_enabled MBEDTLS_DEBUG_C
420requires_config_enabled MBEDTLS_SSL_CLI_C
421requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
422requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
423run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]424 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
425 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
426 0 \
427 -c "HTTP/1.0 200 ok" \
428 -c "ECDH curve: x25519" \
429 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
430 -c "Certificate Verify: Signature algorithm ( 0603 )" \
431 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]432requires_gnutls_tls1_3
433requires_gnutls_next_no_ticket
434requires_gnutls_next_disable_tls13_compat
435requires_config_enabled MBEDTLS_DEBUG_C
436requires_config_enabled MBEDTLS_SSL_CLI_C
437requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
438requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
439run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]440 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+SHA256:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
441 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
442 0 \
443 -c "HTTP/1.0 200 OK" \
444 -c "ECDH curve: x25519" \
445 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
446 -c "Certificate Verify: Signature algorithm ( 0603 )" \
447 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]448requires_openssl_tls1_3
449requires_config_enabled MBEDTLS_DEBUG_C
450requires_config_enabled MBEDTLS_SSL_CLI_C
451requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
452requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
453run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]454 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
455 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
456 0 \
457 -c "HTTP/1.0 200 ok" \
458 -c "ECDH curve: x448" \
459 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
460 -c "Certificate Verify: Signature algorithm ( 0603 )" \
461 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]462requires_gnutls_tls1_3
463requires_gnutls_next_no_ticket
464requires_gnutls_next_disable_tls13_compat
465requires_config_enabled MBEDTLS_DEBUG_C
466requires_config_enabled MBEDTLS_SSL_CLI_C
467requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
468requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
469run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]470 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+AEAD:+AES-128-GCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
471 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
472 0 \
473 -c "HTTP/1.0 200 OK" \
474 -c "ECDH curve: x448" \
475 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
476 -c "Certificate Verify: Signature algorithm ( 0603 )" \
477 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]478requires_openssl_tls1_3
479requires_config_enabled MBEDTLS_DEBUG_C
480requires_config_enabled MBEDTLS_SSL_CLI_C
481requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
482requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
483requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
484run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]485 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
486 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
487 0 \
488 -c "HTTP/1.0 200 ok" \
489 -c "ECDH curve: secp256r1" \
490 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
491 -c "Certificate Verify: Signature algorithm ( 0804 )" \
492 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]493requires_gnutls_tls1_3
494requires_gnutls_next_no_ticket
495requires_gnutls_next_disable_tls13_compat
496requires_config_enabled MBEDTLS_DEBUG_C
497requires_config_enabled MBEDTLS_SSL_CLI_C
498requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
499requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
500requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
501run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]502 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-SECP256R1:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
503 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
504 0 \
505 -c "HTTP/1.0 200 OK" \
506 -c "ECDH curve: secp256r1" \
507 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
508 -c "Certificate Verify: Signature algorithm ( 0804 )" \
509 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]510requires_openssl_tls1_3
511requires_config_enabled MBEDTLS_DEBUG_C
512requires_config_enabled MBEDTLS_SSL_CLI_C
513requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
514requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
515requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
516run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]517 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
518 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
519 0 \
520 -c "HTTP/1.0 200 ok" \
521 -c "ECDH curve: secp384r1" \
522 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
523 -c "Certificate Verify: Signature algorithm ( 0804 )" \
524 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]525requires_gnutls_tls1_3
526requires_gnutls_next_no_ticket
527requires_gnutls_next_disable_tls13_compat
528requires_config_enabled MBEDTLS_DEBUG_C
529requires_config_enabled MBEDTLS_SSL_CLI_C
530requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
531requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
532requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
533run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]534 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
535 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
536 0 \
537 -c "HTTP/1.0 200 OK" \
538 -c "ECDH curve: secp384r1" \
539 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
540 -c "Certificate Verify: Signature algorithm ( 0804 )" \
541 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]542requires_openssl_tls1_3
543requires_config_enabled MBEDTLS_DEBUG_C
544requires_config_enabled MBEDTLS_SSL_CLI_C
545requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
546requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
547requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
548run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]549 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
550 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
551 0 \
552 -c "HTTP/1.0 200 ok" \
553 -c "ECDH curve: secp521r1" \
554 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
555 -c "Certificate Verify: Signature algorithm ( 0804 )" \
556 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]557requires_gnutls_tls1_3
558requires_gnutls_next_no_ticket
559requires_gnutls_next_disable_tls13_compat
560requires_config_enabled MBEDTLS_DEBUG_C
561requires_config_enabled MBEDTLS_SSL_CLI_C
562requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
563requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
564requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
565run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]566 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
567 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
568 0 \
569 -c "HTTP/1.0 200 OK" \
570 -c "ECDH curve: secp521r1" \
571 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
572 -c "Certificate Verify: Signature algorithm ( 0804 )" \
573 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]574requires_openssl_tls1_3
575requires_config_enabled MBEDTLS_DEBUG_C
576requires_config_enabled MBEDTLS_SSL_CLI_C
577requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
578requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
579requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
580run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]581 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
582 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
583 0 \
584 -c "HTTP/1.0 200 ok" \
585 -c "ECDH curve: x25519" \
586 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
587 -c "Certificate Verify: Signature algorithm ( 0804 )" \
588 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]589requires_gnutls_tls1_3
590requires_gnutls_next_no_ticket
591requires_gnutls_next_disable_tls13_compat
592requires_config_enabled MBEDTLS_DEBUG_C
593requires_config_enabled MBEDTLS_SSL_CLI_C
594requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
595requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
596requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
597run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]598 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-X25519:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-GCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
599 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
600 0 \
601 -c "HTTP/1.0 200 OK" \
602 -c "ECDH curve: x25519" \
603 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
604 -c "Certificate Verify: Signature algorithm ( 0804 )" \
605 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]606requires_openssl_tls1_3
607requires_config_enabled MBEDTLS_DEBUG_C
608requires_config_enabled MBEDTLS_SSL_CLI_C
609requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
610requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
611requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
612run_test "TLS1.3 m->O: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]613 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
614 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
615 0 \
616 -c "HTTP/1.0 200 ok" \
617 -c "ECDH curve: x448" \
618 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
619 -c "Certificate Verify: Signature algorithm ( 0804 )" \
620 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]621requires_gnutls_tls1_3
622requires_gnutls_next_no_ticket
623requires_gnutls_next_disable_tls13_compat
624requires_config_enabled MBEDTLS_DEBUG_C
625requires_config_enabled MBEDTLS_SSL_CLI_C
626requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
627requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
628requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
629run_test "TLS1.3 m->G: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]630 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-GCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
631 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
632 0 \
633 -c "HTTP/1.0 200 OK" \
634 -c "ECDH curve: x448" \
635 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
636 -c "Certificate Verify: Signature algorithm ( 0804 )" \
637 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]638requires_openssl_tls1_3
639requires_config_enabled MBEDTLS_DEBUG_C
640requires_config_enabled MBEDTLS_SSL_CLI_C
641requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
642requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
643run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]644 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
645 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
646 0 \
647 -c "HTTP/1.0 200 ok" \
648 -c "ECDH curve: secp256r1" \
649 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
650 -c "Certificate Verify: Signature algorithm ( 0403 )" \
651 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]652requires_gnutls_tls1_3
653requires_gnutls_next_no_ticket
654requires_gnutls_next_disable_tls13_compat
655requires_config_enabled MBEDTLS_DEBUG_C
656requires_config_enabled MBEDTLS_SSL_CLI_C
657requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
658requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
659run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]660 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
661 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
662 0 \
663 -c "HTTP/1.0 200 OK" \
664 -c "ECDH curve: secp256r1" \
665 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
666 -c "Certificate Verify: Signature algorithm ( 0403 )" \
667 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]668requires_openssl_tls1_3
669requires_config_enabled MBEDTLS_DEBUG_C
670requires_config_enabled MBEDTLS_SSL_CLI_C
671requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
672requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
673run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]674 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
675 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
676 0 \
677 -c "HTTP/1.0 200 ok" \
678 -c "ECDH curve: secp384r1" \
679 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
680 -c "Certificate Verify: Signature algorithm ( 0403 )" \
681 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]682requires_gnutls_tls1_3
683requires_gnutls_next_no_ticket
684requires_gnutls_next_disable_tls13_compat
685requires_config_enabled MBEDTLS_DEBUG_C
686requires_config_enabled MBEDTLS_SSL_CLI_C
687requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
688requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
689run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]690 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+GROUP-SECP384R1:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
691 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
692 0 \
693 -c "HTTP/1.0 200 OK" \
694 -c "ECDH curve: secp384r1" \
695 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
696 -c "Certificate Verify: Signature algorithm ( 0403 )" \
697 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]698requires_openssl_tls1_3
699requires_config_enabled MBEDTLS_DEBUG_C
700requires_config_enabled MBEDTLS_SSL_CLI_C
701requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
702requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
703run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]704 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
705 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
706 0 \
707 -c "HTTP/1.0 200 ok" \
708 -c "ECDH curve: secp521r1" \
709 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
710 -c "Certificate Verify: Signature algorithm ( 0403 )" \
711 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]712requires_gnutls_tls1_3
713requires_gnutls_next_no_ticket
714requires_gnutls_next_disable_tls13_compat
715requires_config_enabled MBEDTLS_DEBUG_C
716requires_config_enabled MBEDTLS_SSL_CLI_C
717requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
718requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
719run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]720 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AES-256-GCM:+SHA384:+GROUP-SECP521R1:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
721 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
722 0 \
723 -c "HTTP/1.0 200 OK" \
724 -c "ECDH curve: secp521r1" \
725 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
726 -c "Certificate Verify: Signature algorithm ( 0403 )" \
727 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]728requires_openssl_tls1_3
729requires_config_enabled MBEDTLS_DEBUG_C
730requires_config_enabled MBEDTLS_SSL_CLI_C
731requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
732requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
733run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]734 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
735 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
736 0 \
737 -c "HTTP/1.0 200 ok" \
738 -c "ECDH curve: x25519" \
739 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
740 -c "Certificate Verify: Signature algorithm ( 0403 )" \
741 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]742requires_gnutls_tls1_3
743requires_gnutls_next_no_ticket
744requires_gnutls_next_disable_tls13_compat
745requires_config_enabled MBEDTLS_DEBUG_C
746requires_config_enabled MBEDTLS_SSL_CLI_C
747requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
748requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
749run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]750 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-X25519:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
751 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
752 0 \
753 -c "HTTP/1.0 200 OK" \
754 -c "ECDH curve: x25519" \
755 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
756 -c "Certificate Verify: Signature algorithm ( 0403 )" \
757 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]758requires_openssl_tls1_3
759requires_config_enabled MBEDTLS_DEBUG_C
760requires_config_enabled MBEDTLS_SSL_CLI_C
761requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
762requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
763run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]764 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
765 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
766 0 \
767 -c "HTTP/1.0 200 ok" \
768 -c "ECDH curve: x448" \
769 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
770 -c "Certificate Verify: Signature algorithm ( 0403 )" \
771 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]772requires_gnutls_tls1_3
773requires_gnutls_next_no_ticket
774requires_gnutls_next_disable_tls13_compat
775requires_config_enabled MBEDTLS_DEBUG_C
776requires_config_enabled MBEDTLS_SSL_CLI_C
777requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
778requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
779run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]780 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+GROUP-X448:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
781 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
782 0 \
783 -c "HTTP/1.0 200 OK" \
784 -c "ECDH curve: x448" \
785 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
786 -c "Certificate Verify: Signature algorithm ( 0403 )" \
787 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]788requires_openssl_tls1_3
789requires_config_enabled MBEDTLS_DEBUG_C
790requires_config_enabled MBEDTLS_SSL_CLI_C
791requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
792requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
793run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]794 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
795 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
796 0 \
797 -c "HTTP/1.0 200 ok" \
798 -c "ECDH curve: secp256r1" \
799 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
800 -c "Certificate Verify: Signature algorithm ( 0503 )" \
801 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]802requires_gnutls_tls1_3
803requires_gnutls_next_no_ticket
804requires_gnutls_next_disable_tls13_compat
805requires_config_enabled MBEDTLS_DEBUG_C
806requires_config_enabled MBEDTLS_SSL_CLI_C
807requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
808requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
809run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]810 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
811 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
812 0 \
813 -c "HTTP/1.0 200 OK" \
814 -c "ECDH curve: secp256r1" \
815 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
816 -c "Certificate Verify: Signature algorithm ( 0503 )" \
817 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]818requires_openssl_tls1_3
819requires_config_enabled MBEDTLS_DEBUG_C
820requires_config_enabled MBEDTLS_SSL_CLI_C
821requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
822requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
823run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]824 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
825 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
826 0 \
827 -c "HTTP/1.0 200 ok" \
828 -c "ECDH curve: secp384r1" \
829 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
830 -c "Certificate Verify: Signature algorithm ( 0503 )" \
831 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]832requires_gnutls_tls1_3
833requires_gnutls_next_no_ticket
834requires_gnutls_next_disable_tls13_compat
835requires_config_enabled MBEDTLS_DEBUG_C
836requires_config_enabled MBEDTLS_SSL_CLI_C
837requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
838requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
839run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]840 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AES-256-GCM:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+AEAD:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
841 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
842 0 \
843 -c "HTTP/1.0 200 OK" \
844 -c "ECDH curve: secp384r1" \
845 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
846 -c "Certificate Verify: Signature algorithm ( 0503 )" \
847 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]848requires_openssl_tls1_3
849requires_config_enabled MBEDTLS_DEBUG_C
850requires_config_enabled MBEDTLS_SSL_CLI_C
851requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
852requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
853run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]854 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
855 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
856 0 \
857 -c "HTTP/1.0 200 ok" \
858 -c "ECDH curve: secp521r1" \
859 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
860 -c "Certificate Verify: Signature algorithm ( 0503 )" \
861 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]862requires_gnutls_tls1_3
863requires_gnutls_next_no_ticket
864requires_gnutls_next_disable_tls13_compat
865requires_config_enabled MBEDTLS_DEBUG_C
866requires_config_enabled MBEDTLS_SSL_CLI_C
867requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
868requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
869run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]870 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AES-256-GCM:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
871 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
872 0 \
873 -c "HTTP/1.0 200 OK" \
874 -c "ECDH curve: secp521r1" \
875 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
876 -c "Certificate Verify: Signature algorithm ( 0503 )" \
877 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]878requires_openssl_tls1_3
879requires_config_enabled MBEDTLS_DEBUG_C
880requires_config_enabled MBEDTLS_SSL_CLI_C
881requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
882requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
883run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]884 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
885 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
886 0 \
887 -c "HTTP/1.0 200 ok" \
888 -c "ECDH curve: x25519" \
889 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
890 -c "Certificate Verify: Signature algorithm ( 0503 )" \
891 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]892requires_gnutls_tls1_3
893requires_gnutls_next_no_ticket
894requires_gnutls_next_disable_tls13_compat
895requires_config_enabled MBEDTLS_DEBUG_C
896requires_config_enabled MBEDTLS_SSL_CLI_C
897requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
898requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
899run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]900 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-X25519:+AES-256-GCM:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
901 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
902 0 \
903 -c "HTTP/1.0 200 OK" \
904 -c "ECDH curve: x25519" \
905 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
906 -c "Certificate Verify: Signature algorithm ( 0503 )" \
907 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]908requires_openssl_tls1_3
909requires_config_enabled MBEDTLS_DEBUG_C
910requires_config_enabled MBEDTLS_SSL_CLI_C
911requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
912requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
913run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]914 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
915 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
916 0 \
917 -c "HTTP/1.0 200 ok" \
918 -c "ECDH curve: x448" \
919 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
920 -c "Certificate Verify: Signature algorithm ( 0503 )" \
921 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]922requires_gnutls_tls1_3
923requires_gnutls_next_no_ticket
924requires_gnutls_next_disable_tls13_compat
925requires_config_enabled MBEDTLS_DEBUG_C
926requires_config_enabled MBEDTLS_SSL_CLI_C
927requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
928requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
929run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]930 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+AES-256-GCM:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+AEAD:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
931 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
932 0 \
933 -c "HTTP/1.0 200 OK" \
934 -c "ECDH curve: x448" \
935 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
936 -c "Certificate Verify: Signature algorithm ( 0503 )" \
937 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]938requires_openssl_tls1_3
939requires_config_enabled MBEDTLS_DEBUG_C
940requires_config_enabled MBEDTLS_SSL_CLI_C
941requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
942requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
943run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]944 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
945 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
946 0 \
947 -c "HTTP/1.0 200 ok" \
948 -c "ECDH curve: secp256r1" \
949 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
950 -c "Certificate Verify: Signature algorithm ( 0603 )" \
951 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]952requires_gnutls_tls1_3
953requires_gnutls_next_no_ticket
954requires_gnutls_next_disable_tls13_compat
955requires_config_enabled MBEDTLS_DEBUG_C
956requires_config_enabled MBEDTLS_SSL_CLI_C
957requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
958requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
959run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]960 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
961 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
962 0 \
963 -c "HTTP/1.0 200 OK" \
964 -c "ECDH curve: secp256r1" \
965 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
966 -c "Certificate Verify: Signature algorithm ( 0603 )" \
967 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]968requires_openssl_tls1_3
969requires_config_enabled MBEDTLS_DEBUG_C
970requires_config_enabled MBEDTLS_SSL_CLI_C
971requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
972requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
973run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]974 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
975 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
976 0 \
977 -c "HTTP/1.0 200 ok" \
978 -c "ECDH curve: secp384r1" \
979 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
980 -c "Certificate Verify: Signature algorithm ( 0603 )" \
981 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]982requires_gnutls_tls1_3
983requires_gnutls_next_no_ticket
984requires_gnutls_next_disable_tls13_compat
985requires_config_enabled MBEDTLS_DEBUG_C
986requires_config_enabled MBEDTLS_SSL_CLI_C
987requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
988requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
989run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]990 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+AES-256-GCM:+SHA384:+AEAD:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
991 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
992 0 \
993 -c "HTTP/1.0 200 OK" \
994 -c "ECDH curve: secp384r1" \
995 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
996 -c "Certificate Verify: Signature algorithm ( 0603 )" \
997 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]998requires_openssl_tls1_3
999requires_config_enabled MBEDTLS_DEBUG_C
1000requires_config_enabled MBEDTLS_SSL_CLI_C
1001requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1002requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1003run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1004 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1005 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1006 0 \
1007 -c "HTTP/1.0 200 ok" \
1008 -c "ECDH curve: secp521r1" \
1009 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1010 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1011 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1012requires_gnutls_tls1_3
1013requires_gnutls_next_no_ticket
1014requires_gnutls_next_disable_tls13_compat
1015requires_config_enabled MBEDTLS_DEBUG_C
1016requires_config_enabled MBEDTLS_SSL_CLI_C
1017requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1018requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1019run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1020 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+AES-256-GCM:+SHA384:+GROUP-SECP521R1:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1021 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1022 0 \
1023 -c "HTTP/1.0 200 OK" \
1024 -c "ECDH curve: secp521r1" \
1025 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1026 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1027 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1028requires_openssl_tls1_3
1029requires_config_enabled MBEDTLS_DEBUG_C
1030requires_config_enabled MBEDTLS_SSL_CLI_C
1031requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1032requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1033run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1034 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1035 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1036 0 \
1037 -c "HTTP/1.0 200 ok" \
1038 -c "ECDH curve: x25519" \
1039 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1040 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1041 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1042requires_gnutls_tls1_3
1043requires_gnutls_next_no_ticket
1044requires_gnutls_next_disable_tls13_compat
1045requires_config_enabled MBEDTLS_DEBUG_C
1046requires_config_enabled MBEDTLS_SSL_CLI_C
1047requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1048requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1049run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1050 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+AES-256-GCM:+SHA384:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1051 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1052 0 \
1053 -c "HTTP/1.0 200 OK" \
1054 -c "ECDH curve: x25519" \
1055 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1056 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1057 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1058requires_openssl_tls1_3
1059requires_config_enabled MBEDTLS_DEBUG_C
1060requires_config_enabled MBEDTLS_SSL_CLI_C
1061requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1062requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1063run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1064 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1065 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1066 0 \
1067 -c "HTTP/1.0 200 ok" \
1068 -c "ECDH curve: x448" \
1069 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1070 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1071 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1072requires_gnutls_tls1_3
1073requires_gnutls_next_no_ticket
1074requires_gnutls_next_disable_tls13_compat
1075requires_config_enabled MBEDTLS_DEBUG_C
1076requires_config_enabled MBEDTLS_SSL_CLI_C
1077requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1078requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1079run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1080 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+AES-256-GCM:+SHA384:+AEAD:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1081 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1082 0 \
1083 -c "HTTP/1.0 200 OK" \
1084 -c "ECDH curve: x448" \
1085 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1086 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1087 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1088requires_openssl_tls1_3
1089requires_config_enabled MBEDTLS_DEBUG_C
1090requires_config_enabled MBEDTLS_SSL_CLI_C
1091requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1092requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1093requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1094run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1095 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1096 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
1097 0 \
1098 -c "HTTP/1.0 200 ok" \
1099 -c "ECDH curve: secp256r1" \
1100 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1101 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1102 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1103requires_gnutls_tls1_3
1104requires_gnutls_next_no_ticket
1105requires_gnutls_next_disable_tls13_compat
1106requires_config_enabled MBEDTLS_DEBUG_C
1107requires_config_enabled MBEDTLS_SSL_CLI_C
1108requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1109requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1110requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1111run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1112 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1113 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
1114 0 \
1115 -c "HTTP/1.0 200 OK" \
1116 -c "ECDH curve: secp256r1" \
1117 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1118 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1119 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1120requires_openssl_tls1_3
1121requires_config_enabled MBEDTLS_DEBUG_C
1122requires_config_enabled MBEDTLS_SSL_CLI_C
1123requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1124requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1125requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1126run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1127 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1128 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
1129 0 \
1130 -c "HTTP/1.0 200 ok" \
1131 -c "ECDH curve: secp384r1" \
1132 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1133 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1134 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1135requires_gnutls_tls1_3
1136requires_gnutls_next_no_ticket
1137requires_gnutls_next_disable_tls13_compat
1138requires_config_enabled MBEDTLS_DEBUG_C
1139requires_config_enabled MBEDTLS_SSL_CLI_C
1140requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1141requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1142requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1143run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1144 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+AEAD:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1145 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
1146 0 \
1147 -c "HTTP/1.0 200 OK" \
1148 -c "ECDH curve: secp384r1" \
1149 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1150 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1151 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1152requires_openssl_tls1_3
1153requires_config_enabled MBEDTLS_DEBUG_C
1154requires_config_enabled MBEDTLS_SSL_CLI_C
1155requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1156requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1157requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1158run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1159 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1160 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
1161 0 \
1162 -c "HTTP/1.0 200 ok" \
1163 -c "ECDH curve: secp521r1" \
1164 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1165 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1166 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1167requires_gnutls_tls1_3
1168requires_gnutls_next_no_ticket
1169requires_gnutls_next_disable_tls13_compat
1170requires_config_enabled MBEDTLS_DEBUG_C
1171requires_config_enabled MBEDTLS_SSL_CLI_C
1172requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1173requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1174requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1175run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1176 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+GROUP-SECP521R1:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1177 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
1178 0 \
1179 -c "HTTP/1.0 200 OK" \
1180 -c "ECDH curve: secp521r1" \
1181 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1182 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1183 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1184requires_openssl_tls1_3
1185requires_config_enabled MBEDTLS_DEBUG_C
1186requires_config_enabled MBEDTLS_SSL_CLI_C
1187requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1188requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1189requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1190run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1191 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1192 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
1193 0 \
1194 -c "HTTP/1.0 200 ok" \
1195 -c "ECDH curve: x25519" \
1196 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1197 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1198 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1199requires_gnutls_tls1_3
1200requires_gnutls_next_no_ticket
1201requires_gnutls_next_disable_tls13_compat
1202requires_config_enabled MBEDTLS_DEBUG_C
1203requires_config_enabled MBEDTLS_SSL_CLI_C
1204requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1205requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1206requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1207run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1208 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-X25519:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1209 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
1210 0 \
1211 -c "HTTP/1.0 200 OK" \
1212 -c "ECDH curve: x25519" \
1213 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1214 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1215 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1216requires_openssl_tls1_3
1217requires_config_enabled MBEDTLS_DEBUG_C
1218requires_config_enabled MBEDTLS_SSL_CLI_C
1219requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1220requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1221requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1222run_test "TLS1.3 m->O: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1223 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1224 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
1225 0 \
1226 -c "HTTP/1.0 200 ok" \
1227 -c "ECDH curve: x448" \
1228 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1229 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1230 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1231requires_gnutls_tls1_3
1232requires_gnutls_next_no_ticket
1233requires_gnutls_next_disable_tls13_compat
1234requires_config_enabled MBEDTLS_DEBUG_C
1235requires_config_enabled MBEDTLS_SSL_CLI_C
1236requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1237requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1238requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1239run_test "TLS1.3 m->G: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1240 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SIGN-RSA-PSS-RSAE-SHA256:+SHA384:+AEAD:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1241 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
1242 0 \
1243 -c "HTTP/1.0 200 OK" \
1244 -c "ECDH curve: x448" \
1245 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1246 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1247 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1248requires_openssl_tls1_3
1249requires_config_enabled MBEDTLS_DEBUG_C
1250requires_config_enabled MBEDTLS_SSL_CLI_C
1251requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1252requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1253run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1254 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1255 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1256 0 \
1257 -c "HTTP/1.0 200 ok" \
1258 -c "ECDH curve: secp256r1" \
1259 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1260 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1261 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1262requires_gnutls_tls1_3
1263requires_gnutls_next_no_ticket
1264requires_gnutls_next_disable_tls13_compat
1265requires_config_enabled MBEDTLS_DEBUG_C
1266requires_config_enabled MBEDTLS_SSL_CLI_C
1267requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1268requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1269run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1270 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-SECP256R1:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1271 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1272 0 \
1273 -c "HTTP/1.0 200 OK" \
1274 -c "ECDH curve: secp256r1" \
1275 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1276 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1277 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1278requires_openssl_tls1_3
1279requires_config_enabled MBEDTLS_DEBUG_C
1280requires_config_enabled MBEDTLS_SSL_CLI_C
1281requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1282requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1283run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1284 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1285 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1286 0 \
1287 -c "HTTP/1.0 200 ok" \
1288 -c "ECDH curve: secp384r1" \
1289 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1290 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1291 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1292requires_gnutls_tls1_3
1293requires_gnutls_next_no_ticket
1294requires_gnutls_next_disable_tls13_compat
1295requires_config_enabled MBEDTLS_DEBUG_C
1296requires_config_enabled MBEDTLS_SSL_CLI_C
1297requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1298requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1299run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1300 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+GROUP-SECP384R1:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1301 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1302 0 \
1303 -c "HTTP/1.0 200 OK" \
1304 -c "ECDH curve: secp384r1" \
1305 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1306 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1307 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1308requires_openssl_tls1_3
1309requires_config_enabled MBEDTLS_DEBUG_C
1310requires_config_enabled MBEDTLS_SSL_CLI_C
1311requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1312requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1313run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1314 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1315 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1316 0 \
1317 -c "HTTP/1.0 200 ok" \
1318 -c "ECDH curve: secp521r1" \
1319 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1320 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1321 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1322requires_gnutls_tls1_3
1323requires_gnutls_next_no_ticket
1324requires_gnutls_next_disable_tls13_compat
1325requires_config_enabled MBEDTLS_DEBUG_C
1326requires_config_enabled MBEDTLS_SSL_CLI_C
1327requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1328requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1329run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1330 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+GROUP-SECP521R1:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1331 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1332 0 \
1333 -c "HTTP/1.0 200 OK" \
1334 -c "ECDH curve: secp521r1" \
1335 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1336 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1337 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1338requires_openssl_tls1_3
1339requires_config_enabled MBEDTLS_DEBUG_C
1340requires_config_enabled MBEDTLS_SSL_CLI_C
1341requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1342requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1343run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1344 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1345 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1346 0 \
1347 -c "HTTP/1.0 200 ok" \
1348 -c "ECDH curve: x25519" \
1349 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1350 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1351 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1352requires_gnutls_tls1_3
1353requires_gnutls_next_no_ticket
1354requires_gnutls_next_disable_tls13_compat
1355requires_config_enabled MBEDTLS_DEBUG_C
1356requires_config_enabled MBEDTLS_SSL_CLI_C
1357requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1358requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1359run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1360 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-X25519:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1361 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1362 0 \
1363 -c "HTTP/1.0 200 OK" \
1364 -c "ECDH curve: x25519" \
1365 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1366 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1367 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1368requires_openssl_tls1_3
1369requires_config_enabled MBEDTLS_DEBUG_C
1370requires_config_enabled MBEDTLS_SSL_CLI_C
1371requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1372requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1373run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1374 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1375 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1376 0 \
1377 -c "HTTP/1.0 200 ok" \
1378 -c "ECDH curve: x448" \
1379 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1380 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1381 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1382requires_gnutls_tls1_3
1383requires_gnutls_next_no_ticket
1384requires_gnutls_next_disable_tls13_compat
1385requires_config_enabled MBEDTLS_DEBUG_C
1386requires_config_enabled MBEDTLS_SSL_CLI_C
1387requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1388requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1389run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1390 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+GROUP-X448:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1391 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1392 0 \
1393 -c "HTTP/1.0 200 OK" \
1394 -c "ECDH curve: x448" \
1395 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1396 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1397 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1398requires_openssl_tls1_3
1399requires_config_enabled MBEDTLS_DEBUG_C
1400requires_config_enabled MBEDTLS_SSL_CLI_C
1401requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1402requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1403run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1404 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1405 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1406 0 \
1407 -c "HTTP/1.0 200 ok" \
1408 -c "ECDH curve: secp256r1" \
1409 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1410 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1411 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1412requires_gnutls_tls1_3
1413requires_gnutls_next_no_ticket
1414requires_gnutls_next_disable_tls13_compat
1415requires_config_enabled MBEDTLS_DEBUG_C
1416requires_config_enabled MBEDTLS_SSL_CLI_C
1417requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1418requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1419run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1420 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-SECP256R1:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1421 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1422 0 \
1423 -c "HTTP/1.0 200 OK" \
1424 -c "ECDH curve: secp256r1" \
1425 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1426 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1427 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1428requires_openssl_tls1_3
1429requires_config_enabled MBEDTLS_DEBUG_C
1430requires_config_enabled MBEDTLS_SSL_CLI_C
1431requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1432requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1433run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1434 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1435 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1436 0 \
1437 -c "HTTP/1.0 200 ok" \
1438 -c "ECDH curve: secp384r1" \
1439 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1440 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1441 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1442requires_gnutls_tls1_3
1443requires_gnutls_next_no_ticket
1444requires_gnutls_next_disable_tls13_compat
1445requires_config_enabled MBEDTLS_DEBUG_C
1446requires_config_enabled MBEDTLS_SSL_CLI_C
1447requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1448requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1449run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1450 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1451 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1452 0 \
1453 -c "HTTP/1.0 200 OK" \
1454 -c "ECDH curve: secp384r1" \
1455 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1456 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1457 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1458requires_openssl_tls1_3
1459requires_config_enabled MBEDTLS_DEBUG_C
1460requires_config_enabled MBEDTLS_SSL_CLI_C
1461requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1462requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1463run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1464 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1465 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1466 0 \
1467 -c "HTTP/1.0 200 ok" \
1468 -c "ECDH curve: secp521r1" \
1469 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1470 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1471 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1472requires_gnutls_tls1_3
1473requires_gnutls_next_no_ticket
1474requires_gnutls_next_disable_tls13_compat
1475requires_config_enabled MBEDTLS_DEBUG_C
1476requires_config_enabled MBEDTLS_SSL_CLI_C
1477requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1478requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1479run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1480 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+GROUP-SECP521R1:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1481 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1482 0 \
1483 -c "HTTP/1.0 200 OK" \
1484 -c "ECDH curve: secp521r1" \
1485 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1486 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1487 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1488requires_openssl_tls1_3
1489requires_config_enabled MBEDTLS_DEBUG_C
1490requires_config_enabled MBEDTLS_SSL_CLI_C
1491requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1492requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1493run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1494 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1495 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1496 0 \
1497 -c "HTTP/1.0 200 ok" \
1498 -c "ECDH curve: x25519" \
1499 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1500 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1501 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1502requires_gnutls_tls1_3
1503requires_gnutls_next_no_ticket
1504requires_gnutls_next_disable_tls13_compat
1505requires_config_enabled MBEDTLS_DEBUG_C
1506requires_config_enabled MBEDTLS_SSL_CLI_C
1507requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1508requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1509run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1510 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-X25519:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1511 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1512 0 \
1513 -c "HTTP/1.0 200 OK" \
1514 -c "ECDH curve: x25519" \
1515 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1516 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1517 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1518requires_openssl_tls1_3
1519requires_config_enabled MBEDTLS_DEBUG_C
1520requires_config_enabled MBEDTLS_SSL_CLI_C
1521requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1522requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1523run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1524 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1525 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1526 0 \
1527 -c "HTTP/1.0 200 ok" \
1528 -c "ECDH curve: x448" \
1529 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1530 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1531 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1532requires_gnutls_tls1_3
1533requires_gnutls_next_no_ticket
1534requires_gnutls_next_disable_tls13_compat
1535requires_config_enabled MBEDTLS_DEBUG_C
1536requires_config_enabled MBEDTLS_SSL_CLI_C
1537requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1538requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1539run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1540 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+CHACHA20-POLY1305:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1541 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1542 0 \
1543 -c "HTTP/1.0 200 OK" \
1544 -c "ECDH curve: x448" \
1545 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1546 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1547 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1548requires_openssl_tls1_3
1549requires_config_enabled MBEDTLS_DEBUG_C
1550requires_config_enabled MBEDTLS_SSL_CLI_C
1551requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1552requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1553run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1554 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1555 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1556 0 \
1557 -c "HTTP/1.0 200 ok" \
1558 -c "ECDH curve: secp256r1" \
1559 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1560 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1561 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1562requires_gnutls_tls1_3
1563requires_gnutls_next_no_ticket
1564requires_gnutls_next_disable_tls13_compat
1565requires_config_enabled MBEDTLS_DEBUG_C
1566requires_config_enabled MBEDTLS_SSL_CLI_C
1567requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1568requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1569run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1570 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+CHACHA20-POLY1305:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1571 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1572 0 \
1573 -c "HTTP/1.0 200 OK" \
1574 -c "ECDH curve: secp256r1" \
1575 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1576 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1577 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1578requires_openssl_tls1_3
1579requires_config_enabled MBEDTLS_DEBUG_C
1580requires_config_enabled MBEDTLS_SSL_CLI_C
1581requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1582requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1583run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1584 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1585 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1586 0 \
1587 -c "HTTP/1.0 200 ok" \
1588 -c "ECDH curve: secp384r1" \
1589 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1590 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1591 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1592requires_gnutls_tls1_3
1593requires_gnutls_next_no_ticket
1594requires_gnutls_next_disable_tls13_compat
1595requires_config_enabled MBEDTLS_DEBUG_C
1596requires_config_enabled MBEDTLS_SSL_CLI_C
1597requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1598requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1599run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1600 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+CHACHA20-POLY1305:+SHA256:+AEAD:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1601 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1602 0 \
1603 -c "HTTP/1.0 200 OK" \
1604 -c "ECDH curve: secp384r1" \
1605 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1606 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1607 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1608requires_openssl_tls1_3
1609requires_config_enabled MBEDTLS_DEBUG_C
1610requires_config_enabled MBEDTLS_SSL_CLI_C
1611requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1612requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1613run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1614 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1615 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1616 0 \
1617 -c "HTTP/1.0 200 ok" \
1618 -c "ECDH curve: secp521r1" \
1619 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1620 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1621 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1622requires_gnutls_tls1_3
1623requires_gnutls_next_no_ticket
1624requires_gnutls_next_disable_tls13_compat
1625requires_config_enabled MBEDTLS_DEBUG_C
1626requires_config_enabled MBEDTLS_SSL_CLI_C
1627requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1628requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1629run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1630 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+CHACHA20-POLY1305:+SHA256:+GROUP-SECP521R1:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1631 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1632 0 \
1633 -c "HTTP/1.0 200 OK" \
1634 -c "ECDH curve: secp521r1" \
1635 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1636 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1637 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1638requires_openssl_tls1_3
1639requires_config_enabled MBEDTLS_DEBUG_C
1640requires_config_enabled MBEDTLS_SSL_CLI_C
1641requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1642requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1643run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1644 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1645 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1646 0 \
1647 -c "HTTP/1.0 200 ok" \
1648 -c "ECDH curve: x25519" \
1649 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1650 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1651 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1652requires_gnutls_tls1_3
1653requires_gnutls_next_no_ticket
1654requires_gnutls_next_disable_tls13_compat
1655requires_config_enabled MBEDTLS_DEBUG_C
1656requires_config_enabled MBEDTLS_SSL_CLI_C
1657requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1658requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1659run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1660 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+CHACHA20-POLY1305:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1661 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1662 0 \
1663 -c "HTTP/1.0 200 OK" \
1664 -c "ECDH curve: x25519" \
1665 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1666 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1667 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1668requires_openssl_tls1_3
1669requires_config_enabled MBEDTLS_DEBUG_C
1670requires_config_enabled MBEDTLS_SSL_CLI_C
1671requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1672requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1673run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1674 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1675 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1676 0 \
1677 -c "HTTP/1.0 200 ok" \
1678 -c "ECDH curve: x448" \
1679 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1680 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1681 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1682requires_gnutls_tls1_3
1683requires_gnutls_next_no_ticket
1684requires_gnutls_next_disable_tls13_compat
1685requires_config_enabled MBEDTLS_DEBUG_C
1686requires_config_enabled MBEDTLS_SSL_CLI_C
1687requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1688requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1689run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1690 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+CHACHA20-POLY1305:+SHA256:+AEAD:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1691 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1692 0 \
1693 -c "HTTP/1.0 200 OK" \
1694 -c "ECDH curve: x448" \
1695 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1696 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1697 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1698requires_openssl_tls1_3
1699requires_config_enabled MBEDTLS_DEBUG_C
1700requires_config_enabled MBEDTLS_SSL_CLI_C
1701requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1702requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1703requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1704run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1705 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1706 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
1707 0 \
1708 -c "HTTP/1.0 200 ok" \
1709 -c "ECDH curve: secp256r1" \
1710 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1711 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1712 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1713requires_gnutls_tls1_3
1714requires_gnutls_next_no_ticket
1715requires_gnutls_next_disable_tls13_compat
1716requires_config_enabled MBEDTLS_DEBUG_C
1717requires_config_enabled MBEDTLS_SSL_CLI_C
1718requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1719requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1720requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1721run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1722 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-SECP256R1:+SIGN-RSA-PSS-RSAE-SHA256:+CHACHA20-POLY1305:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1723 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
1724 0 \
1725 -c "HTTP/1.0 200 OK" \
1726 -c "ECDH curve: secp256r1" \
1727 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1728 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1729 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1730requires_openssl_tls1_3
1731requires_config_enabled MBEDTLS_DEBUG_C
1732requires_config_enabled MBEDTLS_SSL_CLI_C
1733requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1734requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1735requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1736run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1737 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1738 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
1739 0 \
1740 -c "HTTP/1.0 200 ok" \
1741 -c "ECDH curve: secp384r1" \
1742 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1743 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1744 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1745requires_gnutls_tls1_3
1746requires_gnutls_next_no_ticket
1747requires_gnutls_next_disable_tls13_compat
1748requires_config_enabled MBEDTLS_DEBUG_C
1749requires_config_enabled MBEDTLS_SSL_CLI_C
1750requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1751requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1752requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1753run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1754 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+CHACHA20-POLY1305:+SHA256:+AEAD:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1755 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
1756 0 \
1757 -c "HTTP/1.0 200 OK" \
1758 -c "ECDH curve: secp384r1" \
1759 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1760 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1761 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1762requires_openssl_tls1_3
1763requires_config_enabled MBEDTLS_DEBUG_C
1764requires_config_enabled MBEDTLS_SSL_CLI_C
1765requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1766requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1767requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1768run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1769 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1770 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
1771 0 \
1772 -c "HTTP/1.0 200 ok" \
1773 -c "ECDH curve: secp521r1" \
1774 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1775 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1776 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1777requires_gnutls_tls1_3
1778requires_gnutls_next_no_ticket
1779requires_gnutls_next_disable_tls13_compat
1780requires_config_enabled MBEDTLS_DEBUG_C
1781requires_config_enabled MBEDTLS_SSL_CLI_C
1782requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1783requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1784requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1785run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1786 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+CHACHA20-POLY1305:+SHA256:+GROUP-SECP521R1:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1787 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
1788 0 \
1789 -c "HTTP/1.0 200 OK" \
1790 -c "ECDH curve: secp521r1" \
1791 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1792 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1793 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1794requires_openssl_tls1_3
1795requires_config_enabled MBEDTLS_DEBUG_C
1796requires_config_enabled MBEDTLS_SSL_CLI_C
1797requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1798requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1799requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1800run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1801 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1802 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
1803 0 \
1804 -c "HTTP/1.0 200 ok" \
1805 -c "ECDH curve: x25519" \
1806 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1807 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1808 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1809requires_gnutls_tls1_3
1810requires_gnutls_next_no_ticket
1811requires_gnutls_next_disable_tls13_compat
1812requires_config_enabled MBEDTLS_DEBUG_C
1813requires_config_enabled MBEDTLS_SSL_CLI_C
1814requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1815requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1816requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1817run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1818 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-X25519:+SIGN-RSA-PSS-RSAE-SHA256:+CHACHA20-POLY1305:+SHA256:+AEAD:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1819 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
1820 0 \
1821 -c "HTTP/1.0 200 OK" \
1822 -c "ECDH curve: x25519" \
1823 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1824 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1825 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1826requires_openssl_tls1_3
1827requires_config_enabled MBEDTLS_DEBUG_C
1828requires_config_enabled MBEDTLS_SSL_CLI_C
1829requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1830requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1831requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1832run_test "TLS1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1833 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1834 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
1835 0 \
1836 -c "HTTP/1.0 200 ok" \
1837 -c "ECDH curve: x448" \
1838 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1839 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1840 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1841requires_gnutls_tls1_3
1842requires_gnutls_next_no_ticket
1843requires_gnutls_next_disable_tls13_compat
1844requires_config_enabled MBEDTLS_DEBUG_C
1845requires_config_enabled MBEDTLS_SSL_CLI_C
1846requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1847requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1848requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1849run_test "TLS1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1850 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+CHACHA20-POLY1305:+SHA256:+AEAD:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1851 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
1852 0 \
1853 -c "HTTP/1.0 200 OK" \
1854 -c "ECDH curve: x448" \
1855 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1856 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1857 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1858requires_openssl_tls1_3
1859requires_config_enabled MBEDTLS_DEBUG_C
1860requires_config_enabled MBEDTLS_SSL_CLI_C
1861requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1862requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1863run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1864 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1865 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1866 0 \
1867 -c "HTTP/1.0 200 ok" \
1868 -c "ECDH curve: secp256r1" \
1869 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1870 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1871 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1872requires_gnutls_tls1_3
1873requires_gnutls_next_no_ticket
1874requires_gnutls_next_disable_tls13_compat
1875requires_config_enabled MBEDTLS_DEBUG_C
1876requires_config_enabled MBEDTLS_SSL_CLI_C
1877requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1878requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1879run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1880 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-SECP256R1:+SHA256:+AEAD:+AES-128-CCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1881 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1882 0 \
1883 -c "HTTP/1.0 200 OK" \
1884 -c "ECDH curve: secp256r1" \
1885 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1886 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1887 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1888requires_openssl_tls1_3
1889requires_config_enabled MBEDTLS_DEBUG_C
1890requires_config_enabled MBEDTLS_SSL_CLI_C
1891requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1892requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1893run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1894 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1895 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1896 0 \
1897 -c "HTTP/1.0 200 ok" \
1898 -c "ECDH curve: secp384r1" \
1899 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1900 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1901 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1902requires_gnutls_tls1_3
1903requires_gnutls_next_no_ticket
1904requires_gnutls_next_disable_tls13_compat
1905requires_config_enabled MBEDTLS_DEBUG_C
1906requires_config_enabled MBEDTLS_SSL_CLI_C
1907requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1908requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1909run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1910 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1911 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1912 0 \
1913 -c "HTTP/1.0 200 OK" \
1914 -c "ECDH curve: secp384r1" \
1915 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1916 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1917 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1918requires_openssl_tls1_3
1919requires_config_enabled MBEDTLS_DEBUG_C
1920requires_config_enabled MBEDTLS_SSL_CLI_C
1921requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1922requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1923run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1924 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1925 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1926 0 \
1927 -c "HTTP/1.0 200 ok" \
1928 -c "ECDH curve: secp521r1" \
1929 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1930 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1931 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1932requires_gnutls_tls1_3
1933requires_gnutls_next_no_ticket
1934requires_gnutls_next_disable_tls13_compat
1935requires_config_enabled MBEDTLS_DEBUG_C
1936requires_config_enabled MBEDTLS_SSL_CLI_C
1937requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1938requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1939run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1940 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1941 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1942 0 \
1943 -c "HTTP/1.0 200 OK" \
1944 -c "ECDH curve: secp521r1" \
1945 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1946 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1947 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1948requires_openssl_tls1_3
1949requires_config_enabled MBEDTLS_DEBUG_C
1950requires_config_enabled MBEDTLS_SSL_CLI_C
1951requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1952requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1953run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1954 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1955 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1956 0 \
1957 -c "HTTP/1.0 200 ok" \
1958 -c "ECDH curve: x25519" \
1959 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1960 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1961 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1962requires_gnutls_tls1_3
1963requires_gnutls_next_no_ticket
1964requires_gnutls_next_disable_tls13_compat
1965requires_config_enabled MBEDTLS_DEBUG_C
1966requires_config_enabled MBEDTLS_SSL_CLI_C
1967requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1968requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1969run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1970 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-X25519:+SHA256:+AEAD:+AES-128-CCM:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
1971 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1972 0 \
1973 -c "HTTP/1.0 200 OK" \
1974 -c "ECDH curve: x25519" \
1975 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1976 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1977 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1978requires_openssl_tls1_3
1979requires_config_enabled MBEDTLS_DEBUG_C
1980requires_config_enabled MBEDTLS_SSL_CLI_C
1981requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1982requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1983run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1984 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1985 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1986 0 \
1987 -c "HTTP/1.0 200 ok" \
1988 -c "ECDH curve: x448" \
1989 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1990 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1991 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1992requires_gnutls_tls1_3
1993requires_gnutls_next_no_ticket
1994requires_gnutls_next_disable_tls13_compat
1995requires_config_enabled MBEDTLS_DEBUG_C
1996requires_config_enabled MBEDTLS_SSL_CLI_C
1997requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1998requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1999run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2000 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+AEAD:+AES-128-CCM:+GROUP-X448:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2001 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2002 0 \
2003 -c "HTTP/1.0 200 OK" \
2004 -c "ECDH curve: x448" \
2005 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2006 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2007 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2008requires_openssl_tls1_3
2009requires_config_enabled MBEDTLS_DEBUG_C
2010requires_config_enabled MBEDTLS_SSL_CLI_C
2011requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2012requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2013run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2014 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2015 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2016 0 \
2017 -c "HTTP/1.0 200 ok" \
2018 -c "ECDH curve: secp256r1" \
2019 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2020 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2021 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2022requires_gnutls_tls1_3
2023requires_gnutls_next_no_ticket
2024requires_gnutls_next_disable_tls13_compat
2025requires_config_enabled MBEDTLS_DEBUG_C
2026requires_config_enabled MBEDTLS_SSL_CLI_C
2027requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2028requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2029run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2030 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-SECP256R1:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2031 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2032 0 \
2033 -c "HTTP/1.0 200 OK" \
2034 -c "ECDH curve: secp256r1" \
2035 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2036 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2037 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2038requires_openssl_tls1_3
2039requires_config_enabled MBEDTLS_DEBUG_C
2040requires_config_enabled MBEDTLS_SSL_CLI_C
2041requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2042requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2043run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2044 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2045 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2046 0 \
2047 -c "HTTP/1.0 200 ok" \
2048 -c "ECDH curve: secp384r1" \
2049 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2050 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2051 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2052requires_gnutls_tls1_3
2053requires_gnutls_next_no_ticket
2054requires_gnutls_next_disable_tls13_compat
2055requires_config_enabled MBEDTLS_DEBUG_C
2056requires_config_enabled MBEDTLS_SSL_CLI_C
2057requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2058requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2059run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2060 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2061 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2062 0 \
2063 -c "HTTP/1.0 200 OK" \
2064 -c "ECDH curve: secp384r1" \
2065 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2066 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2067 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2068requires_openssl_tls1_3
2069requires_config_enabled MBEDTLS_DEBUG_C
2070requires_config_enabled MBEDTLS_SSL_CLI_C
2071requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2072requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2073run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2074 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2075 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2076 0 \
2077 -c "HTTP/1.0 200 ok" \
2078 -c "ECDH curve: secp521r1" \
2079 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2080 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2081 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2082requires_gnutls_tls1_3
2083requires_gnutls_next_no_ticket
2084requires_gnutls_next_disable_tls13_compat
2085requires_config_enabled MBEDTLS_DEBUG_C
2086requires_config_enabled MBEDTLS_SSL_CLI_C
2087requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2088requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2089run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2090 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2091 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2092 0 \
2093 -c "HTTP/1.0 200 OK" \
2094 -c "ECDH curve: secp521r1" \
2095 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2096 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2097 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2098requires_openssl_tls1_3
2099requires_config_enabled MBEDTLS_DEBUG_C
2100requires_config_enabled MBEDTLS_SSL_CLI_C
2101requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2102requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2103run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2104 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2105 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2106 0 \
2107 -c "HTTP/1.0 200 ok" \
2108 -c "ECDH curve: x25519" \
2109 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2110 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2111 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2112requires_gnutls_tls1_3
2113requires_gnutls_next_no_ticket
2114requires_gnutls_next_disable_tls13_compat
2115requires_config_enabled MBEDTLS_DEBUG_C
2116requires_config_enabled MBEDTLS_SSL_CLI_C
2117requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2118requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2119run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2120 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-X25519:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2121 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2122 0 \
2123 -c "HTTP/1.0 200 OK" \
2124 -c "ECDH curve: x25519" \
2125 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2126 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2127 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2128requires_openssl_tls1_3
2129requires_config_enabled MBEDTLS_DEBUG_C
2130requires_config_enabled MBEDTLS_SSL_CLI_C
2131requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2132requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2133run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2134 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2135 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2136 0 \
2137 -c "HTTP/1.0 200 ok" \
2138 -c "ECDH curve: x448" \
2139 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2140 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2141 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2142requires_gnutls_tls1_3
2143requires_gnutls_next_no_ticket
2144requires_gnutls_next_disable_tls13_compat
2145requires_config_enabled MBEDTLS_DEBUG_C
2146requires_config_enabled MBEDTLS_SSL_CLI_C
2147requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2148requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2149run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2150 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-CCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2151 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2152 0 \
2153 -c "HTTP/1.0 200 OK" \
2154 -c "ECDH curve: x448" \
2155 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2156 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2157 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2158requires_openssl_tls1_3
2159requires_config_enabled MBEDTLS_DEBUG_C
2160requires_config_enabled MBEDTLS_SSL_CLI_C
2161requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2162requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2163run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2164 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2165 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2166 0 \
2167 -c "HTTP/1.0 200 ok" \
2168 -c "ECDH curve: secp256r1" \
2169 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2170 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2171 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2172requires_gnutls_tls1_3
2173requires_gnutls_next_no_ticket
2174requires_gnutls_next_disable_tls13_compat
2175requires_config_enabled MBEDTLS_DEBUG_C
2176requires_config_enabled MBEDTLS_SSL_CLI_C
2177requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2178requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2179run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2180 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+SHA256:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2181 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2182 0 \
2183 -c "HTTP/1.0 200 OK" \
2184 -c "ECDH curve: secp256r1" \
2185 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2186 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2187 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2188requires_openssl_tls1_3
2189requires_config_enabled MBEDTLS_DEBUG_C
2190requires_config_enabled MBEDTLS_SSL_CLI_C
2191requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2192requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2193run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2194 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2195 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2196 0 \
2197 -c "HTTP/1.0 200 ok" \
2198 -c "ECDH curve: secp384r1" \
2199 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2200 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2201 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2202requires_gnutls_tls1_3
2203requires_gnutls_next_no_ticket
2204requires_gnutls_next_disable_tls13_compat
2205requires_config_enabled MBEDTLS_DEBUG_C
2206requires_config_enabled MBEDTLS_SSL_CLI_C
2207requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2208requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2209run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2210 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2211 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2212 0 \
2213 -c "HTTP/1.0 200 OK" \
2214 -c "ECDH curve: secp384r1" \
2215 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2216 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2217 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2218requires_openssl_tls1_3
2219requires_config_enabled MBEDTLS_DEBUG_C
2220requires_config_enabled MBEDTLS_SSL_CLI_C
2221requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2222requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2223run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2224 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2225 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2226 0 \
2227 -c "HTTP/1.0 200 ok" \
2228 -c "ECDH curve: secp521r1" \
2229 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2230 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2231 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2232requires_gnutls_tls1_3
2233requires_gnutls_next_no_ticket
2234requires_gnutls_next_disable_tls13_compat
2235requires_config_enabled MBEDTLS_DEBUG_C
2236requires_config_enabled MBEDTLS_SSL_CLI_C
2237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2238requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2239run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2240 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2241 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2242 0 \
2243 -c "HTTP/1.0 200 OK" \
2244 -c "ECDH curve: secp521r1" \
2245 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2246 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2247 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2248requires_openssl_tls1_3
2249requires_config_enabled MBEDTLS_DEBUG_C
2250requires_config_enabled MBEDTLS_SSL_CLI_C
2251requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2252requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2253run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2254 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2255 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2256 0 \
2257 -c "HTTP/1.0 200 ok" \
2258 -c "ECDH curve: x25519" \
2259 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2260 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2261 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2262requires_gnutls_tls1_3
2263requires_gnutls_next_no_ticket
2264requires_gnutls_next_disable_tls13_compat
2265requires_config_enabled MBEDTLS_DEBUG_C
2266requires_config_enabled MBEDTLS_SSL_CLI_C
2267requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2268requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2269run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2270 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+SHA256:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2271 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2272 0 \
2273 -c "HTTP/1.0 200 OK" \
2274 -c "ECDH curve: x25519" \
2275 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2276 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2277 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2278requires_openssl_tls1_3
2279requires_config_enabled MBEDTLS_DEBUG_C
2280requires_config_enabled MBEDTLS_SSL_CLI_C
2281requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2282requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2283run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2284 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2285 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2286 0 \
2287 -c "HTTP/1.0 200 ok" \
2288 -c "ECDH curve: x448" \
2289 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2290 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2291 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2292requires_gnutls_tls1_3
2293requires_gnutls_next_no_ticket
2294requires_gnutls_next_disable_tls13_compat
2295requires_config_enabled MBEDTLS_DEBUG_C
2296requires_config_enabled MBEDTLS_SSL_CLI_C
2297requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2298requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2299run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2300 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+AEAD:+AES-128-CCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2301 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2302 0 \
2303 -c "HTTP/1.0 200 OK" \
2304 -c "ECDH curve: x448" \
2305 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2306 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2307 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2308requires_openssl_tls1_3
2309requires_config_enabled MBEDTLS_DEBUG_C
2310requires_config_enabled MBEDTLS_SSL_CLI_C
2311requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2312requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2313requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2314run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2315 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2316 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
2317 0 \
2318 -c "HTTP/1.0 200 ok" \
2319 -c "ECDH curve: secp256r1" \
2320 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2321 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2322 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2323requires_gnutls_tls1_3
2324requires_gnutls_next_no_ticket
2325requires_gnutls_next_disable_tls13_compat
2326requires_config_enabled MBEDTLS_DEBUG_C
2327requires_config_enabled MBEDTLS_SSL_CLI_C
2328requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2329requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2330requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2331run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2332 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-SECP256R1:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2333 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
2334 0 \
2335 -c "HTTP/1.0 200 OK" \
2336 -c "ECDH curve: secp256r1" \
2337 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2338 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2339 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2340requires_openssl_tls1_3
2341requires_config_enabled MBEDTLS_DEBUG_C
2342requires_config_enabled MBEDTLS_SSL_CLI_C
2343requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2344requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2345requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2346run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2347 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2348 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
2349 0 \
2350 -c "HTTP/1.0 200 ok" \
2351 -c "ECDH curve: secp384r1" \
2352 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2353 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2354 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2355requires_gnutls_tls1_3
2356requires_gnutls_next_no_ticket
2357requires_gnutls_next_disable_tls13_compat
2358requires_config_enabled MBEDTLS_DEBUG_C
2359requires_config_enabled MBEDTLS_SSL_CLI_C
2360requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2361requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2362requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2363run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2364 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2365 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
2366 0 \
2367 -c "HTTP/1.0 200 OK" \
2368 -c "ECDH curve: secp384r1" \
2369 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2370 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2371 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2372requires_openssl_tls1_3
2373requires_config_enabled MBEDTLS_DEBUG_C
2374requires_config_enabled MBEDTLS_SSL_CLI_C
2375requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2376requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2377requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2378run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2379 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2380 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
2381 0 \
2382 -c "HTTP/1.0 200 ok" \
2383 -c "ECDH curve: secp521r1" \
2384 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2385 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2386 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2387requires_gnutls_tls1_3
2388requires_gnutls_next_no_ticket
2389requires_gnutls_next_disable_tls13_compat
2390requires_config_enabled MBEDTLS_DEBUG_C
2391requires_config_enabled MBEDTLS_SSL_CLI_C
2392requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2393requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2394requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2395run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2396 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2397 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
2398 0 \
2399 -c "HTTP/1.0 200 OK" \
2400 -c "ECDH curve: secp521r1" \
2401 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2402 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2403 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2404requires_openssl_tls1_3
2405requires_config_enabled MBEDTLS_DEBUG_C
2406requires_config_enabled MBEDTLS_SSL_CLI_C
2407requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2408requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2409requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2410run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2411 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2412 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
2413 0 \
2414 -c "HTTP/1.0 200 ok" \
2415 -c "ECDH curve: x25519" \
2416 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2417 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2418 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2419requires_gnutls_tls1_3
2420requires_gnutls_next_no_ticket
2421requires_gnutls_next_disable_tls13_compat
2422requires_config_enabled MBEDTLS_DEBUG_C
2423requires_config_enabled MBEDTLS_SSL_CLI_C
2424requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2425requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2426requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2427run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2428 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-X25519:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-CCM:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2429 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
2430 0 \
2431 -c "HTTP/1.0 200 OK" \
2432 -c "ECDH curve: x25519" \
2433 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2434 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2435 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2436requires_openssl_tls1_3
2437requires_config_enabled MBEDTLS_DEBUG_C
2438requires_config_enabled MBEDTLS_SSL_CLI_C
2439requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2440requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2441requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2442run_test "TLS1.3 m->O: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2443 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2444 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
2445 0 \
2446 -c "HTTP/1.0 200 ok" \
2447 -c "ECDH curve: x448" \
2448 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2449 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2450 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2451requires_gnutls_tls1_3
2452requires_gnutls_next_no_ticket
2453requires_gnutls_next_disable_tls13_compat
2454requires_config_enabled MBEDTLS_DEBUG_C
2455requires_config_enabled MBEDTLS_SSL_CLI_C
2456requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2457requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2458requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2459run_test "TLS1.3 m->G: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2460 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-CCM:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2461 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
2462 0 \
2463 -c "HTTP/1.0 200 OK" \
2464 -c "ECDH curve: x448" \
2465 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2466 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2467 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2468requires_openssl_tls1_3
2469requires_config_enabled MBEDTLS_DEBUG_C
2470requires_config_enabled MBEDTLS_SSL_CLI_C
2471requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2472requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2473run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2474 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2475 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2476 0 \
2477 -c "HTTP/1.0 200 ok" \
2478 -c "ECDH curve: secp256r1" \
2479 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2480 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2481 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2482requires_gnutls_tls1_3
2483requires_gnutls_next_no_ticket
2484requires_gnutls_next_disable_tls13_compat
2485requires_config_enabled MBEDTLS_DEBUG_C
2486requires_config_enabled MBEDTLS_SSL_CLI_C
2487requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2488requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2489run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2490 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-SECP256R1:+SHA256:+AEAD:+AES-128-CCM-8:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2491 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2492 0 \
2493 -c "HTTP/1.0 200 OK" \
2494 -c "ECDH curve: secp256r1" \
2495 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2496 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2497 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2498requires_openssl_tls1_3
2499requires_config_enabled MBEDTLS_DEBUG_C
2500requires_config_enabled MBEDTLS_SSL_CLI_C
2501requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2502requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2503run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2504 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2505 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2506 0 \
2507 -c "HTTP/1.0 200 ok" \
2508 -c "ECDH curve: secp384r1" \
2509 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2510 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2511 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2512requires_gnutls_tls1_3
2513requires_gnutls_next_no_ticket
2514requires_gnutls_next_disable_tls13_compat
2515requires_config_enabled MBEDTLS_DEBUG_C
2516requires_config_enabled MBEDTLS_SSL_CLI_C
2517requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2518requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2519run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2520 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM-8:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2521 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2522 0 \
2523 -c "HTTP/1.0 200 OK" \
2524 -c "ECDH curve: secp384r1" \
2525 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2526 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2527 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2528requires_openssl_tls1_3
2529requires_config_enabled MBEDTLS_DEBUG_C
2530requires_config_enabled MBEDTLS_SSL_CLI_C
2531requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2532requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2533run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2534 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2535 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2536 0 \
2537 -c "HTTP/1.0 200 ok" \
2538 -c "ECDH curve: secp521r1" \
2539 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2540 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2541 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2542requires_gnutls_tls1_3
2543requires_gnutls_next_no_ticket
2544requires_gnutls_next_disable_tls13_compat
2545requires_config_enabled MBEDTLS_DEBUG_C
2546requires_config_enabled MBEDTLS_SSL_CLI_C
2547requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2548requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2549run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2550 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM-8:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2551 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2552 0 \
2553 -c "HTTP/1.0 200 OK" \
2554 -c "ECDH curve: secp521r1" \
2555 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2556 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2557 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2558requires_openssl_tls1_3
2559requires_config_enabled MBEDTLS_DEBUG_C
2560requires_config_enabled MBEDTLS_SSL_CLI_C
2561requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2562requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2563run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2564 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2565 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2566 0 \
2567 -c "HTTP/1.0 200 ok" \
2568 -c "ECDH curve: x25519" \
2569 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2570 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2571 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2572requires_gnutls_tls1_3
2573requires_gnutls_next_no_ticket
2574requires_gnutls_next_disable_tls13_compat
2575requires_config_enabled MBEDTLS_DEBUG_C
2576requires_config_enabled MBEDTLS_SSL_CLI_C
2577requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2578requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2579run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2580 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+GROUP-X25519:+SHA256:+AEAD:+AES-128-CCM-8:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2581 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2582 0 \
2583 -c "HTTP/1.0 200 OK" \
2584 -c "ECDH curve: x25519" \
2585 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2586 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2587 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2588requires_openssl_tls1_3
2589requires_config_enabled MBEDTLS_DEBUG_C
2590requires_config_enabled MBEDTLS_SSL_CLI_C
2591requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2592requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2593run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2594 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1_sha256.crt -key data_files/ecdsa_secp256r1_sha256.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2595 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2596 0 \
2597 -c "HTTP/1.0 200 ok" \
2598 -c "ECDH curve: x448" \
2599 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2600 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2601 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2602requires_gnutls_tls1_3
2603requires_gnutls_next_no_ticket
2604requires_gnutls_next_disable_tls13_compat
2605requires_config_enabled MBEDTLS_DEBUG_C
2606requires_config_enabled MBEDTLS_SSL_CLI_C
2607requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2608requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2609run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2610 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1_sha256.crt --x509keyfile data_files/ecdsa_secp256r1_sha256.key --priority=NONE:+SHA256:+AEAD:+GROUP-X448:+AES-128-CCM-8:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2611 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2612 0 \
2613 -c "HTTP/1.0 200 OK" \
2614 -c "ECDH curve: x448" \
2615 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2616 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2617 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2618requires_openssl_tls1_3
2619requires_config_enabled MBEDTLS_DEBUG_C
2620requires_config_enabled MBEDTLS_SSL_CLI_C
2621requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2622requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2623run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2624 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2625 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2626 0 \
2627 -c "HTTP/1.0 200 ok" \
2628 -c "ECDH curve: secp256r1" \
2629 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2630 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2631 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2632requires_gnutls_tls1_3
2633requires_gnutls_next_no_ticket
2634requires_gnutls_next_disable_tls13_compat
2635requires_config_enabled MBEDTLS_DEBUG_C
2636requires_config_enabled MBEDTLS_SSL_CLI_C
2637requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2638requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2639run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2640 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-SECP256R1:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2641 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2642 0 \
2643 -c "HTTP/1.0 200 OK" \
2644 -c "ECDH curve: secp256r1" \
2645 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2646 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2647 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2648requires_openssl_tls1_3
2649requires_config_enabled MBEDTLS_DEBUG_C
2650requires_config_enabled MBEDTLS_SSL_CLI_C
2651requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2652requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2653run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2654 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2655 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2656 0 \
2657 -c "HTTP/1.0 200 ok" \
2658 -c "ECDH curve: secp384r1" \
2659 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2660 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2661 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2662requires_gnutls_tls1_3
2663requires_gnutls_next_no_ticket
2664requires_gnutls_next_disable_tls13_compat
2665requires_config_enabled MBEDTLS_DEBUG_C
2666requires_config_enabled MBEDTLS_SSL_CLI_C
2667requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2668requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2669run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2670 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2671 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2672 0 \
2673 -c "HTTP/1.0 200 OK" \
2674 -c "ECDH curve: secp384r1" \
2675 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2676 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2677 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2678requires_openssl_tls1_3
2679requires_config_enabled MBEDTLS_DEBUG_C
2680requires_config_enabled MBEDTLS_SSL_CLI_C
2681requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2682requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2683run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2684 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2685 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2686 0 \
2687 -c "HTTP/1.0 200 ok" \
2688 -c "ECDH curve: secp521r1" \
2689 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2690 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2691 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2692requires_gnutls_tls1_3
2693requires_gnutls_next_no_ticket
2694requires_gnutls_next_disable_tls13_compat
2695requires_config_enabled MBEDTLS_DEBUG_C
2696requires_config_enabled MBEDTLS_SSL_CLI_C
2697requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2698requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2699run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2700 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2701 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2702 0 \
2703 -c "HTTP/1.0 200 OK" \
2704 -c "ECDH curve: secp521r1" \
2705 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2706 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2707 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2708requires_openssl_tls1_3
2709requires_config_enabled MBEDTLS_DEBUG_C
2710requires_config_enabled MBEDTLS_SSL_CLI_C
2711requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2712requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2713run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2714 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2715 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2716 0 \
2717 -c "HTTP/1.0 200 ok" \
2718 -c "ECDH curve: x25519" \
2719 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2720 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2721 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2722requires_gnutls_tls1_3
2723requires_gnutls_next_no_ticket
2724requires_gnutls_next_disable_tls13_compat
2725requires_config_enabled MBEDTLS_DEBUG_C
2726requires_config_enabled MBEDTLS_SSL_CLI_C
2727requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2728requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2729run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2730 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+GROUP-X25519:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2731 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2732 0 \
2733 -c "HTTP/1.0 200 OK" \
2734 -c "ECDH curve: x25519" \
2735 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2736 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2737 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2738requires_openssl_tls1_3
2739requires_config_enabled MBEDTLS_DEBUG_C
2740requires_config_enabled MBEDTLS_SSL_CLI_C
2741requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2742requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2743run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2744 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1_sha384.crt -key data_files/ecdsa_secp384r1_sha384.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2745 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2746 0 \
2747 -c "HTTP/1.0 200 ok" \
2748 -c "ECDH curve: x448" \
2749 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2750 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2751 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2752requires_gnutls_tls1_3
2753requires_gnutls_next_no_ticket
2754requires_gnutls_next_disable_tls13_compat
2755requires_config_enabled MBEDTLS_DEBUG_C
2756requires_config_enabled MBEDTLS_SSL_CLI_C
2757requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2758requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2759run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2760 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1_sha384.crt --x509keyfile data_files/ecdsa_secp384r1_sha384.key --priority=NONE:+SIGN-ECDSA-SECP384R1-SHA384:+SHA256:+AEAD:+GROUP-X448:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2761 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2762 0 \
2763 -c "HTTP/1.0 200 OK" \
2764 -c "ECDH curve: x448" \
2765 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2766 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2767 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2768requires_openssl_tls1_3
2769requires_config_enabled MBEDTLS_DEBUG_C
2770requires_config_enabled MBEDTLS_SSL_CLI_C
2771requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2772requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2773run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2774 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2775 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2776 0 \
2777 -c "HTTP/1.0 200 ok" \
2778 -c "ECDH curve: secp256r1" \
2779 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2780 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2781 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2782requires_gnutls_tls1_3
2783requires_gnutls_next_no_ticket
2784requires_gnutls_next_disable_tls13_compat
2785requires_config_enabled MBEDTLS_DEBUG_C
2786requires_config_enabled MBEDTLS_SSL_CLI_C
2787requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2788requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2789run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2790 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+SHA256:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2791 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2792 0 \
2793 -c "HTTP/1.0 200 OK" \
2794 -c "ECDH curve: secp256r1" \
2795 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2796 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2797 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2798requires_openssl_tls1_3
2799requires_config_enabled MBEDTLS_DEBUG_C
2800requires_config_enabled MBEDTLS_SSL_CLI_C
2801requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2802requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2803run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2804 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2805 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2806 0 \
2807 -c "HTTP/1.0 200 ok" \
2808 -c "ECDH curve: secp384r1" \
2809 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2810 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2811 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2812requires_gnutls_tls1_3
2813requires_gnutls_next_no_ticket
2814requires_gnutls_next_disable_tls13_compat
2815requires_config_enabled MBEDTLS_DEBUG_C
2816requires_config_enabled MBEDTLS_SSL_CLI_C
2817requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2818requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2819run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2820 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2821 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2822 0 \
2823 -c "HTTP/1.0 200 OK" \
2824 -c "ECDH curve: secp384r1" \
2825 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2826 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2827 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2828requires_openssl_tls1_3
2829requires_config_enabled MBEDTLS_DEBUG_C
2830requires_config_enabled MBEDTLS_SSL_CLI_C
2831requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2832requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2833run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2834 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2835 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2836 0 \
2837 -c "HTTP/1.0 200 ok" \
2838 -c "ECDH curve: secp521r1" \
2839 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2840 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2841 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2842requires_gnutls_tls1_3
2843requires_gnutls_next_no_ticket
2844requires_gnutls_next_disable_tls13_compat
2845requires_config_enabled MBEDTLS_DEBUG_C
2846requires_config_enabled MBEDTLS_SSL_CLI_C
2847requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2848requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2849run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2850 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2851 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2852 0 \
2853 -c "HTTP/1.0 200 OK" \
2854 -c "ECDH curve: secp521r1" \
2855 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2856 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2857 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2858requires_openssl_tls1_3
2859requires_config_enabled MBEDTLS_DEBUG_C
2860requires_config_enabled MBEDTLS_SSL_CLI_C
2861requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2862requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2863run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2864 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2865 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2866 0 \
2867 -c "HTTP/1.0 200 ok" \
2868 -c "ECDH curve: x25519" \
2869 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2870 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2871 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2872requires_gnutls_tls1_3
2873requires_gnutls_next_no_ticket
2874requires_gnutls_next_disable_tls13_compat
2875requires_config_enabled MBEDTLS_DEBUG_C
2876requires_config_enabled MBEDTLS_SSL_CLI_C
2877requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2878requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2879run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2880 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+SHA256:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2881 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2882 0 \
2883 -c "HTTP/1.0 200 OK" \
2884 -c "ECDH curve: x25519" \
2885 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2886 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2887 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2888requires_openssl_tls1_3
2889requires_config_enabled MBEDTLS_DEBUG_C
2890requires_config_enabled MBEDTLS_SSL_CLI_C
2891requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2892requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2893run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2894 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1_sha512.crt -key data_files/ecdsa_secp521r1_sha512.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2895 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2896 0 \
2897 -c "HTTP/1.0 200 ok" \
2898 -c "ECDH curve: x448" \
2899 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2900 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2901 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2902requires_gnutls_tls1_3
2903requires_gnutls_next_no_ticket
2904requires_gnutls_next_disable_tls13_compat
2905requires_config_enabled MBEDTLS_DEBUG_C
2906requires_config_enabled MBEDTLS_SSL_CLI_C
2907requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2908requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2909run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2910 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1_sha512.crt --x509keyfile data_files/ecdsa_secp521r1_sha512.key --priority=NONE:+SIGN-ECDSA-SECP521R1-SHA512:+SHA256:+AEAD:+GROUP-X448:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2911 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2912 0 \
2913 -c "HTTP/1.0 200 OK" \
2914 -c "ECDH curve: x448" \
2915 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2916 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2917 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2918requires_openssl_tls1_3
2919requires_config_enabled MBEDTLS_DEBUG_C
2920requires_config_enabled MBEDTLS_SSL_CLI_C
2921requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2922requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2923requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2924run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2925 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2926 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
2927 0 \
2928 -c "HTTP/1.0 200 ok" \
2929 -c "ECDH curve: secp256r1" \
2930 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2931 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2932 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2933requires_gnutls_tls1_3
2934requires_gnutls_next_no_ticket
2935requires_gnutls_next_disable_tls13_compat
2936requires_config_enabled MBEDTLS_DEBUG_C
2937requires_config_enabled MBEDTLS_SSL_CLI_C
2938requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2939requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2940requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2941run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2942 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-SECP256R1:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2943 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
2944 0 \
2945 -c "HTTP/1.0 200 OK" \
2946 -c "ECDH curve: secp256r1" \
2947 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2948 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2949 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2950requires_openssl_tls1_3
2951requires_config_enabled MBEDTLS_DEBUG_C
2952requires_config_enabled MBEDTLS_SSL_CLI_C
2953requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2954requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2955requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2956run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2957 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2958 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
2959 0 \
2960 -c "HTTP/1.0 200 ok" \
2961 -c "ECDH curve: secp384r1" \
2962 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2963 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2964 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2965requires_gnutls_tls1_3
2966requires_gnutls_next_no_ticket
2967requires_gnutls_next_disable_tls13_compat
2968requires_config_enabled MBEDTLS_DEBUG_C
2969requires_config_enabled MBEDTLS_SSL_CLI_C
2970requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2971requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2972requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2973run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2974 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+GROUP-SECP384R1:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
2975 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
2976 0 \
2977 -c "HTTP/1.0 200 OK" \
2978 -c "ECDH curve: secp384r1" \
2979 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2980 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2981 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2982requires_openssl_tls1_3
2983requires_config_enabled MBEDTLS_DEBUG_C
2984requires_config_enabled MBEDTLS_SSL_CLI_C
2985requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2986requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2987requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2988run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2989 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2990 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
2991 0 \
2992 -c "HTTP/1.0 200 ok" \
2993 -c "ECDH curve: secp521r1" \
2994 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2995 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2996 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2997requires_gnutls_tls1_3
2998requires_gnutls_next_no_ticket
2999requires_gnutls_next_disable_tls13_compat
3000requires_config_enabled MBEDTLS_DEBUG_C
3001requires_config_enabled MBEDTLS_SSL_CLI_C
3002requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3003requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3004requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3005run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3006 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+GROUP-SECP521R1:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
3007 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
3008 0 \
3009 -c "HTTP/1.0 200 OK" \
3010 -c "ECDH curve: secp521r1" \
3011 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3012 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3013 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3014requires_openssl_tls1_3
3015requires_config_enabled MBEDTLS_DEBUG_C
3016requires_config_enabled MBEDTLS_SSL_CLI_C
3017requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3018requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3019requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3020run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3021 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3022 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
3023 0 \
3024 -c "HTTP/1.0 200 ok" \
3025 -c "ECDH curve: x25519" \
3026 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3027 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3028 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3029requires_gnutls_tls1_3
3030requires_gnutls_next_no_ticket
3031requires_gnutls_next_disable_tls13_compat
3032requires_config_enabled MBEDTLS_DEBUG_C
3033requires_config_enabled MBEDTLS_SSL_CLI_C
3034requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3035requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3036requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3037run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3038 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+GROUP-X25519:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
3039 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
3040 0 \
3041 -c "HTTP/1.0 200 OK" \
3042 -c "ECDH curve: x25519" \
3043 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3044 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3045 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3046requires_openssl_tls1_3
3047requires_config_enabled MBEDTLS_DEBUG_C
3048requires_config_enabled MBEDTLS_SSL_CLI_C
3049requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3050requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3051requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3052run_test "TLS1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3053 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3054 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
3055 0 \
3056 -c "HTTP/1.0 200 ok" \
3057 -c "ECDH curve: x448" \
3058 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3059 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3060 -c "Verifying peer X.509 certificate... ok"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3061requires_gnutls_tls1_3
3062requires_gnutls_next_no_ticket
3063requires_gnutls_next_disable_tls13_compat
3064requires_config_enabled MBEDTLS_DEBUG_C
3065requires_config_enabled MBEDTLS_SSL_CLI_C
3066requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3067requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3068requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3069run_test "TLS1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3070 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+SIGN-RSA-PSS-RSAE-SHA256:+SHA256:+AEAD:+GROUP-X448:+AES-128-CCM-8:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
3071 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
3072 0 \
3073 -c "HTTP/1.0 200 OK" \
3074 -c "ECDH curve: x448" \
3075 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3076 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3077 -c "Verifying peer X.509 certificate... ok"