TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d8d2ea5674871f3d708626c33d5342921b3ef266 / . / tests / opt-testcases / tls13-compat.sh
blob: 5611510bc79305ca77f20ed27b9e0bc9fc3e1d2b [file] [log] [blame]
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1#!/bin/sh
2
3# tls13-compat.sh
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# Purpose
21#
22# List TLS1.3 compat test cases. They are generated by
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]23# `./tests/scripts/generate_tls13_compat_tests.py -a -o ./tests/opt-testcases/tls13-compat.sh`.
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]24#
25# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
26# AND REGENERATE THIS FILE.
27#
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]28requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]29requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]30requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]31requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]32requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
33requires_openssl_tls1_3
34run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]35 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
36 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]37 0 \
38 -s "Protocol is TLSv1.3" \
39 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
40 -s "received signature algorithm: 0x403" \
41 -s "got named group: secp256r1(0017)" \
42 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]43 -C "received HelloRetryRequest message"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]44
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]45requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]46requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]47requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]48requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]49requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
50requires_openssl_tls1_3
51run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]52 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
53 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]54 0 \
55 -s "Protocol is TLSv1.3" \
56 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
57 -s "received signature algorithm: 0x503" \
58 -s "got named group: secp256r1(0017)" \
59 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]60 -C "received HelloRetryRequest message"
61
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]62requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]63requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]64requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]65requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]66requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
67requires_openssl_tls1_3
68run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]69 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
70 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]71 0 \
72 -s "Protocol is TLSv1.3" \
73 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
74 -s "received signature algorithm: 0x603" \
75 -s "got named group: secp256r1(0017)" \
76 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]77 -C "received HelloRetryRequest message"
78
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]79requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]80requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]81requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]82requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]83requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
84requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
85requires_openssl_tls1_3
86run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]87 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
88 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]89 0 \
90 -s "Protocol is TLSv1.3" \
91 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
92 -s "received signature algorithm: 0x804" \
93 -s "got named group: secp256r1(0017)" \
94 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]95 -C "received HelloRetryRequest message"
96
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]97requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]98requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]99requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]100requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
102requires_openssl_tls1_3
103run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]104 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
105 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]106 0 \
107 -s "Protocol is TLSv1.3" \
108 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
109 -s "received signature algorithm: 0x403" \
110 -s "got named group: secp384r1(0018)" \
111 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]112 -C "received HelloRetryRequest message"
113
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]114requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]115requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]116requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]117requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]118requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
119requires_openssl_tls1_3
120run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]121 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
122 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]123 0 \
124 -s "Protocol is TLSv1.3" \
125 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
126 -s "received signature algorithm: 0x503" \
127 -s "got named group: secp384r1(0018)" \
128 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]129 -C "received HelloRetryRequest message"
130
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]131requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]132requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]133requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]134requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
136requires_openssl_tls1_3
137run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]138 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
139 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]140 0 \
141 -s "Protocol is TLSv1.3" \
142 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
143 -s "received signature algorithm: 0x603" \
144 -s "got named group: secp384r1(0018)" \
145 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]146 -C "received HelloRetryRequest message"
147
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]148requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]149requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]150requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]151requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
153requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
154requires_openssl_tls1_3
155run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]156 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
157 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]158 0 \
159 -s "Protocol is TLSv1.3" \
160 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
161 -s "received signature algorithm: 0x804" \
162 -s "got named group: secp384r1(0018)" \
163 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]164 -C "received HelloRetryRequest message"
165
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]166requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]167requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]168requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]169requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]170requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
171requires_openssl_tls1_3
172run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]173 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
174 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]175 0 \
176 -s "Protocol is TLSv1.3" \
177 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
178 -s "received signature algorithm: 0x403" \
179 -s "got named group: secp521r1(0019)" \
180 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]181 -C "received HelloRetryRequest message"
182
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]183requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]184requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]185requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]186requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
188requires_openssl_tls1_3
189run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]190 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
191 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]192 0 \
193 -s "Protocol is TLSv1.3" \
194 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
195 -s "received signature algorithm: 0x503" \
196 -s "got named group: secp521r1(0019)" \
197 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]198 -C "received HelloRetryRequest message"
199
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]200requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]201requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]202requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]203requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]204requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
205requires_openssl_tls1_3
206run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]207 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
208 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]209 0 \
210 -s "Protocol is TLSv1.3" \
211 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
212 -s "received signature algorithm: 0x603" \
213 -s "got named group: secp521r1(0019)" \
214 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]215 -C "received HelloRetryRequest message"
216
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]217requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]218requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]219requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]220requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
222requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
223requires_openssl_tls1_3
224run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]225 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
226 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]227 0 \
228 -s "Protocol is TLSv1.3" \
229 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
230 -s "received signature algorithm: 0x804" \
231 -s "got named group: secp521r1(0019)" \
232 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]233 -C "received HelloRetryRequest message"
234
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]235requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]236requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]238requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
240requires_openssl_tls1_3
241run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]242 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
243 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]244 0 \
245 -s "Protocol is TLSv1.3" \
246 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
247 -s "received signature algorithm: 0x403" \
248 -s "got named group: x25519(001d)" \
249 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]250 -C "received HelloRetryRequest message"
251
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]252requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]253requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]254requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]255requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
257requires_openssl_tls1_3
258run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]259 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
260 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]261 0 \
262 -s "Protocol is TLSv1.3" \
263 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
264 -s "received signature algorithm: 0x503" \
265 -s "got named group: x25519(001d)" \
266 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]267 -C "received HelloRetryRequest message"
268
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]269requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]270requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]271requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]272requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]273requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
274requires_openssl_tls1_3
275run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]276 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
277 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]278 0 \
279 -s "Protocol is TLSv1.3" \
280 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
281 -s "received signature algorithm: 0x603" \
282 -s "got named group: x25519(001d)" \
283 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]284 -C "received HelloRetryRequest message"
285
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]286requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]287requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]288requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]289requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]290requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
291requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
292requires_openssl_tls1_3
293run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]294 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
295 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]296 0 \
297 -s "Protocol is TLSv1.3" \
298 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
299 -s "received signature algorithm: 0x804" \
300 -s "got named group: x25519(001d)" \
301 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]302 -C "received HelloRetryRequest message"
303
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]304requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]305requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]306requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]307requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]308requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
309requires_openssl_tls1_3
310run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]311 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
312 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]313 0 \
314 -s "Protocol is TLSv1.3" \
315 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
316 -s "received signature algorithm: 0x403" \
317 -s "got named group: x448(001e)" \
318 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]319 -C "received HelloRetryRequest message"
320
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]321requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]322requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]323requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]324requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
326requires_openssl_tls1_3
327run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]328 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
329 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]330 0 \
331 -s "Protocol is TLSv1.3" \
332 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
333 -s "received signature algorithm: 0x503" \
334 -s "got named group: x448(001e)" \
335 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]336 -C "received HelloRetryRequest message"
337
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]338requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]339requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]340requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]341requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]342requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
343requires_openssl_tls1_3
344run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]345 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
346 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]347 0 \
348 -s "Protocol is TLSv1.3" \
349 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
350 -s "received signature algorithm: 0x603" \
351 -s "got named group: x448(001e)" \
352 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]353 -C "received HelloRetryRequest message"
354
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]355requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]356requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]357requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]358requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
360requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
361requires_openssl_tls1_3
362run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]363 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
364 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]365 0 \
366 -s "Protocol is TLSv1.3" \
367 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
368 -s "received signature algorithm: 0x804" \
369 -s "got named group: x448(001e)" \
370 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]371 -C "received HelloRetryRequest message"
372
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]373requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]374requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]375requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]376requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]377requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
378requires_openssl_tls1_3
379run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]380 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
381 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]382 0 \
383 -s "Protocol is TLSv1.3" \
384 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
385 -s "received signature algorithm: 0x403" \
386 -s "got named group: secp256r1(0017)" \
387 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]388 -C "received HelloRetryRequest message"
389
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]390requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]391requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]392requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]393requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
395requires_openssl_tls1_3
396run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]397 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
398 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]399 0 \
400 -s "Protocol is TLSv1.3" \
401 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
402 -s "received signature algorithm: 0x503" \
403 -s "got named group: secp256r1(0017)" \
404 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]405 -C "received HelloRetryRequest message"
406
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]407requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]408requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]409requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]410requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
412requires_openssl_tls1_3
413run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]414 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
415 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]416 0 \
417 -s "Protocol is TLSv1.3" \
418 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
419 -s "received signature algorithm: 0x603" \
420 -s "got named group: secp256r1(0017)" \
421 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]422 -C "received HelloRetryRequest message"
423
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]424requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]425requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]426requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]427requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]428requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
429requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
430requires_openssl_tls1_3
431run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]432 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
433 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]434 0 \
435 -s "Protocol is TLSv1.3" \
436 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
437 -s "received signature algorithm: 0x804" \
438 -s "got named group: secp256r1(0017)" \
439 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]440 -C "received HelloRetryRequest message"
441
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]442requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]443requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]444requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]445requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]446requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
447requires_openssl_tls1_3
448run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]449 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
450 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]451 0 \
452 -s "Protocol is TLSv1.3" \
453 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
454 -s "received signature algorithm: 0x403" \
455 -s "got named group: secp384r1(0018)" \
456 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]457 -C "received HelloRetryRequest message"
458
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]459requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]460requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]461requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]462requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]463requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
464requires_openssl_tls1_3
465run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]466 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
467 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]468 0 \
469 -s "Protocol is TLSv1.3" \
470 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
471 -s "received signature algorithm: 0x503" \
472 -s "got named group: secp384r1(0018)" \
473 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]474 -C "received HelloRetryRequest message"
475
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]476requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]477requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]478requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]479requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]480requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
481requires_openssl_tls1_3
482run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]483 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
484 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]485 0 \
486 -s "Protocol is TLSv1.3" \
487 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
488 -s "received signature algorithm: 0x603" \
489 -s "got named group: secp384r1(0018)" \
490 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]491 -C "received HelloRetryRequest message"
492
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]493requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]494requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]495requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]496requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]497requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
498requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
499requires_openssl_tls1_3
500run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]501 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
502 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]503 0 \
504 -s "Protocol is TLSv1.3" \
505 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
506 -s "received signature algorithm: 0x804" \
507 -s "got named group: secp384r1(0018)" \
508 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]509 -C "received HelloRetryRequest message"
510
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]511requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]512requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]513requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]514requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]515requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
516requires_openssl_tls1_3
517run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]518 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
519 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]520 0 \
521 -s "Protocol is TLSv1.3" \
522 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
523 -s "received signature algorithm: 0x403" \
524 -s "got named group: secp521r1(0019)" \
525 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]526 -C "received HelloRetryRequest message"
527
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]528requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]529requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]530requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]531requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]532requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
533requires_openssl_tls1_3
534run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]535 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
536 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]537 0 \
538 -s "Protocol is TLSv1.3" \
539 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
540 -s "received signature algorithm: 0x503" \
541 -s "got named group: secp521r1(0019)" \
542 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]543 -C "received HelloRetryRequest message"
544
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]545requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]546requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]547requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]548requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]549requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
550requires_openssl_tls1_3
551run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]552 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
553 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]554 0 \
555 -s "Protocol is TLSv1.3" \
556 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
557 -s "received signature algorithm: 0x603" \
558 -s "got named group: secp521r1(0019)" \
559 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]560 -C "received HelloRetryRequest message"
561
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]562requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]563requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]564requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]565requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]566requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
567requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
568requires_openssl_tls1_3
569run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]570 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
571 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]572 0 \
573 -s "Protocol is TLSv1.3" \
574 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
575 -s "received signature algorithm: 0x804" \
576 -s "got named group: secp521r1(0019)" \
577 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]578 -C "received HelloRetryRequest message"
579
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]580requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]581requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]582requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]583requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]584requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
585requires_openssl_tls1_3
586run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]587 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
588 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]589 0 \
590 -s "Protocol is TLSv1.3" \
591 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
592 -s "received signature algorithm: 0x403" \
593 -s "got named group: x25519(001d)" \
594 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]595 -C "received HelloRetryRequest message"
596
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]597requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]598requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]599requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]600requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]601requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
602requires_openssl_tls1_3
603run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]604 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
605 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]606 0 \
607 -s "Protocol is TLSv1.3" \
608 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
609 -s "received signature algorithm: 0x503" \
610 -s "got named group: x25519(001d)" \
611 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]612 -C "received HelloRetryRequest message"
613
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]614requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]615requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]616requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]617requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]618requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
619requires_openssl_tls1_3
620run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]621 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
622 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]623 0 \
624 -s "Protocol is TLSv1.3" \
625 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
626 -s "received signature algorithm: 0x603" \
627 -s "got named group: x25519(001d)" \
628 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]629 -C "received HelloRetryRequest message"
630
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]631requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]632requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]633requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]634requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]635requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
636requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
637requires_openssl_tls1_3
638run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]639 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
640 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]641 0 \
642 -s "Protocol is TLSv1.3" \
643 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
644 -s "received signature algorithm: 0x804" \
645 -s "got named group: x25519(001d)" \
646 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]647 -C "received HelloRetryRequest message"
648
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]649requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]650requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]651requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]652requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]653requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
654requires_openssl_tls1_3
655run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]656 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
657 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]658 0 \
659 -s "Protocol is TLSv1.3" \
660 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
661 -s "received signature algorithm: 0x403" \
662 -s "got named group: x448(001e)" \
663 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]664 -C "received HelloRetryRequest message"
665
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]666requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]667requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]668requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]669requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]670requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
671requires_openssl_tls1_3
672run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]673 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
674 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]675 0 \
676 -s "Protocol is TLSv1.3" \
677 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
678 -s "received signature algorithm: 0x503" \
679 -s "got named group: x448(001e)" \
680 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]681 -C "received HelloRetryRequest message"
682
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]683requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]684requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]685requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]686requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]687requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
688requires_openssl_tls1_3
689run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]690 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
691 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]692 0 \
693 -s "Protocol is TLSv1.3" \
694 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
695 -s "received signature algorithm: 0x603" \
696 -s "got named group: x448(001e)" \
697 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]698 -C "received HelloRetryRequest message"
699
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]700requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]701requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]702requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]703requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]704requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
705requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
706requires_openssl_tls1_3
707run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]708 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
709 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]710 0 \
711 -s "Protocol is TLSv1.3" \
712 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
713 -s "received signature algorithm: 0x804" \
714 -s "got named group: x448(001e)" \
715 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]716 -C "received HelloRetryRequest message"
717
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]718requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]719requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]720requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]721requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]722requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
723requires_openssl_tls1_3
724run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]725 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
726 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]727 0 \
728 -s "Protocol is TLSv1.3" \
729 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
730 -s "received signature algorithm: 0x403" \
731 -s "got named group: secp256r1(0017)" \
732 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]733 -C "received HelloRetryRequest message"
734
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]735requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]736requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]737requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]738requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]739requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
740requires_openssl_tls1_3
741run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]742 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
743 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]744 0 \
745 -s "Protocol is TLSv1.3" \
746 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
747 -s "received signature algorithm: 0x503" \
748 -s "got named group: secp256r1(0017)" \
749 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]750 -C "received HelloRetryRequest message"
751
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]752requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]753requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]754requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]755requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]756requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
757requires_openssl_tls1_3
758run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]759 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
760 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]761 0 \
762 -s "Protocol is TLSv1.3" \
763 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
764 -s "received signature algorithm: 0x603" \
765 -s "got named group: secp256r1(0017)" \
766 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]767 -C "received HelloRetryRequest message"
768
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]769requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]770requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]771requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]772requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]773requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
774requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
775requires_openssl_tls1_3
776run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]777 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
778 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]779 0 \
780 -s "Protocol is TLSv1.3" \
781 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
782 -s "received signature algorithm: 0x804" \
783 -s "got named group: secp256r1(0017)" \
784 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]785 -C "received HelloRetryRequest message"
786
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]787requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]788requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]789requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]790requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]791requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
792requires_openssl_tls1_3
793run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]794 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
795 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]796 0 \
797 -s "Protocol is TLSv1.3" \
798 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
799 -s "received signature algorithm: 0x403" \
800 -s "got named group: secp384r1(0018)" \
801 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]802 -C "received HelloRetryRequest message"
803
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]804requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]805requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]806requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]807requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]808requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
809requires_openssl_tls1_3
810run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]811 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
812 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]813 0 \
814 -s "Protocol is TLSv1.3" \
815 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
816 -s "received signature algorithm: 0x503" \
817 -s "got named group: secp384r1(0018)" \
818 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]819 -C "received HelloRetryRequest message"
820
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]821requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]822requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]823requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]824requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]825requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
826requires_openssl_tls1_3
827run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]828 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
829 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]830 0 \
831 -s "Protocol is TLSv1.3" \
832 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
833 -s "received signature algorithm: 0x603" \
834 -s "got named group: secp384r1(0018)" \
835 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]836 -C "received HelloRetryRequest message"
837
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]838requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]839requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]840requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]841requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]842requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
843requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
844requires_openssl_tls1_3
845run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]846 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
847 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]848 0 \
849 -s "Protocol is TLSv1.3" \
850 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
851 -s "received signature algorithm: 0x804" \
852 -s "got named group: secp384r1(0018)" \
853 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]854 -C "received HelloRetryRequest message"
855
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]856requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]857requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]858requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]859requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]860requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
861requires_openssl_tls1_3
862run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]863 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
864 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]865 0 \
866 -s "Protocol is TLSv1.3" \
867 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
868 -s "received signature algorithm: 0x403" \
869 -s "got named group: secp521r1(0019)" \
870 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]871 -C "received HelloRetryRequest message"
872
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]873requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]874requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]875requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]876requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]877requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
878requires_openssl_tls1_3
879run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]880 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
881 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]882 0 \
883 -s "Protocol is TLSv1.3" \
884 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
885 -s "received signature algorithm: 0x503" \
886 -s "got named group: secp521r1(0019)" \
887 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]888 -C "received HelloRetryRequest message"
889
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]890requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]891requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]892requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]893requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]894requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
895requires_openssl_tls1_3
896run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]897 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
898 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]899 0 \
900 -s "Protocol is TLSv1.3" \
901 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
902 -s "received signature algorithm: 0x603" \
903 -s "got named group: secp521r1(0019)" \
904 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]905 -C "received HelloRetryRequest message"
906
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]907requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]908requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]909requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]910requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
912requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
913requires_openssl_tls1_3
914run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]915 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
916 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]917 0 \
918 -s "Protocol is TLSv1.3" \
919 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
920 -s "received signature algorithm: 0x804" \
921 -s "got named group: secp521r1(0019)" \
922 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]923 -C "received HelloRetryRequest message"
924
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]925requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]926requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]927requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]928requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]929requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
930requires_openssl_tls1_3
931run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]932 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
933 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]934 0 \
935 -s "Protocol is TLSv1.3" \
936 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
937 -s "received signature algorithm: 0x403" \
938 -s "got named group: x25519(001d)" \
939 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]940 -C "received HelloRetryRequest message"
941
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]942requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]943requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]944requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]945requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]946requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
947requires_openssl_tls1_3
948run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]949 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
950 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]951 0 \
952 -s "Protocol is TLSv1.3" \
953 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
954 -s "received signature algorithm: 0x503" \
955 -s "got named group: x25519(001d)" \
956 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]957 -C "received HelloRetryRequest message"
958
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]959requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]960requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]961requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]962requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]963requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
964requires_openssl_tls1_3
965run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]966 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
967 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]968 0 \
969 -s "Protocol is TLSv1.3" \
970 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
971 -s "received signature algorithm: 0x603" \
972 -s "got named group: x25519(001d)" \
973 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]974 -C "received HelloRetryRequest message"
975
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]976requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]977requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]978requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]979requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]980requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
981requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
982requires_openssl_tls1_3
983run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]984 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
985 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]986 0 \
987 -s "Protocol is TLSv1.3" \
988 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
989 -s "received signature algorithm: 0x804" \
990 -s "got named group: x25519(001d)" \
991 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]992 -C "received HelloRetryRequest message"
993
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]994requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]995requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]996requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]997requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]998requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
999requires_openssl_tls1_3
1000run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1001 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1002 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1003 0 \
1004 -s "Protocol is TLSv1.3" \
1005 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1006 -s "received signature algorithm: 0x403" \
1007 -s "got named group: x448(001e)" \
1008 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1009 -C "received HelloRetryRequest message"
1010
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1011requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1012requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1013requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1014requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1015requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1016requires_openssl_tls1_3
1017run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1018 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1019 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1020 0 \
1021 -s "Protocol is TLSv1.3" \
1022 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1023 -s "received signature algorithm: 0x503" \
1024 -s "got named group: x448(001e)" \
1025 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1026 -C "received HelloRetryRequest message"
1027
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1028requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1029requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1030requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1031requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1033requires_openssl_tls1_3
1034run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1035 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1036 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1037 0 \
1038 -s "Protocol is TLSv1.3" \
1039 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1040 -s "received signature algorithm: 0x603" \
1041 -s "got named group: x448(001e)" \
1042 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1043 -C "received HelloRetryRequest message"
1044
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1045requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1046requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1047requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1048requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1049requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1050requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1051requires_openssl_tls1_3
1052run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1053 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1054 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1055 0 \
1056 -s "Protocol is TLSv1.3" \
1057 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1058 -s "received signature algorithm: 0x804" \
1059 -s "got named group: x448(001e)" \
1060 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1061 -C "received HelloRetryRequest message"
1062
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1063requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1064requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1065requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1066requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1067requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1068requires_openssl_tls1_3
1069run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1070 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1071 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1072 0 \
1073 -s "Protocol is TLSv1.3" \
1074 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1075 -s "received signature algorithm: 0x403" \
1076 -s "got named group: secp256r1(0017)" \
1077 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1078 -C "received HelloRetryRequest message"
1079
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1080requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1081requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1082requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1083requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1084requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1085requires_openssl_tls1_3
1086run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1087 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1088 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1089 0 \
1090 -s "Protocol is TLSv1.3" \
1091 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1092 -s "received signature algorithm: 0x503" \
1093 -s "got named group: secp256r1(0017)" \
1094 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1095 -C "received HelloRetryRequest message"
1096
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1097requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1098requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1099requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1100requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1102requires_openssl_tls1_3
1103run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1104 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1105 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1106 0 \
1107 -s "Protocol is TLSv1.3" \
1108 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1109 -s "received signature algorithm: 0x603" \
1110 -s "got named group: secp256r1(0017)" \
1111 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1112 -C "received HelloRetryRequest message"
1113
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1114requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1115requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1116requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1117requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1118requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1119requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1120requires_openssl_tls1_3
1121run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1122 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1123 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1124 0 \
1125 -s "Protocol is TLSv1.3" \
1126 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1127 -s "received signature algorithm: 0x804" \
1128 -s "got named group: secp256r1(0017)" \
1129 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1130 -C "received HelloRetryRequest message"
1131
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1132requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1133requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1134requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1135requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1136requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1137requires_openssl_tls1_3
1138run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1139 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1140 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1141 0 \
1142 -s "Protocol is TLSv1.3" \
1143 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1144 -s "received signature algorithm: 0x403" \
1145 -s "got named group: secp384r1(0018)" \
1146 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1147 -C "received HelloRetryRequest message"
1148
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1149requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1150requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1151requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1152requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1153requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1154requires_openssl_tls1_3
1155run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1156 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1157 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1158 0 \
1159 -s "Protocol is TLSv1.3" \
1160 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1161 -s "received signature algorithm: 0x503" \
1162 -s "got named group: secp384r1(0018)" \
1163 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1164 -C "received HelloRetryRequest message"
1165
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1166requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1167requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1168requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1169requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1170requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1171requires_openssl_tls1_3
1172run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1173 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1174 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1175 0 \
1176 -s "Protocol is TLSv1.3" \
1177 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1178 -s "received signature algorithm: 0x603" \
1179 -s "got named group: secp384r1(0018)" \
1180 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1181 -C "received HelloRetryRequest message"
1182
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1183requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1184requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1185requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1186requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1188requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1189requires_openssl_tls1_3
1190run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1191 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1192 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1193 0 \
1194 -s "Protocol is TLSv1.3" \
1195 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1196 -s "received signature algorithm: 0x804" \
1197 -s "got named group: secp384r1(0018)" \
1198 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1199 -C "received HelloRetryRequest message"
1200
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1201requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1202requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1203requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1204requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1205requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1206requires_openssl_tls1_3
1207run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1208 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1209 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1210 0 \
1211 -s "Protocol is TLSv1.3" \
1212 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1213 -s "received signature algorithm: 0x403" \
1214 -s "got named group: secp521r1(0019)" \
1215 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1216 -C "received HelloRetryRequest message"
1217
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1218requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1219requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1220requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1221requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1222requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1223requires_openssl_tls1_3
1224run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1225 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1226 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1227 0 \
1228 -s "Protocol is TLSv1.3" \
1229 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1230 -s "received signature algorithm: 0x503" \
1231 -s "got named group: secp521r1(0019)" \
1232 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1233 -C "received HelloRetryRequest message"
1234
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1235requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1236requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1238requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1240requires_openssl_tls1_3
1241run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1242 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1243 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1244 0 \
1245 -s "Protocol is TLSv1.3" \
1246 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1247 -s "received signature algorithm: 0x603" \
1248 -s "got named group: secp521r1(0019)" \
1249 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1250 -C "received HelloRetryRequest message"
1251
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1252requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1253requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1254requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1255requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1257requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1258requires_openssl_tls1_3
1259run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1260 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1261 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1262 0 \
1263 -s "Protocol is TLSv1.3" \
1264 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1265 -s "received signature algorithm: 0x804" \
1266 -s "got named group: secp521r1(0019)" \
1267 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1268 -C "received HelloRetryRequest message"
1269
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1270requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1271requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1272requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1273requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1274requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1275requires_openssl_tls1_3
1276run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1277 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1278 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1279 0 \
1280 -s "Protocol is TLSv1.3" \
1281 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1282 -s "received signature algorithm: 0x403" \
1283 -s "got named group: x25519(001d)" \
1284 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1285 -C "received HelloRetryRequest message"
1286
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1287requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1288requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1289requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1290requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1291requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1292requires_openssl_tls1_3
1293run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1294 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1295 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1296 0 \
1297 -s "Protocol is TLSv1.3" \
1298 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1299 -s "received signature algorithm: 0x503" \
1300 -s "got named group: x25519(001d)" \
1301 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1302 -C "received HelloRetryRequest message"
1303
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1304requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1305requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1306requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1307requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1308requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1309requires_openssl_tls1_3
1310run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1311 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1312 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1313 0 \
1314 -s "Protocol is TLSv1.3" \
1315 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1316 -s "received signature algorithm: 0x603" \
1317 -s "got named group: x25519(001d)" \
1318 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1319 -C "received HelloRetryRequest message"
1320
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1321requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1322requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1323requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1324requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1326requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1327requires_openssl_tls1_3
1328run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1329 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1330 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1331 0 \
1332 -s "Protocol is TLSv1.3" \
1333 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1334 -s "received signature algorithm: 0x804" \
1335 -s "got named group: x25519(001d)" \
1336 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1337 -C "received HelloRetryRequest message"
1338
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1339requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1340requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1341requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1342requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1343requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1344requires_openssl_tls1_3
1345run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1346 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1347 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1348 0 \
1349 -s "Protocol is TLSv1.3" \
1350 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1351 -s "received signature algorithm: 0x403" \
1352 -s "got named group: x448(001e)" \
1353 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1354 -C "received HelloRetryRequest message"
1355
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1356requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1357requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1358requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1359requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1360requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1361requires_openssl_tls1_3
1362run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1363 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1364 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1365 0 \
1366 -s "Protocol is TLSv1.3" \
1367 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1368 -s "received signature algorithm: 0x503" \
1369 -s "got named group: x448(001e)" \
1370 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1371 -C "received HelloRetryRequest message"
1372
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1373requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1374requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1375requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1376requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1377requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1378requires_openssl_tls1_3
1379run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1380 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1381 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1382 0 \
1383 -s "Protocol is TLSv1.3" \
1384 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1385 -s "received signature algorithm: 0x603" \
1386 -s "got named group: x448(001e)" \
1387 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1388 -C "received HelloRetryRequest message"
1389
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1390requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1391requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1392requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1393requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1395requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1396requires_openssl_tls1_3
1397run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1398 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1399 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1400 0 \
1401 -s "Protocol is TLSv1.3" \
1402 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1403 -s "received signature algorithm: 0x804" \
1404 -s "got named group: x448(001e)" \
1405 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1406 -C "received HelloRetryRequest message"
1407
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1408requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1409requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1410requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1411requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1412requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1413requires_openssl_tls1_3
1414run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1415 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1416 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1417 0 \
1418 -s "Protocol is TLSv1.3" \
1419 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1420 -s "received signature algorithm: 0x403" \
1421 -s "got named group: secp256r1(0017)" \
1422 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1423 -C "received HelloRetryRequest message"
1424
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1425requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1426requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1427requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1428requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1429requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1430requires_openssl_tls1_3
1431run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1432 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1433 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1434 0 \
1435 -s "Protocol is TLSv1.3" \
1436 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1437 -s "received signature algorithm: 0x503" \
1438 -s "got named group: secp256r1(0017)" \
1439 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1440 -C "received HelloRetryRequest message"
1441
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1442requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1443requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1444requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1445requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1446requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1447requires_openssl_tls1_3
1448run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1449 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1450 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1451 0 \
1452 -s "Protocol is TLSv1.3" \
1453 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1454 -s "received signature algorithm: 0x603" \
1455 -s "got named group: secp256r1(0017)" \
1456 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1457 -C "received HelloRetryRequest message"
1458
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1459requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1460requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1461requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1462requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1463requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1464requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1465requires_openssl_tls1_3
1466run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1467 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1468 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1469 0 \
1470 -s "Protocol is TLSv1.3" \
1471 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1472 -s "received signature algorithm: 0x804" \
1473 -s "got named group: secp256r1(0017)" \
1474 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1475 -C "received HelloRetryRequest message"
1476
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1477requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1478requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1479requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1480requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1481requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1482requires_openssl_tls1_3
1483run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1484 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1485 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1486 0 \
1487 -s "Protocol is TLSv1.3" \
1488 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1489 -s "received signature algorithm: 0x403" \
1490 -s "got named group: secp384r1(0018)" \
1491 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1492 -C "received HelloRetryRequest message"
1493
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1494requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1495requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1496requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1497requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1498requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1499requires_openssl_tls1_3
1500run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1501 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1502 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1503 0 \
1504 -s "Protocol is TLSv1.3" \
1505 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1506 -s "received signature algorithm: 0x503" \
1507 -s "got named group: secp384r1(0018)" \
1508 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1509 -C "received HelloRetryRequest message"
1510
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1511requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1512requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1513requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1514requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1515requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1516requires_openssl_tls1_3
1517run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1518 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1519 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1520 0 \
1521 -s "Protocol is TLSv1.3" \
1522 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1523 -s "received signature algorithm: 0x603" \
1524 -s "got named group: secp384r1(0018)" \
1525 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1526 -C "received HelloRetryRequest message"
1527
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1528requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1529requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1530requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1531requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1532requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1533requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1534requires_openssl_tls1_3
1535run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1536 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1537 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1538 0 \
1539 -s "Protocol is TLSv1.3" \
1540 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1541 -s "received signature algorithm: 0x804" \
1542 -s "got named group: secp384r1(0018)" \
1543 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1544 -C "received HelloRetryRequest message"
1545
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1546requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1547requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1548requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1549requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1550requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1551requires_openssl_tls1_3
1552run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1553 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1554 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1555 0 \
1556 -s "Protocol is TLSv1.3" \
1557 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1558 -s "received signature algorithm: 0x403" \
1559 -s "got named group: secp521r1(0019)" \
1560 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1561 -C "received HelloRetryRequest message"
1562
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1563requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1564requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1565requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1566requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1567requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1568requires_openssl_tls1_3
1569run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1570 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1571 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1572 0 \
1573 -s "Protocol is TLSv1.3" \
1574 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1575 -s "received signature algorithm: 0x503" \
1576 -s "got named group: secp521r1(0019)" \
1577 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1578 -C "received HelloRetryRequest message"
1579
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1580requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1581requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1582requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1583requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1584requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1585requires_openssl_tls1_3
1586run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1587 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1588 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1589 0 \
1590 -s "Protocol is TLSv1.3" \
1591 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1592 -s "received signature algorithm: 0x603" \
1593 -s "got named group: secp521r1(0019)" \
1594 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1595 -C "received HelloRetryRequest message"
1596
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1597requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1598requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1599requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1600requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1601requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1602requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1603requires_openssl_tls1_3
1604run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1605 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1606 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1607 0 \
1608 -s "Protocol is TLSv1.3" \
1609 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1610 -s "received signature algorithm: 0x804" \
1611 -s "got named group: secp521r1(0019)" \
1612 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1613 -C "received HelloRetryRequest message"
1614
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1615requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1616requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1617requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1618requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1620requires_openssl_tls1_3
1621run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1622 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1623 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1624 0 \
1625 -s "Protocol is TLSv1.3" \
1626 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1627 -s "received signature algorithm: 0x403" \
1628 -s "got named group: x25519(001d)" \
1629 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1630 -C "received HelloRetryRequest message"
1631
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1632requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1633requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1634requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1635requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1636requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1637requires_openssl_tls1_3
1638run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1639 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1640 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1641 0 \
1642 -s "Protocol is TLSv1.3" \
1643 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1644 -s "received signature algorithm: 0x503" \
1645 -s "got named group: x25519(001d)" \
1646 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1647 -C "received HelloRetryRequest message"
1648
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1649requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1650requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1651requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1652requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1653requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1654requires_openssl_tls1_3
1655run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1656 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1657 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1658 0 \
1659 -s "Protocol is TLSv1.3" \
1660 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1661 -s "received signature algorithm: 0x603" \
1662 -s "got named group: x25519(001d)" \
1663 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1664 -C "received HelloRetryRequest message"
1665
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1666requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1667requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1668requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1669requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1670requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1671requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1672requires_openssl_tls1_3
1673run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1674 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1675 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1676 0 \
1677 -s "Protocol is TLSv1.3" \
1678 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1679 -s "received signature algorithm: 0x804" \
1680 -s "got named group: x25519(001d)" \
1681 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1682 -C "received HelloRetryRequest message"
1683
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1684requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1685requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1686requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1687requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1688requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1689requires_openssl_tls1_3
1690run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1691 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1692 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1693 0 \
1694 -s "Protocol is TLSv1.3" \
1695 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1696 -s "received signature algorithm: 0x403" \
1697 -s "got named group: x448(001e)" \
1698 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1699 -C "received HelloRetryRequest message"
1700
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1701requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1702requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1703requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1704requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1705requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1706requires_openssl_tls1_3
1707run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1708 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1709 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1710 0 \
1711 -s "Protocol is TLSv1.3" \
1712 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1713 -s "received signature algorithm: 0x503" \
1714 -s "got named group: x448(001e)" \
1715 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1716 -C "received HelloRetryRequest message"
1717
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1718requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1719requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1720requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1721requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1722requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1723requires_openssl_tls1_3
1724run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1725 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1726 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1727 0 \
1728 -s "Protocol is TLSv1.3" \
1729 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1730 -s "received signature algorithm: 0x603" \
1731 -s "got named group: x448(001e)" \
1732 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1733 -C "received HelloRetryRequest message"
1734
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1735requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1736requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1737requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1738requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1739requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1740requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1741requires_openssl_tls1_3
1742run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1743 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1744 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1745 0 \
1746 -s "Protocol is TLSv1.3" \
1747 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1748 -s "received signature algorithm: 0x804" \
1749 -s "got named group: x448(001e)" \
1750 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1751 -C "received HelloRetryRequest message"
1752
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1753requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1754requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1755requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1756requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1758requires_gnutls_tls1_3
1759requires_gnutls_next_no_ticket
1760requires_gnutls_next_disable_tls13_compat
1761run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1762 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1763 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1764 0 \
1765 -s "Protocol is TLSv1.3" \
1766 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1767 -s "received signature algorithm: 0x403" \
1768 -s "got named group: secp256r1(0017)" \
1769 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1770 -C "received HelloRetryRequest message"
1771
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1772requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1773requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1774requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1775requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1776requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1777requires_gnutls_tls1_3
1778requires_gnutls_next_no_ticket
1779requires_gnutls_next_disable_tls13_compat
1780run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1781 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1782 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1783 0 \
1784 -s "Protocol is TLSv1.3" \
1785 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1786 -s "received signature algorithm: 0x503" \
1787 -s "got named group: secp256r1(0017)" \
1788 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1789 -C "received HelloRetryRequest message"
1790
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1791requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1792requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1793requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1794requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1795requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1796requires_gnutls_tls1_3
1797requires_gnutls_next_no_ticket
1798requires_gnutls_next_disable_tls13_compat
1799run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1800 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1801 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1802 0 \
1803 -s "Protocol is TLSv1.3" \
1804 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1805 -s "received signature algorithm: 0x603" \
1806 -s "got named group: secp256r1(0017)" \
1807 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1808 -C "received HelloRetryRequest message"
1809
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1810requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1811requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1812requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1813requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1814requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1815requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1816requires_gnutls_tls1_3
1817requires_gnutls_next_no_ticket
1818requires_gnutls_next_disable_tls13_compat
1819run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1820 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1821 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1822 0 \
1823 -s "Protocol is TLSv1.3" \
1824 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1825 -s "received signature algorithm: 0x804" \
1826 -s "got named group: secp256r1(0017)" \
1827 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1828 -C "received HelloRetryRequest message"
1829
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1830requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1831requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1832requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1833requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1834requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1835requires_gnutls_tls1_3
1836requires_gnutls_next_no_ticket
1837requires_gnutls_next_disable_tls13_compat
1838run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1839 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1840 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1841 0 \
1842 -s "Protocol is TLSv1.3" \
1843 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1844 -s "received signature algorithm: 0x403" \
1845 -s "got named group: secp384r1(0018)" \
1846 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1847 -C "received HelloRetryRequest message"
1848
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1849requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1850requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1851requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1852requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1853requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1854requires_gnutls_tls1_3
1855requires_gnutls_next_no_ticket
1856requires_gnutls_next_disable_tls13_compat
1857run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1858 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1859 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1860 0 \
1861 -s "Protocol is TLSv1.3" \
1862 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1863 -s "received signature algorithm: 0x503" \
1864 -s "got named group: secp384r1(0018)" \
1865 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1866 -C "received HelloRetryRequest message"
1867
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1868requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1869requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1870requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1871requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1873requires_gnutls_tls1_3
1874requires_gnutls_next_no_ticket
1875requires_gnutls_next_disable_tls13_compat
1876run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1877 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1878 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1879 0 \
1880 -s "Protocol is TLSv1.3" \
1881 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1882 -s "received signature algorithm: 0x603" \
1883 -s "got named group: secp384r1(0018)" \
1884 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1885 -C "received HelloRetryRequest message"
1886
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1887requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1888requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1889requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1890requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1891requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1892requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1893requires_gnutls_tls1_3
1894requires_gnutls_next_no_ticket
1895requires_gnutls_next_disable_tls13_compat
1896run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1897 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1898 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1899 0 \
1900 -s "Protocol is TLSv1.3" \
1901 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1902 -s "received signature algorithm: 0x804" \
1903 -s "got named group: secp384r1(0018)" \
1904 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1905 -C "received HelloRetryRequest message"
1906
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1907requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1908requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1909requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1910requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1912requires_gnutls_tls1_3
1913requires_gnutls_next_no_ticket
1914requires_gnutls_next_disable_tls13_compat
1915run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1916 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1917 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1918 0 \
1919 -s "Protocol is TLSv1.3" \
1920 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1921 -s "received signature algorithm: 0x403" \
1922 -s "got named group: secp521r1(0019)" \
1923 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1924 -C "received HelloRetryRequest message"
1925
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1926requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1927requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1928requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1929requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1930requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1931requires_gnutls_tls1_3
1932requires_gnutls_next_no_ticket
1933requires_gnutls_next_disable_tls13_compat
1934run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1935 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1936 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1937 0 \
1938 -s "Protocol is TLSv1.3" \
1939 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1940 -s "received signature algorithm: 0x503" \
1941 -s "got named group: secp521r1(0019)" \
1942 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1943 -C "received HelloRetryRequest message"
1944
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1945requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1946requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1947requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1948requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1949requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1950requires_gnutls_tls1_3
1951requires_gnutls_next_no_ticket
1952requires_gnutls_next_disable_tls13_compat
1953run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1954 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1955 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1956 0 \
1957 -s "Protocol is TLSv1.3" \
1958 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1959 -s "received signature algorithm: 0x603" \
1960 -s "got named group: secp521r1(0019)" \
1961 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1962 -C "received HelloRetryRequest message"
1963
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1964requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1965requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1966requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1967requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1968requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1969requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1970requires_gnutls_tls1_3
1971requires_gnutls_next_no_ticket
1972requires_gnutls_next_disable_tls13_compat
1973run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1974 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1975 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1976 0 \
1977 -s "Protocol is TLSv1.3" \
1978 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1979 -s "received signature algorithm: 0x804" \
1980 -s "got named group: secp521r1(0019)" \
1981 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1982 -C "received HelloRetryRequest message"
1983
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1984requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]1985requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1986requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]1987requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1988requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1989requires_gnutls_tls1_3
1990requires_gnutls_next_no_ticket
1991requires_gnutls_next_disable_tls13_compat
1992run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]1993 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1994 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1995 0 \
1996 -s "Protocol is TLSv1.3" \
1997 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1998 -s "received signature algorithm: 0x403" \
1999 -s "got named group: x25519(001d)" \
2000 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2001 -C "received HelloRetryRequest message"
2002
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2003requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2004requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2005requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2006requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2007requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2008requires_gnutls_tls1_3
2009requires_gnutls_next_no_ticket
2010requires_gnutls_next_disable_tls13_compat
2011run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2012 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2013 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2014 0 \
2015 -s "Protocol is TLSv1.3" \
2016 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2017 -s "received signature algorithm: 0x503" \
2018 -s "got named group: x25519(001d)" \
2019 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2020 -C "received HelloRetryRequest message"
2021
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2022requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2023requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2024requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2025requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2026requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2027requires_gnutls_tls1_3
2028requires_gnutls_next_no_ticket
2029requires_gnutls_next_disable_tls13_compat
2030run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2031 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2032 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2033 0 \
2034 -s "Protocol is TLSv1.3" \
2035 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2036 -s "received signature algorithm: 0x603" \
2037 -s "got named group: x25519(001d)" \
2038 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2039 -C "received HelloRetryRequest message"
2040
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2041requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2042requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2043requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2044requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2045requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2046requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2047requires_gnutls_tls1_3
2048requires_gnutls_next_no_ticket
2049requires_gnutls_next_disable_tls13_compat
2050run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2051 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2052 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2053 0 \
2054 -s "Protocol is TLSv1.3" \
2055 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2056 -s "received signature algorithm: 0x804" \
2057 -s "got named group: x25519(001d)" \
2058 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2059 -C "received HelloRetryRequest message"
2060
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2061requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2062requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2063requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2064requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2065requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2066requires_gnutls_tls1_3
2067requires_gnutls_next_no_ticket
2068requires_gnutls_next_disable_tls13_compat
2069run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2070 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2071 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2072 0 \
2073 -s "Protocol is TLSv1.3" \
2074 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2075 -s "received signature algorithm: 0x403" \
2076 -s "got named group: x448(001e)" \
2077 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2078 -C "received HelloRetryRequest message"
2079
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2080requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2081requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2082requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2083requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2084requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2085requires_gnutls_tls1_3
2086requires_gnutls_next_no_ticket
2087requires_gnutls_next_disable_tls13_compat
2088run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2089 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2090 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2091 0 \
2092 -s "Protocol is TLSv1.3" \
2093 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2094 -s "received signature algorithm: 0x503" \
2095 -s "got named group: x448(001e)" \
2096 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2097 -C "received HelloRetryRequest message"
2098
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2099requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2100requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2101requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2102requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2103requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2104requires_gnutls_tls1_3
2105requires_gnutls_next_no_ticket
2106requires_gnutls_next_disable_tls13_compat
2107run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2108 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2109 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2110 0 \
2111 -s "Protocol is TLSv1.3" \
2112 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2113 -s "received signature algorithm: 0x603" \
2114 -s "got named group: x448(001e)" \
2115 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2116 -C "received HelloRetryRequest message"
2117
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2118requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2119requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2120requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2121requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2122requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2123requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2124requires_gnutls_tls1_3
2125requires_gnutls_next_no_ticket
2126requires_gnutls_next_disable_tls13_compat
2127run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2128 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2129 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2130 0 \
2131 -s "Protocol is TLSv1.3" \
2132 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2133 -s "received signature algorithm: 0x804" \
2134 -s "got named group: x448(001e)" \
2135 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2136 -C "received HelloRetryRequest message"
2137
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2138requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2139requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2140requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2141requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2142requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2143requires_gnutls_tls1_3
2144requires_gnutls_next_no_ticket
2145requires_gnutls_next_disable_tls13_compat
2146run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2147 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2148 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2149 0 \
2150 -s "Protocol is TLSv1.3" \
2151 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2152 -s "received signature algorithm: 0x403" \
2153 -s "got named group: secp256r1(0017)" \
2154 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2155 -C "received HelloRetryRequest message"
2156
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2157requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2158requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2159requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2160requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2162requires_gnutls_tls1_3
2163requires_gnutls_next_no_ticket
2164requires_gnutls_next_disable_tls13_compat
2165run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2166 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2167 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2168 0 \
2169 -s "Protocol is TLSv1.3" \
2170 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2171 -s "received signature algorithm: 0x503" \
2172 -s "got named group: secp256r1(0017)" \
2173 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2174 -C "received HelloRetryRequest message"
2175
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2176requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2177requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2178requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2179requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2180requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2181requires_gnutls_tls1_3
2182requires_gnutls_next_no_ticket
2183requires_gnutls_next_disable_tls13_compat
2184run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2185 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2186 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2187 0 \
2188 -s "Protocol is TLSv1.3" \
2189 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2190 -s "received signature algorithm: 0x603" \
2191 -s "got named group: secp256r1(0017)" \
2192 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2193 -C "received HelloRetryRequest message"
2194
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2195requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2196requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2197requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2198requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2199requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2200requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2201requires_gnutls_tls1_3
2202requires_gnutls_next_no_ticket
2203requires_gnutls_next_disable_tls13_compat
2204run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2205 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2206 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2207 0 \
2208 -s "Protocol is TLSv1.3" \
2209 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2210 -s "received signature algorithm: 0x804" \
2211 -s "got named group: secp256r1(0017)" \
2212 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2213 -C "received HelloRetryRequest message"
2214
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2215requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2216requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2217requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2218requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2220requires_gnutls_tls1_3
2221requires_gnutls_next_no_ticket
2222requires_gnutls_next_disable_tls13_compat
2223run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2224 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2225 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2226 0 \
2227 -s "Protocol is TLSv1.3" \
2228 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2229 -s "received signature algorithm: 0x403" \
2230 -s "got named group: secp384r1(0018)" \
2231 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2232 -C "received HelloRetryRequest message"
2233
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2234requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2235requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2236requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2237requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2239requires_gnutls_tls1_3
2240requires_gnutls_next_no_ticket
2241requires_gnutls_next_disable_tls13_compat
2242run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2243 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2244 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2245 0 \
2246 -s "Protocol is TLSv1.3" \
2247 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2248 -s "received signature algorithm: 0x503" \
2249 -s "got named group: secp384r1(0018)" \
2250 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2251 -C "received HelloRetryRequest message"
2252
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2253requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2254requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2255requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2256requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2258requires_gnutls_tls1_3
2259requires_gnutls_next_no_ticket
2260requires_gnutls_next_disable_tls13_compat
2261run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2262 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2263 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2264 0 \
2265 -s "Protocol is TLSv1.3" \
2266 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2267 -s "received signature algorithm: 0x603" \
2268 -s "got named group: secp384r1(0018)" \
2269 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2270 -C "received HelloRetryRequest message"
2271
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2272requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2273requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2274requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2275requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2276requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2277requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2278requires_gnutls_tls1_3
2279requires_gnutls_next_no_ticket
2280requires_gnutls_next_disable_tls13_compat
2281run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2282 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2283 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2284 0 \
2285 -s "Protocol is TLSv1.3" \
2286 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2287 -s "received signature algorithm: 0x804" \
2288 -s "got named group: secp384r1(0018)" \
2289 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2290 -C "received HelloRetryRequest message"
2291
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2292requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2293requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2294requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2295requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2296requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2297requires_gnutls_tls1_3
2298requires_gnutls_next_no_ticket
2299requires_gnutls_next_disable_tls13_compat
2300run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2301 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2302 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2303 0 \
2304 -s "Protocol is TLSv1.3" \
2305 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2306 -s "received signature algorithm: 0x403" \
2307 -s "got named group: secp521r1(0019)" \
2308 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2309 -C "received HelloRetryRequest message"
2310
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2311requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2312requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2313requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2314requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2315requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2316requires_gnutls_tls1_3
2317requires_gnutls_next_no_ticket
2318requires_gnutls_next_disable_tls13_compat
2319run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2320 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2321 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2322 0 \
2323 -s "Protocol is TLSv1.3" \
2324 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2325 -s "received signature algorithm: 0x503" \
2326 -s "got named group: secp521r1(0019)" \
2327 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2328 -C "received HelloRetryRequest message"
2329
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2330requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2331requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2332requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2333requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2334requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2335requires_gnutls_tls1_3
2336requires_gnutls_next_no_ticket
2337requires_gnutls_next_disable_tls13_compat
2338run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2339 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2340 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2341 0 \
2342 -s "Protocol is TLSv1.3" \
2343 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2344 -s "received signature algorithm: 0x603" \
2345 -s "got named group: secp521r1(0019)" \
2346 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2347 -C "received HelloRetryRequest message"
2348
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2349requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2350requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2351requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2352requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2353requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2354requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2355requires_gnutls_tls1_3
2356requires_gnutls_next_no_ticket
2357requires_gnutls_next_disable_tls13_compat
2358run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2359 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2360 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2361 0 \
2362 -s "Protocol is TLSv1.3" \
2363 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2364 -s "received signature algorithm: 0x804" \
2365 -s "got named group: secp521r1(0019)" \
2366 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2367 -C "received HelloRetryRequest message"
2368
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2369requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2370requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2371requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2372requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2373requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2374requires_gnutls_tls1_3
2375requires_gnutls_next_no_ticket
2376requires_gnutls_next_disable_tls13_compat
2377run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2378 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2379 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2380 0 \
2381 -s "Protocol is TLSv1.3" \
2382 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2383 -s "received signature algorithm: 0x403" \
2384 -s "got named group: x25519(001d)" \
2385 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2386 -C "received HelloRetryRequest message"
2387
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2388requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2389requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2390requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2391requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2392requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2393requires_gnutls_tls1_3
2394requires_gnutls_next_no_ticket
2395requires_gnutls_next_disable_tls13_compat
2396run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2397 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2398 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2399 0 \
2400 -s "Protocol is TLSv1.3" \
2401 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2402 -s "received signature algorithm: 0x503" \
2403 -s "got named group: x25519(001d)" \
2404 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2405 -C "received HelloRetryRequest message"
2406
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2407requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2408requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2409requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2410requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2412requires_gnutls_tls1_3
2413requires_gnutls_next_no_ticket
2414requires_gnutls_next_disable_tls13_compat
2415run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2416 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2417 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2418 0 \
2419 -s "Protocol is TLSv1.3" \
2420 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2421 -s "received signature algorithm: 0x603" \
2422 -s "got named group: x25519(001d)" \
2423 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2424 -C "received HelloRetryRequest message"
2425
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2426requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2427requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2428requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2429requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2430requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2431requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2432requires_gnutls_tls1_3
2433requires_gnutls_next_no_ticket
2434requires_gnutls_next_disable_tls13_compat
2435run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2436 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2437 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2438 0 \
2439 -s "Protocol is TLSv1.3" \
2440 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2441 -s "received signature algorithm: 0x804" \
2442 -s "got named group: x25519(001d)" \
2443 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2444 -C "received HelloRetryRequest message"
2445
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2446requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2447requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2448requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2449requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2450requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2451requires_gnutls_tls1_3
2452requires_gnutls_next_no_ticket
2453requires_gnutls_next_disable_tls13_compat
2454run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2455 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2456 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2457 0 \
2458 -s "Protocol is TLSv1.3" \
2459 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2460 -s "received signature algorithm: 0x403" \
2461 -s "got named group: x448(001e)" \
2462 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2463 -C "received HelloRetryRequest message"
2464
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2465requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2466requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2467requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2468requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2469requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2470requires_gnutls_tls1_3
2471requires_gnutls_next_no_ticket
2472requires_gnutls_next_disable_tls13_compat
2473run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2474 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2475 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2476 0 \
2477 -s "Protocol is TLSv1.3" \
2478 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2479 -s "received signature algorithm: 0x503" \
2480 -s "got named group: x448(001e)" \
2481 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2482 -C "received HelloRetryRequest message"
2483
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2484requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2485requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2486requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2487requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2488requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2489requires_gnutls_tls1_3
2490requires_gnutls_next_no_ticket
2491requires_gnutls_next_disable_tls13_compat
2492run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2493 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2494 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2495 0 \
2496 -s "Protocol is TLSv1.3" \
2497 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2498 -s "received signature algorithm: 0x603" \
2499 -s "got named group: x448(001e)" \
2500 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2501 -C "received HelloRetryRequest message"
2502
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2503requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2504requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2505requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2506requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2507requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2508requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2509requires_gnutls_tls1_3
2510requires_gnutls_next_no_ticket
2511requires_gnutls_next_disable_tls13_compat
2512run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2513 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2514 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2515 0 \
2516 -s "Protocol is TLSv1.3" \
2517 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2518 -s "received signature algorithm: 0x804" \
2519 -s "got named group: x448(001e)" \
2520 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2521 -C "received HelloRetryRequest message"
2522
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2523requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2524requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2525requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2526requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2527requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2528requires_gnutls_tls1_3
2529requires_gnutls_next_no_ticket
2530requires_gnutls_next_disable_tls13_compat
2531run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2532 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2533 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2534 0 \
2535 -s "Protocol is TLSv1.3" \
2536 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2537 -s "received signature algorithm: 0x403" \
2538 -s "got named group: secp256r1(0017)" \
2539 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2540 -C "received HelloRetryRequest message"
2541
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2542requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2543requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2544requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2545requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2546requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2547requires_gnutls_tls1_3
2548requires_gnutls_next_no_ticket
2549requires_gnutls_next_disable_tls13_compat
2550run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2551 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2552 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2553 0 \
2554 -s "Protocol is TLSv1.3" \
2555 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2556 -s "received signature algorithm: 0x503" \
2557 -s "got named group: secp256r1(0017)" \
2558 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2559 -C "received HelloRetryRequest message"
2560
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2561requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2562requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2563requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2564requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2565requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2566requires_gnutls_tls1_3
2567requires_gnutls_next_no_ticket
2568requires_gnutls_next_disable_tls13_compat
2569run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2570 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2571 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2572 0 \
2573 -s "Protocol is TLSv1.3" \
2574 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2575 -s "received signature algorithm: 0x603" \
2576 -s "got named group: secp256r1(0017)" \
2577 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2578 -C "received HelloRetryRequest message"
2579
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2580requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2581requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2582requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2583requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2584requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2585requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2586requires_gnutls_tls1_3
2587requires_gnutls_next_no_ticket
2588requires_gnutls_next_disable_tls13_compat
2589run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2590 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2591 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2592 0 \
2593 -s "Protocol is TLSv1.3" \
2594 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2595 -s "received signature algorithm: 0x804" \
2596 -s "got named group: secp256r1(0017)" \
2597 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2598 -C "received HelloRetryRequest message"
2599
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2600requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2601requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2602requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2603requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2604requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2605requires_gnutls_tls1_3
2606requires_gnutls_next_no_ticket
2607requires_gnutls_next_disable_tls13_compat
2608run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2609 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2610 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2611 0 \
2612 -s "Protocol is TLSv1.3" \
2613 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2614 -s "received signature algorithm: 0x403" \
2615 -s "got named group: secp384r1(0018)" \
2616 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2617 -C "received HelloRetryRequest message"
2618
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2619requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2620requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2621requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2622requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2623requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2624requires_gnutls_tls1_3
2625requires_gnutls_next_no_ticket
2626requires_gnutls_next_disable_tls13_compat
2627run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2628 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2629 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2630 0 \
2631 -s "Protocol is TLSv1.3" \
2632 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2633 -s "received signature algorithm: 0x503" \
2634 -s "got named group: secp384r1(0018)" \
2635 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2636 -C "received HelloRetryRequest message"
2637
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2638requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2639requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2640requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2641requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2642requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2643requires_gnutls_tls1_3
2644requires_gnutls_next_no_ticket
2645requires_gnutls_next_disable_tls13_compat
2646run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2647 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2648 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2649 0 \
2650 -s "Protocol is TLSv1.3" \
2651 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2652 -s "received signature algorithm: 0x603" \
2653 -s "got named group: secp384r1(0018)" \
2654 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2655 -C "received HelloRetryRequest message"
2656
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2657requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2658requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2659requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2660requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2661requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2662requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2663requires_gnutls_tls1_3
2664requires_gnutls_next_no_ticket
2665requires_gnutls_next_disable_tls13_compat
2666run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2667 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2668 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2669 0 \
2670 -s "Protocol is TLSv1.3" \
2671 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2672 -s "received signature algorithm: 0x804" \
2673 -s "got named group: secp384r1(0018)" \
2674 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2675 -C "received HelloRetryRequest message"
2676
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2677requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2678requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2679requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2680requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2681requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2682requires_gnutls_tls1_3
2683requires_gnutls_next_no_ticket
2684requires_gnutls_next_disable_tls13_compat
2685run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2686 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2687 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2688 0 \
2689 -s "Protocol is TLSv1.3" \
2690 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2691 -s "received signature algorithm: 0x403" \
2692 -s "got named group: secp521r1(0019)" \
2693 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2694 -C "received HelloRetryRequest message"
2695
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2696requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2697requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2698requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2699requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2700requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2701requires_gnutls_tls1_3
2702requires_gnutls_next_no_ticket
2703requires_gnutls_next_disable_tls13_compat
2704run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2705 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2706 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2707 0 \
2708 -s "Protocol is TLSv1.3" \
2709 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2710 -s "received signature algorithm: 0x503" \
2711 -s "got named group: secp521r1(0019)" \
2712 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2713 -C "received HelloRetryRequest message"
2714
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2715requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2716requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2717requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2718requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2719requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2720requires_gnutls_tls1_3
2721requires_gnutls_next_no_ticket
2722requires_gnutls_next_disable_tls13_compat
2723run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2724 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2725 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2726 0 \
2727 -s "Protocol is TLSv1.3" \
2728 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2729 -s "received signature algorithm: 0x603" \
2730 -s "got named group: secp521r1(0019)" \
2731 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2732 -C "received HelloRetryRequest message"
2733
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2734requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2735requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2736requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2737requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2738requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2739requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2740requires_gnutls_tls1_3
2741requires_gnutls_next_no_ticket
2742requires_gnutls_next_disable_tls13_compat
2743run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2744 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2745 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2746 0 \
2747 -s "Protocol is TLSv1.3" \
2748 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2749 -s "received signature algorithm: 0x804" \
2750 -s "got named group: secp521r1(0019)" \
2751 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2752 -C "received HelloRetryRequest message"
2753
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2754requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2755requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2756requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2757requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2758requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2759requires_gnutls_tls1_3
2760requires_gnutls_next_no_ticket
2761requires_gnutls_next_disable_tls13_compat
2762run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2763 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2764 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2765 0 \
2766 -s "Protocol is TLSv1.3" \
2767 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2768 -s "received signature algorithm: 0x403" \
2769 -s "got named group: x25519(001d)" \
2770 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2771 -C "received HelloRetryRequest message"
2772
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2773requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2774requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2775requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2776requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2777requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2778requires_gnutls_tls1_3
2779requires_gnutls_next_no_ticket
2780requires_gnutls_next_disable_tls13_compat
2781run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2782 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2783 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2784 0 \
2785 -s "Protocol is TLSv1.3" \
2786 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2787 -s "received signature algorithm: 0x503" \
2788 -s "got named group: x25519(001d)" \
2789 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2790 -C "received HelloRetryRequest message"
2791
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2792requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2793requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2794requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2795requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2797requires_gnutls_tls1_3
2798requires_gnutls_next_no_ticket
2799requires_gnutls_next_disable_tls13_compat
2800run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2801 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2802 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2803 0 \
2804 -s "Protocol is TLSv1.3" \
2805 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2806 -s "received signature algorithm: 0x603" \
2807 -s "got named group: x25519(001d)" \
2808 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2809 -C "received HelloRetryRequest message"
2810
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2811requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2812requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2813requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2814requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2815requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2816requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2817requires_gnutls_tls1_3
2818requires_gnutls_next_no_ticket
2819requires_gnutls_next_disable_tls13_compat
2820run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2821 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2822 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2823 0 \
2824 -s "Protocol is TLSv1.3" \
2825 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2826 -s "received signature algorithm: 0x804" \
2827 -s "got named group: x25519(001d)" \
2828 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2829 -C "received HelloRetryRequest message"
2830
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2831requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2832requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2833requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2834requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2835requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2836requires_gnutls_tls1_3
2837requires_gnutls_next_no_ticket
2838requires_gnutls_next_disable_tls13_compat
2839run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2840 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2841 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2842 0 \
2843 -s "Protocol is TLSv1.3" \
2844 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2845 -s "received signature algorithm: 0x403" \
2846 -s "got named group: x448(001e)" \
2847 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2848 -C "received HelloRetryRequest message"
2849
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2850requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2851requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2852requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2853requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2854requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2855requires_gnutls_tls1_3
2856requires_gnutls_next_no_ticket
2857requires_gnutls_next_disable_tls13_compat
2858run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2859 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2860 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2861 0 \
2862 -s "Protocol is TLSv1.3" \
2863 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2864 -s "received signature algorithm: 0x503" \
2865 -s "got named group: x448(001e)" \
2866 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2867 -C "received HelloRetryRequest message"
2868
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2869requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2870requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2871requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2872requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2873requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2874requires_gnutls_tls1_3
2875requires_gnutls_next_no_ticket
2876requires_gnutls_next_disable_tls13_compat
2877run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2878 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2879 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2880 0 \
2881 -s "Protocol is TLSv1.3" \
2882 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2883 -s "received signature algorithm: 0x603" \
2884 -s "got named group: x448(001e)" \
2885 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2886 -C "received HelloRetryRequest message"
2887
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2888requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2889requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2890requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2891requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2892requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2893requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2894requires_gnutls_tls1_3
2895requires_gnutls_next_no_ticket
2896requires_gnutls_next_disable_tls13_compat
2897run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2898 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2899 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2900 0 \
2901 -s "Protocol is TLSv1.3" \
2902 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2903 -s "received signature algorithm: 0x804" \
2904 -s "got named group: x448(001e)" \
2905 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2906 -C "received HelloRetryRequest message"
2907
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2908requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2909requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2910requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2911requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2912requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2913requires_gnutls_tls1_3
2914requires_gnutls_next_no_ticket
2915requires_gnutls_next_disable_tls13_compat
2916run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2917 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2918 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2919 0 \
2920 -s "Protocol is TLSv1.3" \
2921 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2922 -s "received signature algorithm: 0x403" \
2923 -s "got named group: secp256r1(0017)" \
2924 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2925 -C "received HelloRetryRequest message"
2926
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2927requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2928requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2929requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2930requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2931requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2932requires_gnutls_tls1_3
2933requires_gnutls_next_no_ticket
2934requires_gnutls_next_disable_tls13_compat
2935run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2936 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2937 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2938 0 \
2939 -s "Protocol is TLSv1.3" \
2940 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2941 -s "received signature algorithm: 0x503" \
2942 -s "got named group: secp256r1(0017)" \
2943 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2944 -C "received HelloRetryRequest message"
2945
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2946requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2947requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2948requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2949requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2950requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2951requires_gnutls_tls1_3
2952requires_gnutls_next_no_ticket
2953requires_gnutls_next_disable_tls13_compat
2954run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2955 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2956 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2957 0 \
2958 -s "Protocol is TLSv1.3" \
2959 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2960 -s "received signature algorithm: 0x603" \
2961 -s "got named group: secp256r1(0017)" \
2962 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2963 -C "received HelloRetryRequest message"
2964
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2965requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2966requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2967requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2968requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2969requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2970requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2971requires_gnutls_tls1_3
2972requires_gnutls_next_no_ticket
2973requires_gnutls_next_disable_tls13_compat
2974run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2975 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2976 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2977 0 \
2978 -s "Protocol is TLSv1.3" \
2979 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2980 -s "received signature algorithm: 0x804" \
2981 -s "got named group: secp256r1(0017)" \
2982 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2983 -C "received HelloRetryRequest message"
2984
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2985requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]2986requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2987requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]2988requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2989requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2990requires_gnutls_tls1_3
2991requires_gnutls_next_no_ticket
2992requires_gnutls_next_disable_tls13_compat
2993run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]2994 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
2995 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2996 0 \
2997 -s "Protocol is TLSv1.3" \
2998 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2999 -s "received signature algorithm: 0x403" \
3000 -s "got named group: secp384r1(0018)" \
3001 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3002 -C "received HelloRetryRequest message"
3003
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3004requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3005requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3006requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3007requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3008requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3009requires_gnutls_tls1_3
3010requires_gnutls_next_no_ticket
3011requires_gnutls_next_disable_tls13_compat
3012run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3013 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3014 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3015 0 \
3016 -s "Protocol is TLSv1.3" \
3017 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3018 -s "received signature algorithm: 0x503" \
3019 -s "got named group: secp384r1(0018)" \
3020 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3021 -C "received HelloRetryRequest message"
3022
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3023requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3024requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3025requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3026requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3027requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3028requires_gnutls_tls1_3
3029requires_gnutls_next_no_ticket
3030requires_gnutls_next_disable_tls13_compat
3031run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3032 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3033 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3034 0 \
3035 -s "Protocol is TLSv1.3" \
3036 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3037 -s "received signature algorithm: 0x603" \
3038 -s "got named group: secp384r1(0018)" \
3039 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3040 -C "received HelloRetryRequest message"
3041
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3042requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3043requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3044requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3045requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3046requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3047requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3048requires_gnutls_tls1_3
3049requires_gnutls_next_no_ticket
3050requires_gnutls_next_disable_tls13_compat
3051run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3052 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3053 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3054 0 \
3055 -s "Protocol is TLSv1.3" \
3056 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3057 -s "received signature algorithm: 0x804" \
3058 -s "got named group: secp384r1(0018)" \
3059 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3060 -C "received HelloRetryRequest message"
3061
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3062requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3063requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3064requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3065requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3066requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3067requires_gnutls_tls1_3
3068requires_gnutls_next_no_ticket
3069requires_gnutls_next_disable_tls13_compat
3070run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3071 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3072 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3073 0 \
3074 -s "Protocol is TLSv1.3" \
3075 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3076 -s "received signature algorithm: 0x403" \
3077 -s "got named group: secp521r1(0019)" \
3078 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3079 -C "received HelloRetryRequest message"
3080
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3081requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3082requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3083requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3084requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3085requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3086requires_gnutls_tls1_3
3087requires_gnutls_next_no_ticket
3088requires_gnutls_next_disable_tls13_compat
3089run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3090 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3091 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3092 0 \
3093 -s "Protocol is TLSv1.3" \
3094 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3095 -s "received signature algorithm: 0x503" \
3096 -s "got named group: secp521r1(0019)" \
3097 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3098 -C "received HelloRetryRequest message"
3099
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3100requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3101requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3102requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3103requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3104requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3105requires_gnutls_tls1_3
3106requires_gnutls_next_no_ticket
3107requires_gnutls_next_disable_tls13_compat
3108run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3109 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3110 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3111 0 \
3112 -s "Protocol is TLSv1.3" \
3113 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3114 -s "received signature algorithm: 0x603" \
3115 -s "got named group: secp521r1(0019)" \
3116 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3117 -C "received HelloRetryRequest message"
3118
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3119requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3120requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3121requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3122requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3123requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3124requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3125requires_gnutls_tls1_3
3126requires_gnutls_next_no_ticket
3127requires_gnutls_next_disable_tls13_compat
3128run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3129 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3130 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3131 0 \
3132 -s "Protocol is TLSv1.3" \
3133 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3134 -s "received signature algorithm: 0x804" \
3135 -s "got named group: secp521r1(0019)" \
3136 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3137 -C "received HelloRetryRequest message"
3138
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3139requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3140requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3141requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3142requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3143requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3144requires_gnutls_tls1_3
3145requires_gnutls_next_no_ticket
3146requires_gnutls_next_disable_tls13_compat
3147run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3148 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3149 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3150 0 \
3151 -s "Protocol is TLSv1.3" \
3152 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3153 -s "received signature algorithm: 0x403" \
3154 -s "got named group: x25519(001d)" \
3155 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3156 -C "received HelloRetryRequest message"
3157
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3158requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3159requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3160requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3161requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3162requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3163requires_gnutls_tls1_3
3164requires_gnutls_next_no_ticket
3165requires_gnutls_next_disable_tls13_compat
3166run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3167 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3168 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3169 0 \
3170 -s "Protocol is TLSv1.3" \
3171 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3172 -s "received signature algorithm: 0x503" \
3173 -s "got named group: x25519(001d)" \
3174 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3175 -C "received HelloRetryRequest message"
3176
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3177requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3178requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3179requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3180requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3181requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3182requires_gnutls_tls1_3
3183requires_gnutls_next_no_ticket
3184requires_gnutls_next_disable_tls13_compat
3185run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3186 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3187 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3188 0 \
3189 -s "Protocol is TLSv1.3" \
3190 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3191 -s "received signature algorithm: 0x603" \
3192 -s "got named group: x25519(001d)" \
3193 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3194 -C "received HelloRetryRequest message"
3195
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3196requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3197requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3198requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3199requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3200requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3201requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3202requires_gnutls_tls1_3
3203requires_gnutls_next_no_ticket
3204requires_gnutls_next_disable_tls13_compat
3205run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3206 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3207 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3208 0 \
3209 -s "Protocol is TLSv1.3" \
3210 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3211 -s "received signature algorithm: 0x804" \
3212 -s "got named group: x25519(001d)" \
3213 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3214 -C "received HelloRetryRequest message"
3215
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3216requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3217requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3218requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3219requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3221requires_gnutls_tls1_3
3222requires_gnutls_next_no_ticket
3223requires_gnutls_next_disable_tls13_compat
3224run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3225 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3226 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3227 0 \
3228 -s "Protocol is TLSv1.3" \
3229 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3230 -s "received signature algorithm: 0x403" \
3231 -s "got named group: x448(001e)" \
3232 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3233 -C "received HelloRetryRequest message"
3234
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3235requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3236requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3238requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3240requires_gnutls_tls1_3
3241requires_gnutls_next_no_ticket
3242requires_gnutls_next_disable_tls13_compat
3243run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3244 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3245 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3246 0 \
3247 -s "Protocol is TLSv1.3" \
3248 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3249 -s "received signature algorithm: 0x503" \
3250 -s "got named group: x448(001e)" \
3251 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3252 -C "received HelloRetryRequest message"
3253
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3254requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3255requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3256requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3257requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3258requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3259requires_gnutls_tls1_3
3260requires_gnutls_next_no_ticket
3261requires_gnutls_next_disable_tls13_compat
3262run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3263 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3264 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3265 0 \
3266 -s "Protocol is TLSv1.3" \
3267 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3268 -s "received signature algorithm: 0x603" \
3269 -s "got named group: x448(001e)" \
3270 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3271 -C "received HelloRetryRequest message"
3272
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3273requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3274requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3275requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3276requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3277requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3278requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3279requires_gnutls_tls1_3
3280requires_gnutls_next_no_ticket
3281requires_gnutls_next_disable_tls13_compat
3282run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3283 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3284 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3285 0 \
3286 -s "Protocol is TLSv1.3" \
3287 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3288 -s "received signature algorithm: 0x804" \
3289 -s "got named group: x448(001e)" \
3290 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3291 -C "received HelloRetryRequest message"
3292
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3293requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3294requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3295requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3296requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3297requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3298requires_gnutls_tls1_3
3299requires_gnutls_next_no_ticket
3300requires_gnutls_next_disable_tls13_compat
3301run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3302 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3303 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3304 0 \
3305 -s "Protocol is TLSv1.3" \
3306 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3307 -s "received signature algorithm: 0x403" \
3308 -s "got named group: secp256r1(0017)" \
3309 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3310 -C "received HelloRetryRequest message"
3311
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3312requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3313requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3314requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3315requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3316requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3317requires_gnutls_tls1_3
3318requires_gnutls_next_no_ticket
3319requires_gnutls_next_disable_tls13_compat
3320run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3321 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3322 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3323 0 \
3324 -s "Protocol is TLSv1.3" \
3325 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3326 -s "received signature algorithm: 0x503" \
3327 -s "got named group: secp256r1(0017)" \
3328 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3329 -C "received HelloRetryRequest message"
3330
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3331requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3332requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3333requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3334requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3335requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3336requires_gnutls_tls1_3
3337requires_gnutls_next_no_ticket
3338requires_gnutls_next_disable_tls13_compat
3339run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3340 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3341 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3342 0 \
3343 -s "Protocol is TLSv1.3" \
3344 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3345 -s "received signature algorithm: 0x603" \
3346 -s "got named group: secp256r1(0017)" \
3347 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3348 -C "received HelloRetryRequest message"
3349
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3350requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3351requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3352requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3353requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3354requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3355requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3356requires_gnutls_tls1_3
3357requires_gnutls_next_no_ticket
3358requires_gnutls_next_disable_tls13_compat
3359run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3360 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3361 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3362 0 \
3363 -s "Protocol is TLSv1.3" \
3364 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3365 -s "received signature algorithm: 0x804" \
3366 -s "got named group: secp256r1(0017)" \
3367 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3368 -C "received HelloRetryRequest message"
3369
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3370requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3371requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3372requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3373requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3374requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3375requires_gnutls_tls1_3
3376requires_gnutls_next_no_ticket
3377requires_gnutls_next_disable_tls13_compat
3378run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3379 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3380 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3381 0 \
3382 -s "Protocol is TLSv1.3" \
3383 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3384 -s "received signature algorithm: 0x403" \
3385 -s "got named group: secp384r1(0018)" \
3386 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3387 -C "received HelloRetryRequest message"
3388
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3389requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3390requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3391requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3392requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3393requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3394requires_gnutls_tls1_3
3395requires_gnutls_next_no_ticket
3396requires_gnutls_next_disable_tls13_compat
3397run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3398 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3399 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3400 0 \
3401 -s "Protocol is TLSv1.3" \
3402 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3403 -s "received signature algorithm: 0x503" \
3404 -s "got named group: secp384r1(0018)" \
3405 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3406 -C "received HelloRetryRequest message"
3407
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3408requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3409requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3410requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3411requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3412requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3413requires_gnutls_tls1_3
3414requires_gnutls_next_no_ticket
3415requires_gnutls_next_disable_tls13_compat
3416run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3417 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3418 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3419 0 \
3420 -s "Protocol is TLSv1.3" \
3421 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3422 -s "received signature algorithm: 0x603" \
3423 -s "got named group: secp384r1(0018)" \
3424 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3425 -C "received HelloRetryRequest message"
3426
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3427requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3428requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3429requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3430requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3431requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3432requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3433requires_gnutls_tls1_3
3434requires_gnutls_next_no_ticket
3435requires_gnutls_next_disable_tls13_compat
3436run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3437 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3438 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3439 0 \
3440 -s "Protocol is TLSv1.3" \
3441 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3442 -s "received signature algorithm: 0x804" \
3443 -s "got named group: secp384r1(0018)" \
3444 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3445 -C "received HelloRetryRequest message"
3446
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3447requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3448requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3449requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3450requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3451requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3452requires_gnutls_tls1_3
3453requires_gnutls_next_no_ticket
3454requires_gnutls_next_disable_tls13_compat
3455run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3456 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3457 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3458 0 \
3459 -s "Protocol is TLSv1.3" \
3460 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3461 -s "received signature algorithm: 0x403" \
3462 -s "got named group: secp521r1(0019)" \
3463 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3464 -C "received HelloRetryRequest message"
3465
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3466requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3467requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3468requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3469requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3470requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3471requires_gnutls_tls1_3
3472requires_gnutls_next_no_ticket
3473requires_gnutls_next_disable_tls13_compat
3474run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3475 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3476 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3477 0 \
3478 -s "Protocol is TLSv1.3" \
3479 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3480 -s "received signature algorithm: 0x503" \
3481 -s "got named group: secp521r1(0019)" \
3482 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3483 -C "received HelloRetryRequest message"
3484
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3485requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3486requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3487requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3488requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3489requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3490requires_gnutls_tls1_3
3491requires_gnutls_next_no_ticket
3492requires_gnutls_next_disable_tls13_compat
3493run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3494 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3495 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3496 0 \
3497 -s "Protocol is TLSv1.3" \
3498 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3499 -s "received signature algorithm: 0x603" \
3500 -s "got named group: secp521r1(0019)" \
3501 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3502 -C "received HelloRetryRequest message"
3503
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3504requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3505requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3506requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3507requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3508requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3509requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3510requires_gnutls_tls1_3
3511requires_gnutls_next_no_ticket
3512requires_gnutls_next_disable_tls13_compat
3513run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3514 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3515 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3516 0 \
3517 -s "Protocol is TLSv1.3" \
3518 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3519 -s "received signature algorithm: 0x804" \
3520 -s "got named group: secp521r1(0019)" \
3521 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3522 -C "received HelloRetryRequest message"
3523
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3524requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3525requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3526requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3527requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3528requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3529requires_gnutls_tls1_3
3530requires_gnutls_next_no_ticket
3531requires_gnutls_next_disable_tls13_compat
3532run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3533 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3534 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3535 0 \
3536 -s "Protocol is TLSv1.3" \
3537 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3538 -s "received signature algorithm: 0x403" \
3539 -s "got named group: x25519(001d)" \
3540 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3541 -C "received HelloRetryRequest message"
3542
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3543requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3544requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3545requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3546requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3547requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3548requires_gnutls_tls1_3
3549requires_gnutls_next_no_ticket
3550requires_gnutls_next_disable_tls13_compat
3551run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3552 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3553 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3554 0 \
3555 -s "Protocol is TLSv1.3" \
3556 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3557 -s "received signature algorithm: 0x503" \
3558 -s "got named group: x25519(001d)" \
3559 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3560 -C "received HelloRetryRequest message"
3561
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3562requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3563requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3564requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3565requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3566requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3567requires_gnutls_tls1_3
3568requires_gnutls_next_no_ticket
3569requires_gnutls_next_disable_tls13_compat
3570run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3571 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3572 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3573 0 \
3574 -s "Protocol is TLSv1.3" \
3575 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3576 -s "received signature algorithm: 0x603" \
3577 -s "got named group: x25519(001d)" \
3578 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3579 -C "received HelloRetryRequest message"
3580
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3581requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3582requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3583requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3584requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3585requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3586requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3587requires_gnutls_tls1_3
3588requires_gnutls_next_no_ticket
3589requires_gnutls_next_disable_tls13_compat
3590run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3591 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3592 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3593 0 \
3594 -s "Protocol is TLSv1.3" \
3595 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3596 -s "received signature algorithm: 0x804" \
3597 -s "got named group: x25519(001d)" \
3598 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3599 -C "received HelloRetryRequest message"
3600
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3601requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3602requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3603requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3604requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3605requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3606requires_gnutls_tls1_3
3607requires_gnutls_next_no_ticket
3608requires_gnutls_next_disable_tls13_compat
3609run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3610 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3611 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3612 0 \
3613 -s "Protocol is TLSv1.3" \
3614 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3615 -s "received signature algorithm: 0x403" \
3616 -s "got named group: x448(001e)" \
3617 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3618 -C "received HelloRetryRequest message"
3619
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3620requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3621requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3622requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3623requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3624requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3625requires_gnutls_tls1_3
3626requires_gnutls_next_no_ticket
3627requires_gnutls_next_disable_tls13_compat
3628run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3629 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3630 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3631 0 \
3632 -s "Protocol is TLSv1.3" \
3633 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3634 -s "received signature algorithm: 0x503" \
3635 -s "got named group: x448(001e)" \
3636 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3637 -C "received HelloRetryRequest message"
3638
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3639requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3640requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3641requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3642requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3643requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3644requires_gnutls_tls1_3
3645requires_gnutls_next_no_ticket
3646requires_gnutls_next_disable_tls13_compat
3647run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3648 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3649 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3650 0 \
3651 -s "Protocol is TLSv1.3" \
3652 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3653 -s "received signature algorithm: 0x603" \
3654 -s "got named group: x448(001e)" \
3655 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3656 -C "received HelloRetryRequest message"
3657
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3658requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3659requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3660requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3661requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3662requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3663requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3664requires_gnutls_tls1_3
3665requires_gnutls_next_no_ticket
3666requires_gnutls_next_disable_tls13_compat
3667run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3668 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
3669 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3670 0 \
3671 -s "Protocol is TLSv1.3" \
3672 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3673 -s "received signature algorithm: 0x804" \
3674 -s "got named group: x448(001e)" \
3675 -s "Verifying peer X.509 certificate... ok" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3676 -C "received HelloRetryRequest message"
3677
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3678requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3679requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3680requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3681requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3682requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3683requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3684run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3685 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3686 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3687 0 \
3688 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3689 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3690 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3691 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3692 -c "NamedGroup: secp256r1 ( 17 )" \
3693 -c "Verifying peer X.509 certificate... ok" \
3694 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3695
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3696requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3697requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3698requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3699requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3700requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3701requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3702run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3703 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3704 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3705 0 \
3706 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3707 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3708 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3709 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3710 -c "NamedGroup: secp256r1 ( 17 )" \
3711 -c "Verifying peer X.509 certificate... ok" \
3712 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3713
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3714requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3715requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3716requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3717requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3718requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3719requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3720run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3721 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3722 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3723 0 \
3724 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3725 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3726 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3727 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3728 -c "NamedGroup: secp256r1 ( 17 )" \
3729 -c "Verifying peer X.509 certificate... ok" \
3730 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3731
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3732requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3733requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3734requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3735requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3736requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3737requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3738requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3739run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3740 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3741 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3742 0 \
3743 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3744 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3745 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3746 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3747 -c "NamedGroup: secp256r1 ( 17 )" \
3748 -c "Verifying peer X.509 certificate... ok" \
3749 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3750
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3751requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3752requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3753requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3754requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3755requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3756requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3757run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3758 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3759 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3760 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3761 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3762 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3763 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3764 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3765 -c "NamedGroup: secp384r1 ( 18 )" \
3766 -c "Verifying peer X.509 certificate... ok" \
3767 -C "received HelloRetryRequest message"
3768
3769requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3770requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3771requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3772requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3773requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3774requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3775run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3776 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3777 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3778 0 \
3779 -c "HTTP/1.0 200 ok" \
3780 -c "Protocol is TLSv1.3" \
3781 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3782 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3783 -c "NamedGroup: secp384r1 ( 18 )" \
3784 -c "Verifying peer X.509 certificate... ok" \
3785 -C "received HelloRetryRequest message"
3786
3787requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3788requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3789requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3790requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3791requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3792requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3793run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3794 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3795 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3796 0 \
3797 -c "HTTP/1.0 200 ok" \
3798 -c "Protocol is TLSv1.3" \
3799 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3800 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3801 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3802 -c "Verifying peer X.509 certificate... ok" \
3803 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3804
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3805requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3806requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3807requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3808requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3809requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3810requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3811requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3812run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3813 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3814 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3815 0 \
3816 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3817 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3818 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3819 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3820 -c "NamedGroup: secp384r1 ( 18 )" \
3821 -c "Verifying peer X.509 certificate... ok" \
3822 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3823
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3824requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3825requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3826requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3827requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3828requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3829requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3830run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3831 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3832 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3833 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3834 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3835 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3836 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3837 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3838 -c "NamedGroup: secp521r1 ( 19 )" \
3839 -c "Verifying peer X.509 certificate... ok" \
3840 -C "received HelloRetryRequest message"
3841
3842requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3843requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3844requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3845requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3846requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3847requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3848run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3849 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3850 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3851 0 \
3852 -c "HTTP/1.0 200 ok" \
3853 -c "Protocol is TLSv1.3" \
3854 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3855 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3856 -c "NamedGroup: secp521r1 ( 19 )" \
3857 -c "Verifying peer X.509 certificate... ok" \
3858 -C "received HelloRetryRequest message"
3859
3860requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3861requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3862requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3863requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3864requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3865requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3866run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3867 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3868 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3869 0 \
3870 -c "HTTP/1.0 200 ok" \
3871 -c "Protocol is TLSv1.3" \
3872 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3873 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3874 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3875 -c "Verifying peer X.509 certificate... ok" \
3876 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3877
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3878requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3879requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3880requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3881requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3882requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3883requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3884requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3885run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3886 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3887 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3888 0 \
3889 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3890 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3891 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3892 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3893 -c "NamedGroup: secp521r1 ( 19 )" \
3894 -c "Verifying peer X.509 certificate... ok" \
3895 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3896
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3897requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3898requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3899requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3900requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3901requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3902requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3903run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3904 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3905 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3906 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3907 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3908 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3909 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3910 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3911 -c "NamedGroup: x25519 ( 1d )" \
3912 -c "Verifying peer X.509 certificate... ok" \
3913 -C "received HelloRetryRequest message"
3914
3915requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3916requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3917requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3918requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3919requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3920requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3921run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3922 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3923 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3924 0 \
3925 -c "HTTP/1.0 200 ok" \
3926 -c "Protocol is TLSv1.3" \
3927 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3928 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3929 -c "NamedGroup: x25519 ( 1d )" \
3930 -c "Verifying peer X.509 certificate... ok" \
3931 -C "received HelloRetryRequest message"
3932
3933requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3934requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3935requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3936requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3937requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3938requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3939run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3940 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3941 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3942 0 \
3943 -c "HTTP/1.0 200 ok" \
3944 -c "Protocol is TLSv1.3" \
3945 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3946 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3947 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3948 -c "Verifying peer X.509 certificate... ok" \
3949 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3950
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3951requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3952requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3953requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3954requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3955requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3956requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3957requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3958run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3959 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3960 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3961 0 \
3962 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3963 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3964 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3965 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3966 -c "NamedGroup: x25519 ( 1d )" \
3967 -c "Verifying peer X.509 certificate... ok" \
3968 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3969
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3970requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3971requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3972requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3973requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3974requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3975requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3976run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3977 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3978 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3979 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3980 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3981 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3982 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3983 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3984 -c "NamedGroup: x448 ( 1e )" \
3985 -c "Verifying peer X.509 certificate... ok" \
3986 -C "received HelloRetryRequest message"
3987
3988requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3989requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]3990requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3991requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]3992requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3993requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3994run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]3995 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
3996 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3997 0 \
3998 -c "HTTP/1.0 200 ok" \
3999 -c "Protocol is TLSv1.3" \
4000 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4001 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4002 -c "NamedGroup: x448 ( 1e )" \
4003 -c "Verifying peer X.509 certificate... ok" \
4004 -C "received HelloRetryRequest message"
4005
4006requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4007requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4008requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4009requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4010requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4011requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4012run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4013 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4014 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4015 0 \
4016 -c "HTTP/1.0 200 ok" \
4017 -c "Protocol is TLSv1.3" \
4018 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4019 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4020 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4021 -c "Verifying peer X.509 certificate... ok" \
4022 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4023
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4024requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4025requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4026requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4027requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4028requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4029requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4030requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4031run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4032 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4033 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4034 0 \
4035 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4036 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4037 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4038 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4039 -c "NamedGroup: x448 ( 1e )" \
4040 -c "Verifying peer X.509 certificate... ok" \
4041 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4042
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4043requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4044requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4045requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4046requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4047requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4048requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4049run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4050 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4051 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4052 0 \
4053 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4054 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4055 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4056 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4057 -c "NamedGroup: secp256r1 ( 17 )" \
4058 -c "Verifying peer X.509 certificate... ok" \
4059 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4060
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4061requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4062requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4063requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4064requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4065requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4066requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4067run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4068 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4069 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4070 0 \
4071 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4072 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4073 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4074 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4075 -c "NamedGroup: secp256r1 ( 17 )" \
4076 -c "Verifying peer X.509 certificate... ok" \
4077 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4078
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4079requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4080requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4081requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4082requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4083requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4084requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4085run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4086 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4087 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4088 0 \
4089 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4090 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4091 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4092 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4093 -c "NamedGroup: secp256r1 ( 17 )" \
4094 -c "Verifying peer X.509 certificate... ok" \
4095 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4096
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4097requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4098requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4099requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4100requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4101requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4102requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4103requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4104run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4105 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4106 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4107 0 \
4108 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4109 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4110 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4111 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4112 -c "NamedGroup: secp256r1 ( 17 )" \
4113 -c "Verifying peer X.509 certificate... ok" \
4114 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4115
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4116requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4117requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4118requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4119requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4120requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4122run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4123 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4124 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4125 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4126 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4127 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4128 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4129 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4130 -c "NamedGroup: secp384r1 ( 18 )" \
4131 -c "Verifying peer X.509 certificate... ok" \
4132 -C "received HelloRetryRequest message"
4133
4134requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4135requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4136requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4137requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4138requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4139requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4140run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4141 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4142 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4143 0 \
4144 -c "HTTP/1.0 200 ok" \
4145 -c "Protocol is TLSv1.3" \
4146 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4147 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4148 -c "NamedGroup: secp384r1 ( 18 )" \
4149 -c "Verifying peer X.509 certificate... ok" \
4150 -C "received HelloRetryRequest message"
4151
4152requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4153requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4154requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4155requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4156requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4157requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4158run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4159 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4160 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4161 0 \
4162 -c "HTTP/1.0 200 ok" \
4163 -c "Protocol is TLSv1.3" \
4164 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4165 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4166 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4167 -c "Verifying peer X.509 certificate... ok" \
4168 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4169
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4170requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4171requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4172requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4173requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4174requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4175requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4176requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4177run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4178 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4179 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4180 0 \
4181 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4182 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4183 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4184 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4185 -c "NamedGroup: secp384r1 ( 18 )" \
4186 -c "Verifying peer X.509 certificate... ok" \
4187 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4188
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4189requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4190requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4191requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4192requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4193requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4194requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4195run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4196 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4197 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4198 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4199 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4200 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4201 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4202 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4203 -c "NamedGroup: secp521r1 ( 19 )" \
4204 -c "Verifying peer X.509 certificate... ok" \
4205 -C "received HelloRetryRequest message"
4206
4207requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4208requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4209requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4210requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4211requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4212requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4213run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4214 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4215 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4216 0 \
4217 -c "HTTP/1.0 200 ok" \
4218 -c "Protocol is TLSv1.3" \
4219 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4220 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4221 -c "NamedGroup: secp521r1 ( 19 )" \
4222 -c "Verifying peer X.509 certificate... ok" \
4223 -C "received HelloRetryRequest message"
4224
4225requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4226requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4227requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4228requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4229requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4230requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4231run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4232 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4233 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4234 0 \
4235 -c "HTTP/1.0 200 ok" \
4236 -c "Protocol is TLSv1.3" \
4237 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4238 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4239 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4240 -c "Verifying peer X.509 certificate... ok" \
4241 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4242
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4243requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4244requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4245requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4246requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4247requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4248requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4249requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4250run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4251 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4252 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4253 0 \
4254 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4255 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4256 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4257 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4258 -c "NamedGroup: secp521r1 ( 19 )" \
4259 -c "Verifying peer X.509 certificate... ok" \
4260 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4261
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4262requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4263requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4264requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4265requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4266requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4267requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4268run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4269 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4270 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4271 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4272 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4273 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4274 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4275 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4276 -c "NamedGroup: x25519 ( 1d )" \
4277 -c "Verifying peer X.509 certificate... ok" \
4278 -C "received HelloRetryRequest message"
4279
4280requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4281requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4282requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4283requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4284requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4286run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4287 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4288 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4289 0 \
4290 -c "HTTP/1.0 200 ok" \
4291 -c "Protocol is TLSv1.3" \
4292 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4293 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4294 -c "NamedGroup: x25519 ( 1d )" \
4295 -c "Verifying peer X.509 certificate... ok" \
4296 -C "received HelloRetryRequest message"
4297
4298requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4299requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4300requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4301requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4302requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4303requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4304run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4305 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4306 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4307 0 \
4308 -c "HTTP/1.0 200 ok" \
4309 -c "Protocol is TLSv1.3" \
4310 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4311 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4312 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4313 -c "Verifying peer X.509 certificate... ok" \
4314 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4315
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4316requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4317requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4318requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4319requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4320requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4321requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4322requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4323run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4324 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4325 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4326 0 \
4327 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4328 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4329 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4330 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4331 -c "NamedGroup: x25519 ( 1d )" \
4332 -c "Verifying peer X.509 certificate... ok" \
4333 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4334
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4335requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4336requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4337requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4338requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4339requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4340requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4341run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4342 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4343 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4344 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4345 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4346 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4347 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4348 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4349 -c "NamedGroup: x448 ( 1e )" \
4350 -c "Verifying peer X.509 certificate... ok" \
4351 -C "received HelloRetryRequest message"
4352
4353requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4354requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4355requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4356requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4357requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4358requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4359run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4360 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4361 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4362 0 \
4363 -c "HTTP/1.0 200 ok" \
4364 -c "Protocol is TLSv1.3" \
4365 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4366 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4367 -c "NamedGroup: x448 ( 1e )" \
4368 -c "Verifying peer X.509 certificate... ok" \
4369 -C "received HelloRetryRequest message"
4370
4371requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4372requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4373requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4374requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4375requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4376requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4377run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4378 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4379 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4380 0 \
4381 -c "HTTP/1.0 200 ok" \
4382 -c "Protocol is TLSv1.3" \
4383 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4384 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4385 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4386 -c "Verifying peer X.509 certificate... ok" \
4387 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4388
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4389requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4390requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4391requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4392requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4393requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4395requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4396run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4397 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4398 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4399 0 \
4400 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4401 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4402 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4403 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4404 -c "NamedGroup: x448 ( 1e )" \
4405 -c "Verifying peer X.509 certificate... ok" \
4406 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4407
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4408requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4409requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4410requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4411requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4412requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4413requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4414run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4415 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4416 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4417 0 \
4418 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4419 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4420 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4421 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4422 -c "NamedGroup: secp256r1 ( 17 )" \
4423 -c "Verifying peer X.509 certificate... ok" \
4424 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4425
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4426requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4427requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4428requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4429requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4430requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4431requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4432run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4433 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4434 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4435 0 \
4436 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4437 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4438 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4439 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4440 -c "NamedGroup: secp256r1 ( 17 )" \
4441 -c "Verifying peer X.509 certificate... ok" \
4442 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4443
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4444requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4445requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4446requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4447requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4448requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4449requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4450run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4451 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4452 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4453 0 \
4454 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4455 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4456 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4457 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4458 -c "NamedGroup: secp256r1 ( 17 )" \
4459 -c "Verifying peer X.509 certificate... ok" \
4460 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4461
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4462requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4463requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4464requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4465requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4466requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4467requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4468requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4469run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4470 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4471 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4472 0 \
4473 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4474 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4475 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4476 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4477 -c "NamedGroup: secp256r1 ( 17 )" \
4478 -c "Verifying peer X.509 certificate... ok" \
4479 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4480
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4481requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4482requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4483requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4484requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4485requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4486requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4487run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4488 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4489 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4490 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4491 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4492 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4493 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4494 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4495 -c "NamedGroup: secp384r1 ( 18 )" \
4496 -c "Verifying peer X.509 certificate... ok" \
4497 -C "received HelloRetryRequest message"
4498
4499requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4500requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4501requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4502requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4503requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4504requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4505run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4506 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4507 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4508 0 \
4509 -c "HTTP/1.0 200 ok" \
4510 -c "Protocol is TLSv1.3" \
4511 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4512 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4513 -c "NamedGroup: secp384r1 ( 18 )" \
4514 -c "Verifying peer X.509 certificate... ok" \
4515 -C "received HelloRetryRequest message"
4516
4517requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4518requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4519requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4520requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4521requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4522requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4523run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4524 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4525 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4526 0 \
4527 -c "HTTP/1.0 200 ok" \
4528 -c "Protocol is TLSv1.3" \
4529 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4530 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4531 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4532 -c "Verifying peer X.509 certificate... ok" \
4533 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4534
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4535requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4536requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4537requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4538requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4539requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4540requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4541requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4542run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4543 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4544 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4545 0 \
4546 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4547 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4548 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4549 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4550 -c "NamedGroup: secp384r1 ( 18 )" \
4551 -c "Verifying peer X.509 certificate... ok" \
4552 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4553
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4554requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4555requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4556requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4557requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4558requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4559requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4560run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4561 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4562 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4563 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4564 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4565 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4566 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4567 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4568 -c "NamedGroup: secp521r1 ( 19 )" \
4569 -c "Verifying peer X.509 certificate... ok" \
4570 -C "received HelloRetryRequest message"
4571
4572requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4573requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4574requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4575requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4576requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4577requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4578run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4579 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4580 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4581 0 \
4582 -c "HTTP/1.0 200 ok" \
4583 -c "Protocol is TLSv1.3" \
4584 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4585 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4586 -c "NamedGroup: secp521r1 ( 19 )" \
4587 -c "Verifying peer X.509 certificate... ok" \
4588 -C "received HelloRetryRequest message"
4589
4590requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4591requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4592requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4593requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4594requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4595requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4596run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4597 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4598 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4599 0 \
4600 -c "HTTP/1.0 200 ok" \
4601 -c "Protocol is TLSv1.3" \
4602 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4603 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4604 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4605 -c "Verifying peer X.509 certificate... ok" \
4606 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4607
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4608requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4609requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4610requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4611requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4612requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4613requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4614requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4615run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4616 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4617 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4618 0 \
4619 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4620 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4621 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4622 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4623 -c "NamedGroup: secp521r1 ( 19 )" \
4624 -c "Verifying peer X.509 certificate... ok" \
4625 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4626
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4627requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4628requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4629requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4630requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4631requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4632requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4633run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4634 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4635 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4636 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4637 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4638 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4639 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4640 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4641 -c "NamedGroup: x25519 ( 1d )" \
4642 -c "Verifying peer X.509 certificate... ok" \
4643 -C "received HelloRetryRequest message"
4644
4645requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4646requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4647requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4648requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4649requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4650requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4651run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4652 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4653 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4654 0 \
4655 -c "HTTP/1.0 200 ok" \
4656 -c "Protocol is TLSv1.3" \
4657 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4658 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4659 -c "NamedGroup: x25519 ( 1d )" \
4660 -c "Verifying peer X.509 certificate... ok" \
4661 -C "received HelloRetryRequest message"
4662
4663requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4664requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4665requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4666requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4667requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4668requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4669run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4670 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4671 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4672 0 \
4673 -c "HTTP/1.0 200 ok" \
4674 -c "Protocol is TLSv1.3" \
4675 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4676 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4677 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4678 -c "Verifying peer X.509 certificate... ok" \
4679 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4680
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4681requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4682requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4683requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4684requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4685requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4686requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4687requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4688run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4689 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4690 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4691 0 \
4692 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4693 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4694 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4695 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4696 -c "NamedGroup: x25519 ( 1d )" \
4697 -c "Verifying peer X.509 certificate... ok" \
4698 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4699
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4700requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4701requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4702requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4703requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4704requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4705requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4706run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4707 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4708 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4709 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4710 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4711 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4712 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4713 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4714 -c "NamedGroup: x448 ( 1e )" \
4715 -c "Verifying peer X.509 certificate... ok" \
4716 -C "received HelloRetryRequest message"
4717
4718requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4719requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4720requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4721requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4722requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4723requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4724run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4725 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4726 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4727 0 \
4728 -c "HTTP/1.0 200 ok" \
4729 -c "Protocol is TLSv1.3" \
4730 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4731 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4732 -c "NamedGroup: x448 ( 1e )" \
4733 -c "Verifying peer X.509 certificate... ok" \
4734 -C "received HelloRetryRequest message"
4735
4736requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4737requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4738requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4739requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4740requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4741requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4742run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4743 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4744 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4745 0 \
4746 -c "HTTP/1.0 200 ok" \
4747 -c "Protocol is TLSv1.3" \
4748 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4749 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4750 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4751 -c "Verifying peer X.509 certificate... ok" \
4752 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4753
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4754requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4755requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4756requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4757requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4758requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4759requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4760requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4761run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4762 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4763 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4764 0 \
4765 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4766 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4767 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4768 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4769 -c "NamedGroup: x448 ( 1e )" \
4770 -c "Verifying peer X.509 certificate... ok" \
4771 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4772
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4773requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4774requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4775requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4776requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4777requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4778requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4779run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4780 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4781 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4782 0 \
4783 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4784 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4785 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4786 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4787 -c "NamedGroup: secp256r1 ( 17 )" \
4788 -c "Verifying peer X.509 certificate... ok" \
4789 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4790
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4791requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4792requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4793requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4794requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4795requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4797run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4798 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4799 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4800 0 \
4801 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4802 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4803 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4804 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4805 -c "NamedGroup: secp256r1 ( 17 )" \
4806 -c "Verifying peer X.509 certificate... ok" \
4807 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4808
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4809requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4810requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4811requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4812requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4813requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4814requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4815run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4816 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4817 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4818 0 \
4819 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4820 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4821 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4822 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4823 -c "NamedGroup: secp256r1 ( 17 )" \
4824 -c "Verifying peer X.509 certificate... ok" \
4825 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4826
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4827requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4828requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4829requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4830requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4831requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4832requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4833requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4834run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4835 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4836 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4837 0 \
4838 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4839 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4840 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4841 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4842 -c "NamedGroup: secp256r1 ( 17 )" \
4843 -c "Verifying peer X.509 certificate... ok" \
4844 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4845
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4846requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4847requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4848requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4849requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4850requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4851requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4852run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4853 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4854 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4855 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4856 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4857 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4858 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4859 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4860 -c "NamedGroup: secp384r1 ( 18 )" \
4861 -c "Verifying peer X.509 certificate... ok" \
4862 -C "received HelloRetryRequest message"
4863
4864requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4865requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4866requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4867requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4868requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4869requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4870run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4871 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4872 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4873 0 \
4874 -c "HTTP/1.0 200 ok" \
4875 -c "Protocol is TLSv1.3" \
4876 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4877 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4878 -c "NamedGroup: secp384r1 ( 18 )" \
4879 -c "Verifying peer X.509 certificate... ok" \
4880 -C "received HelloRetryRequest message"
4881
4882requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4883requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4884requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4885requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4886requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4887requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4888run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4889 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4890 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4891 0 \
4892 -c "HTTP/1.0 200 ok" \
4893 -c "Protocol is TLSv1.3" \
4894 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4895 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4896 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4897 -c "Verifying peer X.509 certificate... ok" \
4898 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4899
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4900requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4901requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4902requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4903requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4904requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4905requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4906requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4907run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4908 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4909 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4910 0 \
4911 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4912 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4913 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4914 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4915 -c "NamedGroup: secp384r1 ( 18 )" \
4916 -c "Verifying peer X.509 certificate... ok" \
4917 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4918
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4919requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4920requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4921requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4922requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4923requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4924requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4925run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4926 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4927 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4928 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4929 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4930 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4931 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4932 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4933 -c "NamedGroup: secp521r1 ( 19 )" \
4934 -c "Verifying peer X.509 certificate... ok" \
4935 -C "received HelloRetryRequest message"
4936
4937requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4938requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4939requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4940requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4941requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4942requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4943run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4944 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4945 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4946 0 \
4947 -c "HTTP/1.0 200 ok" \
4948 -c "Protocol is TLSv1.3" \
4949 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4950 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4951 -c "NamedGroup: secp521r1 ( 19 )" \
4952 -c "Verifying peer X.509 certificate... ok" \
4953 -C "received HelloRetryRequest message"
4954
4955requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4956requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4957requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4958requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4959requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4960requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4961run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4962 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4963 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4964 0 \
4965 -c "HTTP/1.0 200 ok" \
4966 -c "Protocol is TLSv1.3" \
4967 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4968 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4969 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4970 -c "Verifying peer X.509 certificate... ok" \
4971 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4972
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4973requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4974requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4975requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4976requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4977requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4978requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4979requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4980run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4981 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
4982 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4983 0 \
4984 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4985 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4986 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4987 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4988 -c "NamedGroup: secp521r1 ( 19 )" \
4989 -c "Verifying peer X.509 certificate... ok" \
4990 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4991
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4992requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4993requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]4994requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4995requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]4996requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4997requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4998run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]4999 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5000 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5001 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5002 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5003 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5004 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5005 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5006 -c "NamedGroup: x25519 ( 1d )" \
5007 -c "Verifying peer X.509 certificate... ok" \
5008 -C "received HelloRetryRequest message"
5009
5010requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5011requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5012requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5013requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5014requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5015requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5016run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5017 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5018 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5019 0 \
5020 -c "HTTP/1.0 200 ok" \
5021 -c "Protocol is TLSv1.3" \
5022 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5023 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5024 -c "NamedGroup: x25519 ( 1d )" \
5025 -c "Verifying peer X.509 certificate... ok" \
5026 -C "received HelloRetryRequest message"
5027
5028requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5029requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5030requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5031requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5032requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5033requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5034run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5035 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5036 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5037 0 \
5038 -c "HTTP/1.0 200 ok" \
5039 -c "Protocol is TLSv1.3" \
5040 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5041 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5042 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5043 -c "Verifying peer X.509 certificate... ok" \
5044 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5045
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5046requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5047requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5048requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5049requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5050requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5051requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5052requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5053run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5054 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5055 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5056 0 \
5057 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5058 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5059 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5060 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5061 -c "NamedGroup: x25519 ( 1d )" \
5062 -c "Verifying peer X.509 certificate... ok" \
5063 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5064
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5065requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5066requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5067requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5068requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5069requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5070requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5071run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5072 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5073 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5074 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5075 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5076 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5077 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5078 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5079 -c "NamedGroup: x448 ( 1e )" \
5080 -c "Verifying peer X.509 certificate... ok" \
5081 -C "received HelloRetryRequest message"
5082
5083requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5084requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5085requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5086requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5087requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5088requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5089run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5090 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5091 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5092 0 \
5093 -c "HTTP/1.0 200 ok" \
5094 -c "Protocol is TLSv1.3" \
5095 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5096 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5097 -c "NamedGroup: x448 ( 1e )" \
5098 -c "Verifying peer X.509 certificate... ok" \
5099 -C "received HelloRetryRequest message"
5100
5101requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5102requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5103requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5104requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5105requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5106requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5107run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5108 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5109 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5110 0 \
5111 -c "HTTP/1.0 200 ok" \
5112 -c "Protocol is TLSv1.3" \
5113 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5114 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5115 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5116 -c "Verifying peer X.509 certificate... ok" \
5117 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5118
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5119requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5120requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5121requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5122requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5123requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5124requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5125requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5126run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5127 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5128 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5129 0 \
5130 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5131 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5132 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5133 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5134 -c "NamedGroup: x448 ( 1e )" \
5135 -c "Verifying peer X.509 certificate... ok" \
5136 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5137
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5138requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5139requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5140requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5141requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5142requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5143requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5144run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5145 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5146 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5147 0 \
5148 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5149 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5150 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5151 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5152 -c "NamedGroup: secp256r1 ( 17 )" \
5153 -c "Verifying peer X.509 certificate... ok" \
5154 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5155
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5156requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5157requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5158requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5159requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5160requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5162run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5163 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5164 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5165 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5166 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5167 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5168 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5169 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5170 -c "NamedGroup: secp256r1 ( 17 )" \
5171 -c "Verifying peer X.509 certificate... ok" \
5172 -C "received HelloRetryRequest message"
5173
5174requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5175requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5176requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5177requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5178requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5180run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5181 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5182 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5183 0 \
5184 -c "HTTP/1.0 200 ok" \
5185 -c "Protocol is TLSv1.3" \
5186 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5187 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5188 -c "NamedGroup: secp256r1 ( 17 )" \
5189 -c "Verifying peer X.509 certificate... ok" \
5190 -C "received HelloRetryRequest message"
5191
5192requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5193requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5194requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5195requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5196requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5197requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5198requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5199run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5200 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5201 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5202 0 \
5203 -c "HTTP/1.0 200 ok" \
5204 -c "Protocol is TLSv1.3" \
5205 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5206 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5207 -c "NamedGroup: secp256r1 ( 17 )" \
5208 -c "Verifying peer X.509 certificate... ok" \
5209 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5210
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5211requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5212requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5213requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5214requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5215requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5216requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5217run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5218 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5219 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5220 0 \
5221 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5222 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5223 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5224 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5225 -c "NamedGroup: secp384r1 ( 18 )" \
5226 -c "Verifying peer X.509 certificate... ok" \
5227 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5228
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5229requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5230requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5231requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5232requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5233requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5234requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5235run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5236 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5237 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5238 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5239 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5240 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5241 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5242 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5243 -c "NamedGroup: secp384r1 ( 18 )" \
5244 -c "Verifying peer X.509 certificate... ok" \
5245 -C "received HelloRetryRequest message"
5246
5247requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5248requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5249requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5250requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5251requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5252requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5253run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5254 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5255 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5256 0 \
5257 -c "HTTP/1.0 200 ok" \
5258 -c "Protocol is TLSv1.3" \
5259 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5260 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5261 -c "NamedGroup: secp384r1 ( 18 )" \
5262 -c "Verifying peer X.509 certificate... ok" \
5263 -C "received HelloRetryRequest message"
5264
5265requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5266requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5267requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5268requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5269requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5270requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5271requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5272run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5273 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5274 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5275 0 \
5276 -c "HTTP/1.0 200 ok" \
5277 -c "Protocol is TLSv1.3" \
5278 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5279 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5280 -c "NamedGroup: secp384r1 ( 18 )" \
5281 -c "Verifying peer X.509 certificate... ok" \
5282 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5283
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5284requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5285requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5286requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5287requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5288requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5289requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5290run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5291 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5292 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5293 0 \
5294 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5295 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5296 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5297 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5298 -c "NamedGroup: secp521r1 ( 19 )" \
5299 -c "Verifying peer X.509 certificate... ok" \
5300 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5301
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5302requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5303requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5304requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5305requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5306requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5307requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5308run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5309 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5310 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5311 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5312 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5313 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5314 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5315 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5316 -c "NamedGroup: secp521r1 ( 19 )" \
5317 -c "Verifying peer X.509 certificate... ok" \
5318 -C "received HelloRetryRequest message"
5319
5320requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5321requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5322requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5323requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5324requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5326run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5327 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5328 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5329 0 \
5330 -c "HTTP/1.0 200 ok" \
5331 -c "Protocol is TLSv1.3" \
5332 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5333 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5334 -c "NamedGroup: secp521r1 ( 19 )" \
5335 -c "Verifying peer X.509 certificate... ok" \
5336 -C "received HelloRetryRequest message"
5337
5338requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5339requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5340requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5341requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5342requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5343requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5344requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5345run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5346 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5347 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5348 0 \
5349 -c "HTTP/1.0 200 ok" \
5350 -c "Protocol is TLSv1.3" \
5351 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5352 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5353 -c "NamedGroup: secp521r1 ( 19 )" \
5354 -c "Verifying peer X.509 certificate... ok" \
5355 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5356
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5357requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5358requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5359requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5360requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5361requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5362requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5363run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5364 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5365 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5366 0 \
5367 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5368 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5369 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5370 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5371 -c "NamedGroup: x25519 ( 1d )" \
5372 -c "Verifying peer X.509 certificate... ok" \
5373 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5374
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5375requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5376requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5377requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5378requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5379requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5380requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5381run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5382 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5383 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5384 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5385 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5386 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5387 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5388 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5389 -c "NamedGroup: x25519 ( 1d )" \
5390 -c "Verifying peer X.509 certificate... ok" \
5391 -C "received HelloRetryRequest message"
5392
5393requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5394requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5395requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5396requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5397requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5398requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5399run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5400 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5401 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5402 0 \
5403 -c "HTTP/1.0 200 ok" \
5404 -c "Protocol is TLSv1.3" \
5405 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5406 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5407 -c "NamedGroup: x25519 ( 1d )" \
5408 -c "Verifying peer X.509 certificate... ok" \
5409 -C "received HelloRetryRequest message"
5410
5411requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5412requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5413requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5414requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5415requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5416requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5417requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5418run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5419 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5420 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5421 0 \
5422 -c "HTTP/1.0 200 ok" \
5423 -c "Protocol is TLSv1.3" \
5424 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5425 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5426 -c "NamedGroup: x25519 ( 1d )" \
5427 -c "Verifying peer X.509 certificate... ok" \
5428 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5429
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5430requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5431requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5432requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5433requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5434requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5435requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5436run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5437 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5438 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5439 0 \
5440 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5441 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5442 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5443 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5444 -c "NamedGroup: x448 ( 1e )" \
5445 -c "Verifying peer X.509 certificate... ok" \
5446 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5447
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5448requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5449requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5450requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5451requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5452requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5453requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5454run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5455 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5456 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5457 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5458 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5459 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5460 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5461 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5462 -c "NamedGroup: x448 ( 1e )" \
5463 -c "Verifying peer X.509 certificate... ok" \
5464 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5465
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5466requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5467requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5468requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5469requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5470requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5471requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5472run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5473 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5474 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5475 0 \
5476 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5477 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5478 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5479 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5480 -c "NamedGroup: x448 ( 1e )" \
5481 -c "Verifying peer X.509 certificate... ok" \
5482 -C "received HelloRetryRequest message"
5483
5484requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5485requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5486requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5487requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5488requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5489requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5490requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5491run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5492 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
5493 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5494 0 \
5495 -c "HTTP/1.0 200 ok" \
5496 -c "Protocol is TLSv1.3" \
5497 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5498 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5499 -c "NamedGroup: x448 ( 1e )" \
5500 -c "Verifying peer X.509 certificate... ok" \
5501 -C "received HelloRetryRequest message"
5502
5503requires_gnutls_tls1_3
5504requires_gnutls_next_no_ticket
5505requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5506requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5507requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5508requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5509requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5510requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5511run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5512 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5513 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5514 0 \
5515 -c "HTTP/1.0 200 OK" \
5516 -c "Protocol is TLSv1.3" \
5517 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5518 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5519 -c "NamedGroup: secp256r1 ( 17 )" \
5520 -c "Verifying peer X.509 certificate... ok" \
5521 -C "received HelloRetryRequest message"
5522
5523requires_gnutls_tls1_3
5524requires_gnutls_next_no_ticket
5525requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5526requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5527requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5528requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5529requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5530requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5531run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5532 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5533 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5534 0 \
5535 -c "HTTP/1.0 200 OK" \
5536 -c "Protocol is TLSv1.3" \
5537 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5538 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5539 -c "NamedGroup: secp256r1 ( 17 )" \
5540 -c "Verifying peer X.509 certificate... ok" \
5541 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5542
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5543requires_gnutls_tls1_3
5544requires_gnutls_next_no_ticket
5545requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5546requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5547requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5548requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5549requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5550requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5551run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5552 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5553 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5554 0 \
5555 -c "HTTP/1.0 200 OK" \
5556 -c "Protocol is TLSv1.3" \
5557 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5558 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5559 -c "NamedGroup: secp256r1 ( 17 )" \
5560 -c "Verifying peer X.509 certificate... ok" \
5561 -C "received HelloRetryRequest message"
5562
5563requires_gnutls_tls1_3
5564requires_gnutls_next_no_ticket
5565requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5566requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5567requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5568requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5569requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5570requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5571requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5572run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5573 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5574 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5575 0 \
5576 -c "HTTP/1.0 200 OK" \
5577 -c "Protocol is TLSv1.3" \
5578 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5579 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5580 -c "NamedGroup: secp256r1 ( 17 )" \
5581 -c "Verifying peer X.509 certificate... ok" \
5582 -C "received HelloRetryRequest message"
5583
5584requires_gnutls_tls1_3
5585requires_gnutls_next_no_ticket
5586requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5587requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5588requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5589requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5590requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5591requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5592run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5593 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5594 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5595 0 \
5596 -c "HTTP/1.0 200 OK" \
5597 -c "Protocol is TLSv1.3" \
5598 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5599 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5600 -c "NamedGroup: secp384r1 ( 18 )" \
5601 -c "Verifying peer X.509 certificate... ok" \
5602 -C "received HelloRetryRequest message"
5603
5604requires_gnutls_tls1_3
5605requires_gnutls_next_no_ticket
5606requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5607requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5608requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5609requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5610requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5611requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5612run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5613 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5614 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5615 0 \
5616 -c "HTTP/1.0 200 OK" \
5617 -c "Protocol is TLSv1.3" \
5618 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5619 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5620 -c "NamedGroup: secp384r1 ( 18 )" \
5621 -c "Verifying peer X.509 certificate... ok" \
5622 -C "received HelloRetryRequest message"
5623
5624requires_gnutls_tls1_3
5625requires_gnutls_next_no_ticket
5626requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5627requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5628requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5629requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5630requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5631requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5632run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5633 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5634 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5635 0 \
5636 -c "HTTP/1.0 200 OK" \
5637 -c "Protocol is TLSv1.3" \
5638 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5639 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5640 -c "NamedGroup: secp384r1 ( 18 )" \
5641 -c "Verifying peer X.509 certificate... ok" \
5642 -C "received HelloRetryRequest message"
5643
5644requires_gnutls_tls1_3
5645requires_gnutls_next_no_ticket
5646requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5647requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5648requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5649requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5650requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5651requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5652requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5653run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5654 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5655 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5656 0 \
5657 -c "HTTP/1.0 200 OK" \
5658 -c "Protocol is TLSv1.3" \
5659 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5660 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5661 -c "NamedGroup: secp384r1 ( 18 )" \
5662 -c "Verifying peer X.509 certificate... ok" \
5663 -C "received HelloRetryRequest message"
5664
5665requires_gnutls_tls1_3
5666requires_gnutls_next_no_ticket
5667requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5668requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5669requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5670requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5671requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5672requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5673run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5674 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5675 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5676 0 \
5677 -c "HTTP/1.0 200 OK" \
5678 -c "Protocol is TLSv1.3" \
5679 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5680 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5681 -c "NamedGroup: secp521r1 ( 19 )" \
5682 -c "Verifying peer X.509 certificate... ok" \
5683 -C "received HelloRetryRequest message"
5684
5685requires_gnutls_tls1_3
5686requires_gnutls_next_no_ticket
5687requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5688requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5689requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5690requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5691requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5692requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5693run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5694 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5695 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5696 0 \
5697 -c "HTTP/1.0 200 OK" \
5698 -c "Protocol is TLSv1.3" \
5699 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5700 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5701 -c "NamedGroup: secp521r1 ( 19 )" \
5702 -c "Verifying peer X.509 certificate... ok" \
5703 -C "received HelloRetryRequest message"
5704
5705requires_gnutls_tls1_3
5706requires_gnutls_next_no_ticket
5707requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5708requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5709requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5710requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5711requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5712requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5713run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5714 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5715 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5716 0 \
5717 -c "HTTP/1.0 200 OK" \
5718 -c "Protocol is TLSv1.3" \
5719 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5720 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5721 -c "NamedGroup: secp521r1 ( 19 )" \
5722 -c "Verifying peer X.509 certificate... ok" \
5723 -C "received HelloRetryRequest message"
5724
5725requires_gnutls_tls1_3
5726requires_gnutls_next_no_ticket
5727requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5728requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5729requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5730requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5731requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5732requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5733requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5734run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5735 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5736 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5737 0 \
5738 -c "HTTP/1.0 200 OK" \
5739 -c "Protocol is TLSv1.3" \
5740 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5741 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5742 -c "NamedGroup: secp521r1 ( 19 )" \
5743 -c "Verifying peer X.509 certificate... ok" \
5744 -C "received HelloRetryRequest message"
5745
5746requires_gnutls_tls1_3
5747requires_gnutls_next_no_ticket
5748requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5749requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5750requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5751requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5752requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5753requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5754run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5755 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5756 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5757 0 \
5758 -c "HTTP/1.0 200 OK" \
5759 -c "Protocol is TLSv1.3" \
5760 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5761 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5762 -c "NamedGroup: x25519 ( 1d )" \
5763 -c "Verifying peer X.509 certificate... ok" \
5764 -C "received HelloRetryRequest message"
5765
5766requires_gnutls_tls1_3
5767requires_gnutls_next_no_ticket
5768requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5769requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5770requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5771requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5772requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5773requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5774run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5775 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5776 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5777 0 \
5778 -c "HTTP/1.0 200 OK" \
5779 -c "Protocol is TLSv1.3" \
5780 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5781 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5782 -c "NamedGroup: x25519 ( 1d )" \
5783 -c "Verifying peer X.509 certificate... ok" \
5784 -C "received HelloRetryRequest message"
5785
5786requires_gnutls_tls1_3
5787requires_gnutls_next_no_ticket
5788requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5789requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5790requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5791requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5792requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5793requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5794run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5795 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5796 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5797 0 \
5798 -c "HTTP/1.0 200 OK" \
5799 -c "Protocol is TLSv1.3" \
5800 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5801 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5802 -c "NamedGroup: x25519 ( 1d )" \
5803 -c "Verifying peer X.509 certificate... ok" \
5804 -C "received HelloRetryRequest message"
5805
5806requires_gnutls_tls1_3
5807requires_gnutls_next_no_ticket
5808requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5809requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5810requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5811requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5812requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5813requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5814requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5815run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5816 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5817 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5818 0 \
5819 -c "HTTP/1.0 200 OK" \
5820 -c "Protocol is TLSv1.3" \
5821 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5822 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5823 -c "NamedGroup: x25519 ( 1d )" \
5824 -c "Verifying peer X.509 certificate... ok" \
5825 -C "received HelloRetryRequest message"
5826
5827requires_gnutls_tls1_3
5828requires_gnutls_next_no_ticket
5829requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5830requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5831requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5832requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5833requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5834requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5835run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5836 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5837 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5838 0 \
5839 -c "HTTP/1.0 200 OK" \
5840 -c "Protocol is TLSv1.3" \
5841 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5842 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5843 -c "NamedGroup: x448 ( 1e )" \
5844 -c "Verifying peer X.509 certificate... ok" \
5845 -C "received HelloRetryRequest message"
5846
5847requires_gnutls_tls1_3
5848requires_gnutls_next_no_ticket
5849requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5850requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5851requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5852requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5853requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5854requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5855run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5856 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5857 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5858 0 \
5859 -c "HTTP/1.0 200 OK" \
5860 -c "Protocol is TLSv1.3" \
5861 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5862 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5863 -c "NamedGroup: x448 ( 1e )" \
5864 -c "Verifying peer X.509 certificate... ok" \
5865 -C "received HelloRetryRequest message"
5866
5867requires_gnutls_tls1_3
5868requires_gnutls_next_no_ticket
5869requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5870requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5871requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5872requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5873requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5874requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5875run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5876 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5877 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5878 0 \
5879 -c "HTTP/1.0 200 OK" \
5880 -c "Protocol is TLSv1.3" \
5881 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5882 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5883 -c "NamedGroup: x448 ( 1e )" \
5884 -c "Verifying peer X.509 certificate... ok" \
5885 -C "received HelloRetryRequest message"
5886
5887requires_gnutls_tls1_3
5888requires_gnutls_next_no_ticket
5889requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5890requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5891requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5892requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5893requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5894requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5895requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5896run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5897 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5898 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5899 0 \
5900 -c "HTTP/1.0 200 OK" \
5901 -c "Protocol is TLSv1.3" \
5902 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5903 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5904 -c "NamedGroup: x448 ( 1e )" \
5905 -c "Verifying peer X.509 certificate... ok" \
5906 -C "received HelloRetryRequest message"
5907
5908requires_gnutls_tls1_3
5909requires_gnutls_next_no_ticket
5910requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5911requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5912requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5913requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5914requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5915requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5916run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5917 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5918 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5919 0 \
5920 -c "HTTP/1.0 200 OK" \
5921 -c "Protocol is TLSv1.3" \
5922 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5923 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5924 -c "NamedGroup: secp256r1 ( 17 )" \
5925 -c "Verifying peer X.509 certificate... ok" \
5926 -C "received HelloRetryRequest message"
5927
5928requires_gnutls_tls1_3
5929requires_gnutls_next_no_ticket
5930requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5931requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5932requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5933requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5934requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5935requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5936run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5937 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5938 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5939 0 \
5940 -c "HTTP/1.0 200 OK" \
5941 -c "Protocol is TLSv1.3" \
5942 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5943 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5944 -c "NamedGroup: secp256r1 ( 17 )" \
5945 -c "Verifying peer X.509 certificate... ok" \
5946 -C "received HelloRetryRequest message"
5947
5948requires_gnutls_tls1_3
5949requires_gnutls_next_no_ticket
5950requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5951requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5952requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5953requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5954requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5955requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5956run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5957 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5958 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5959 0 \
5960 -c "HTTP/1.0 200 OK" \
5961 -c "Protocol is TLSv1.3" \
5962 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5963 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5964 -c "NamedGroup: secp256r1 ( 17 )" \
5965 -c "Verifying peer X.509 certificate... ok" \
5966 -C "received HelloRetryRequest message"
5967
5968requires_gnutls_tls1_3
5969requires_gnutls_next_no_ticket
5970requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5971requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5972requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5973requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5974requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5975requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5976requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5977run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5978 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5979 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5980 0 \
5981 -c "HTTP/1.0 200 OK" \
5982 -c "Protocol is TLSv1.3" \
5983 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5984 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5985 -c "NamedGroup: secp256r1 ( 17 )" \
5986 -c "Verifying peer X.509 certificate... ok" \
5987 -C "received HelloRetryRequest message"
5988
5989requires_gnutls_tls1_3
5990requires_gnutls_next_no_ticket
5991requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5992requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]5993requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5994requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]5995requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5996requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5997run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5998 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]5999 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6000 0 \
6001 -c "HTTP/1.0 200 OK" \
6002 -c "Protocol is TLSv1.3" \
6003 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6004 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6005 -c "NamedGroup: secp384r1 ( 18 )" \
6006 -c "Verifying peer X.509 certificate... ok" \
6007 -C "received HelloRetryRequest message"
6008
6009requires_gnutls_tls1_3
6010requires_gnutls_next_no_ticket
6011requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6012requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6013requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6014requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6015requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6016requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6017run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6018 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6019 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6020 0 \
6021 -c "HTTP/1.0 200 OK" \
6022 -c "Protocol is TLSv1.3" \
6023 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6024 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6025 -c "NamedGroup: secp384r1 ( 18 )" \
6026 -c "Verifying peer X.509 certificate... ok" \
6027 -C "received HelloRetryRequest message"
6028
6029requires_gnutls_tls1_3
6030requires_gnutls_next_no_ticket
6031requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6032requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6033requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6034requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6035requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6036requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6037run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6038 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6039 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6040 0 \
6041 -c "HTTP/1.0 200 OK" \
6042 -c "Protocol is TLSv1.3" \
6043 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6044 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6045 -c "NamedGroup: secp384r1 ( 18 )" \
6046 -c "Verifying peer X.509 certificate... ok" \
6047 -C "received HelloRetryRequest message"
6048
6049requires_gnutls_tls1_3
6050requires_gnutls_next_no_ticket
6051requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6052requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6053requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6054requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6055requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6056requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6057requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6058run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6059 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6060 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6061 0 \
6062 -c "HTTP/1.0 200 OK" \
6063 -c "Protocol is TLSv1.3" \
6064 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6065 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6066 -c "NamedGroup: secp384r1 ( 18 )" \
6067 -c "Verifying peer X.509 certificate... ok" \
6068 -C "received HelloRetryRequest message"
6069
6070requires_gnutls_tls1_3
6071requires_gnutls_next_no_ticket
6072requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6073requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6074requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6075requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6076requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6077requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6078run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6079 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6080 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6081 0 \
6082 -c "HTTP/1.0 200 OK" \
6083 -c "Protocol is TLSv1.3" \
6084 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6085 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6086 -c "NamedGroup: secp521r1 ( 19 )" \
6087 -c "Verifying peer X.509 certificate... ok" \
6088 -C "received HelloRetryRequest message"
6089
6090requires_gnutls_tls1_3
6091requires_gnutls_next_no_ticket
6092requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6093requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6094requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6095requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6096requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6097requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6098run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6099 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6100 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6101 0 \
6102 -c "HTTP/1.0 200 OK" \
6103 -c "Protocol is TLSv1.3" \
6104 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6105 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6106 -c "NamedGroup: secp521r1 ( 19 )" \
6107 -c "Verifying peer X.509 certificate... ok" \
6108 -C "received HelloRetryRequest message"
6109
6110requires_gnutls_tls1_3
6111requires_gnutls_next_no_ticket
6112requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6113requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6114requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6115requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6116requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6117requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6118run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6119 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6120 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6121 0 \
6122 -c "HTTP/1.0 200 OK" \
6123 -c "Protocol is TLSv1.3" \
6124 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6125 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6126 -c "NamedGroup: secp521r1 ( 19 )" \
6127 -c "Verifying peer X.509 certificate... ok" \
6128 -C "received HelloRetryRequest message"
6129
6130requires_gnutls_tls1_3
6131requires_gnutls_next_no_ticket
6132requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6133requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6134requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6135requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6136requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6137requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6138requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6139run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6140 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6141 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6142 0 \
6143 -c "HTTP/1.0 200 OK" \
6144 -c "Protocol is TLSv1.3" \
6145 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6146 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6147 -c "NamedGroup: secp521r1 ( 19 )" \
6148 -c "Verifying peer X.509 certificate... ok" \
6149 -C "received HelloRetryRequest message"
6150
6151requires_gnutls_tls1_3
6152requires_gnutls_next_no_ticket
6153requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6154requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6155requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6156requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6157requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6158requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6159run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6160 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6161 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6162 0 \
6163 -c "HTTP/1.0 200 OK" \
6164 -c "Protocol is TLSv1.3" \
6165 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6166 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6167 -c "NamedGroup: x25519 ( 1d )" \
6168 -c "Verifying peer X.509 certificate... ok" \
6169 -C "received HelloRetryRequest message"
6170
6171requires_gnutls_tls1_3
6172requires_gnutls_next_no_ticket
6173requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6174requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6175requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6176requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6177requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6178requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6179run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6180 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6181 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6182 0 \
6183 -c "HTTP/1.0 200 OK" \
6184 -c "Protocol is TLSv1.3" \
6185 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6186 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6187 -c "NamedGroup: x25519 ( 1d )" \
6188 -c "Verifying peer X.509 certificate... ok" \
6189 -C "received HelloRetryRequest message"
6190
6191requires_gnutls_tls1_3
6192requires_gnutls_next_no_ticket
6193requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6194requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6195requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6196requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6197requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6198requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6199run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6200 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6201 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6202 0 \
6203 -c "HTTP/1.0 200 OK" \
6204 -c "Protocol is TLSv1.3" \
6205 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6206 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6207 -c "NamedGroup: x25519 ( 1d )" \
6208 -c "Verifying peer X.509 certificate... ok" \
6209 -C "received HelloRetryRequest message"
6210
6211requires_gnutls_tls1_3
6212requires_gnutls_next_no_ticket
6213requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6214requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6215requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6216requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6217requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6218requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6219requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6220run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6221 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6222 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6223 0 \
6224 -c "HTTP/1.0 200 OK" \
6225 -c "Protocol is TLSv1.3" \
6226 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6227 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6228 -c "NamedGroup: x25519 ( 1d )" \
6229 -c "Verifying peer X.509 certificate... ok" \
6230 -C "received HelloRetryRequest message"
6231
6232requires_gnutls_tls1_3
6233requires_gnutls_next_no_ticket
6234requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6235requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6236requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6238requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6240run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6241 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6242 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6243 0 \
6244 -c "HTTP/1.0 200 OK" \
6245 -c "Protocol is TLSv1.3" \
6246 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6247 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6248 -c "NamedGroup: x448 ( 1e )" \
6249 -c "Verifying peer X.509 certificate... ok" \
6250 -C "received HelloRetryRequest message"
6251
6252requires_gnutls_tls1_3
6253requires_gnutls_next_no_ticket
6254requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6255requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6256requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6257requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6258requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6259requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6260run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6261 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6262 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6263 0 \
6264 -c "HTTP/1.0 200 OK" \
6265 -c "Protocol is TLSv1.3" \
6266 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6267 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6268 -c "NamedGroup: x448 ( 1e )" \
6269 -c "Verifying peer X.509 certificate... ok" \
6270 -C "received HelloRetryRequest message"
6271
6272requires_gnutls_tls1_3
6273requires_gnutls_next_no_ticket
6274requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6275requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6276requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6277requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6278requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6279requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6280run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6281 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6282 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6283 0 \
6284 -c "HTTP/1.0 200 OK" \
6285 -c "Protocol is TLSv1.3" \
6286 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6287 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6288 -c "NamedGroup: x448 ( 1e )" \
6289 -c "Verifying peer X.509 certificate... ok" \
6290 -C "received HelloRetryRequest message"
6291
6292requires_gnutls_tls1_3
6293requires_gnutls_next_no_ticket
6294requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6295requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6296requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6297requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6298requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6299requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6300requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6301run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6302 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6303 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6304 0 \
6305 -c "HTTP/1.0 200 OK" \
6306 -c "Protocol is TLSv1.3" \
6307 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6308 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6309 -c "NamedGroup: x448 ( 1e )" \
6310 -c "Verifying peer X.509 certificate... ok" \
6311 -C "received HelloRetryRequest message"
6312
6313requires_gnutls_tls1_3
6314requires_gnutls_next_no_ticket
6315requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6316requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6317requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6318requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6319requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6320requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6321run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6322 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6323 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6324 0 \
6325 -c "HTTP/1.0 200 OK" \
6326 -c "Protocol is TLSv1.3" \
6327 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6328 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6329 -c "NamedGroup: secp256r1 ( 17 )" \
6330 -c "Verifying peer X.509 certificate... ok" \
6331 -C "received HelloRetryRequest message"
6332
6333requires_gnutls_tls1_3
6334requires_gnutls_next_no_ticket
6335requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6336requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6337requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6338requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6339requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6340requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6341run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6342 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6343 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6344 0 \
6345 -c "HTTP/1.0 200 OK" \
6346 -c "Protocol is TLSv1.3" \
6347 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6348 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6349 -c "NamedGroup: secp256r1 ( 17 )" \
6350 -c "Verifying peer X.509 certificate... ok" \
6351 -C "received HelloRetryRequest message"
6352
6353requires_gnutls_tls1_3
6354requires_gnutls_next_no_ticket
6355requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6356requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6357requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6358requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6359requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6360requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6361run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6362 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6363 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6364 0 \
6365 -c "HTTP/1.0 200 OK" \
6366 -c "Protocol is TLSv1.3" \
6367 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6368 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6369 -c "NamedGroup: secp256r1 ( 17 )" \
6370 -c "Verifying peer X.509 certificate... ok" \
6371 -C "received HelloRetryRequest message"
6372
6373requires_gnutls_tls1_3
6374requires_gnutls_next_no_ticket
6375requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6376requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6377requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6378requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6379requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6380requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6381requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6382run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6383 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6384 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6385 0 \
6386 -c "HTTP/1.0 200 OK" \
6387 -c "Protocol is TLSv1.3" \
6388 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6389 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6390 -c "NamedGroup: secp256r1 ( 17 )" \
6391 -c "Verifying peer X.509 certificate... ok" \
6392 -C "received HelloRetryRequest message"
6393
6394requires_gnutls_tls1_3
6395requires_gnutls_next_no_ticket
6396requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6397requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6398requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6399requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6400requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6401requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6402run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6403 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6404 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6405 0 \
6406 -c "HTTP/1.0 200 OK" \
6407 -c "Protocol is TLSv1.3" \
6408 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6409 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6410 -c "NamedGroup: secp384r1 ( 18 )" \
6411 -c "Verifying peer X.509 certificate... ok" \
6412 -C "received HelloRetryRequest message"
6413
6414requires_gnutls_tls1_3
6415requires_gnutls_next_no_ticket
6416requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6417requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6418requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6419requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6420requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6421requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6422run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6423 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6424 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6425 0 \
6426 -c "HTTP/1.0 200 OK" \
6427 -c "Protocol is TLSv1.3" \
6428 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6429 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6430 -c "NamedGroup: secp384r1 ( 18 )" \
6431 -c "Verifying peer X.509 certificate... ok" \
6432 -C "received HelloRetryRequest message"
6433
6434requires_gnutls_tls1_3
6435requires_gnutls_next_no_ticket
6436requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6437requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6438requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6439requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6440requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6441requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6442run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6443 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6444 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6445 0 \
6446 -c "HTTP/1.0 200 OK" \
6447 -c "Protocol is TLSv1.3" \
6448 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6449 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6450 -c "NamedGroup: secp384r1 ( 18 )" \
6451 -c "Verifying peer X.509 certificate... ok" \
6452 -C "received HelloRetryRequest message"
6453
6454requires_gnutls_tls1_3
6455requires_gnutls_next_no_ticket
6456requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6457requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6458requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6459requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6460requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6461requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6462requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6463run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6464 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6465 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6466 0 \
6467 -c "HTTP/1.0 200 OK" \
6468 -c "Protocol is TLSv1.3" \
6469 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6470 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6471 -c "NamedGroup: secp384r1 ( 18 )" \
6472 -c "Verifying peer X.509 certificate... ok" \
6473 -C "received HelloRetryRequest message"
6474
6475requires_gnutls_tls1_3
6476requires_gnutls_next_no_ticket
6477requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6478requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6479requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6480requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6481requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6482requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6483run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6484 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6485 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6486 0 \
6487 -c "HTTP/1.0 200 OK" \
6488 -c "Protocol is TLSv1.3" \
6489 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6490 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6491 -c "NamedGroup: secp521r1 ( 19 )" \
6492 -c "Verifying peer X.509 certificate... ok" \
6493 -C "received HelloRetryRequest message"
6494
6495requires_gnutls_tls1_3
6496requires_gnutls_next_no_ticket
6497requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6498requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6499requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6500requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6501requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6502requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6503run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6504 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6505 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6506 0 \
6507 -c "HTTP/1.0 200 OK" \
6508 -c "Protocol is TLSv1.3" \
6509 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6510 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6511 -c "NamedGroup: secp521r1 ( 19 )" \
6512 -c "Verifying peer X.509 certificate... ok" \
6513 -C "received HelloRetryRequest message"
6514
6515requires_gnutls_tls1_3
6516requires_gnutls_next_no_ticket
6517requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6518requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6519requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6520requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6521requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6522requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6523run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6524 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6525 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6526 0 \
6527 -c "HTTP/1.0 200 OK" \
6528 -c "Protocol is TLSv1.3" \
6529 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6530 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6531 -c "NamedGroup: secp521r1 ( 19 )" \
6532 -c "Verifying peer X.509 certificate... ok" \
6533 -C "received HelloRetryRequest message"
6534
6535requires_gnutls_tls1_3
6536requires_gnutls_next_no_ticket
6537requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6538requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6539requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6540requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6541requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6542requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6543requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6544run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6545 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6546 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6547 0 \
6548 -c "HTTP/1.0 200 OK" \
6549 -c "Protocol is TLSv1.3" \
6550 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6551 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6552 -c "NamedGroup: secp521r1 ( 19 )" \
6553 -c "Verifying peer X.509 certificate... ok" \
6554 -C "received HelloRetryRequest message"
6555
6556requires_gnutls_tls1_3
6557requires_gnutls_next_no_ticket
6558requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6559requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6560requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6561requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6562requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6564run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6565 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6566 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6567 0 \
6568 -c "HTTP/1.0 200 OK" \
6569 -c "Protocol is TLSv1.3" \
6570 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6571 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6572 -c "NamedGroup: x25519 ( 1d )" \
6573 -c "Verifying peer X.509 certificate... ok" \
6574 -C "received HelloRetryRequest message"
6575
6576requires_gnutls_tls1_3
6577requires_gnutls_next_no_ticket
6578requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6579requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6580requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6581requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6582requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6583requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6584run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6585 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6586 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6587 0 \
6588 -c "HTTP/1.0 200 OK" \
6589 -c "Protocol is TLSv1.3" \
6590 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6591 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6592 -c "NamedGroup: x25519 ( 1d )" \
6593 -c "Verifying peer X.509 certificate... ok" \
6594 -C "received HelloRetryRequest message"
6595
6596requires_gnutls_tls1_3
6597requires_gnutls_next_no_ticket
6598requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6599requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6600requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6601requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6602requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6603requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6604run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6605 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6606 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6607 0 \
6608 -c "HTTP/1.0 200 OK" \
6609 -c "Protocol is TLSv1.3" \
6610 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6611 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6612 -c "NamedGroup: x25519 ( 1d )" \
6613 -c "Verifying peer X.509 certificate... ok" \
6614 -C "received HelloRetryRequest message"
6615
6616requires_gnutls_tls1_3
6617requires_gnutls_next_no_ticket
6618requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6619requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6620requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6621requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6622requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6623requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6624requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6625run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6626 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6627 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6628 0 \
6629 -c "HTTP/1.0 200 OK" \
6630 -c "Protocol is TLSv1.3" \
6631 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6632 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6633 -c "NamedGroup: x25519 ( 1d )" \
6634 -c "Verifying peer X.509 certificate... ok" \
6635 -C "received HelloRetryRequest message"
6636
6637requires_gnutls_tls1_3
6638requires_gnutls_next_no_ticket
6639requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6640requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6641requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6642requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6643requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6644requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6645run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6646 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6647 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6648 0 \
6649 -c "HTTP/1.0 200 OK" \
6650 -c "Protocol is TLSv1.3" \
6651 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6652 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6653 -c "NamedGroup: x448 ( 1e )" \
6654 -c "Verifying peer X.509 certificate... ok" \
6655 -C "received HelloRetryRequest message"
6656
6657requires_gnutls_tls1_3
6658requires_gnutls_next_no_ticket
6659requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6660requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6661requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6662requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6663requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6664requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6665run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6666 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6667 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6668 0 \
6669 -c "HTTP/1.0 200 OK" \
6670 -c "Protocol is TLSv1.3" \
6671 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6672 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6673 -c "NamedGroup: x448 ( 1e )" \
6674 -c "Verifying peer X.509 certificate... ok" \
6675 -C "received HelloRetryRequest message"
6676
6677requires_gnutls_tls1_3
6678requires_gnutls_next_no_ticket
6679requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6680requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6681requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6682requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6683requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6684requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6685run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6686 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6687 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6688 0 \
6689 -c "HTTP/1.0 200 OK" \
6690 -c "Protocol is TLSv1.3" \
6691 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6692 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6693 -c "NamedGroup: x448 ( 1e )" \
6694 -c "Verifying peer X.509 certificate... ok" \
6695 -C "received HelloRetryRequest message"
6696
6697requires_gnutls_tls1_3
6698requires_gnutls_next_no_ticket
6699requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6700requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6701requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6702requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6703requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6704requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6705requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6706run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6707 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6708 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6709 0 \
6710 -c "HTTP/1.0 200 OK" \
6711 -c "Protocol is TLSv1.3" \
6712 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6713 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6714 -c "NamedGroup: x448 ( 1e )" \
6715 -c "Verifying peer X.509 certificate... ok" \
6716 -C "received HelloRetryRequest message"
6717
6718requires_gnutls_tls1_3
6719requires_gnutls_next_no_ticket
6720requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6721requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6722requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6723requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6724requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6725requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6726run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6727 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6728 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6729 0 \
6730 -c "HTTP/1.0 200 OK" \
6731 -c "Protocol is TLSv1.3" \
6732 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6733 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6734 -c "NamedGroup: secp256r1 ( 17 )" \
6735 -c "Verifying peer X.509 certificate... ok" \
6736 -C "received HelloRetryRequest message"
6737
6738requires_gnutls_tls1_3
6739requires_gnutls_next_no_ticket
6740requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6741requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6742requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6743requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6744requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6745requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6746run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6747 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6748 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6749 0 \
6750 -c "HTTP/1.0 200 OK" \
6751 -c "Protocol is TLSv1.3" \
6752 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6753 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6754 -c "NamedGroup: secp256r1 ( 17 )" \
6755 -c "Verifying peer X.509 certificate... ok" \
6756 -C "received HelloRetryRequest message"
6757
6758requires_gnutls_tls1_3
6759requires_gnutls_next_no_ticket
6760requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6761requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6762requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6763requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6764requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6765requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6766run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6767 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6768 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6769 0 \
6770 -c "HTTP/1.0 200 OK" \
6771 -c "Protocol is TLSv1.3" \
6772 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6773 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6774 -c "NamedGroup: secp256r1 ( 17 )" \
6775 -c "Verifying peer X.509 certificate... ok" \
6776 -C "received HelloRetryRequest message"
6777
6778requires_gnutls_tls1_3
6779requires_gnutls_next_no_ticket
6780requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6781requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6782requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6783requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6784requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6785requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6786requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6787run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6788 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6789 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6790 0 \
6791 -c "HTTP/1.0 200 OK" \
6792 -c "Protocol is TLSv1.3" \
6793 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6794 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6795 -c "NamedGroup: secp256r1 ( 17 )" \
6796 -c "Verifying peer X.509 certificate... ok" \
6797 -C "received HelloRetryRequest message"
6798
6799requires_gnutls_tls1_3
6800requires_gnutls_next_no_ticket
6801requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6802requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6803requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6804requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6805requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6806requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6807run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6808 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6809 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6810 0 \
6811 -c "HTTP/1.0 200 OK" \
6812 -c "Protocol is TLSv1.3" \
6813 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6814 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6815 -c "NamedGroup: secp384r1 ( 18 )" \
6816 -c "Verifying peer X.509 certificate... ok" \
6817 -C "received HelloRetryRequest message"
6818
6819requires_gnutls_tls1_3
6820requires_gnutls_next_no_ticket
6821requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6822requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6823requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6824requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6825requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6826requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6827run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6828 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6829 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6830 0 \
6831 -c "HTTP/1.0 200 OK" \
6832 -c "Protocol is TLSv1.3" \
6833 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6834 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6835 -c "NamedGroup: secp384r1 ( 18 )" \
6836 -c "Verifying peer X.509 certificate... ok" \
6837 -C "received HelloRetryRequest message"
6838
6839requires_gnutls_tls1_3
6840requires_gnutls_next_no_ticket
6841requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6842requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6843requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6844requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6845requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6846requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6847run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6848 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6849 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6850 0 \
6851 -c "HTTP/1.0 200 OK" \
6852 -c "Protocol is TLSv1.3" \
6853 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6854 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6855 -c "NamedGroup: secp384r1 ( 18 )" \
6856 -c "Verifying peer X.509 certificate... ok" \
6857 -C "received HelloRetryRequest message"
6858
6859requires_gnutls_tls1_3
6860requires_gnutls_next_no_ticket
6861requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6862requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6863requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6864requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6865requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6866requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6867requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6868run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6869 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6870 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6871 0 \
6872 -c "HTTP/1.0 200 OK" \
6873 -c "Protocol is TLSv1.3" \
6874 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6875 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6876 -c "NamedGroup: secp384r1 ( 18 )" \
6877 -c "Verifying peer X.509 certificate... ok" \
6878 -C "received HelloRetryRequest message"
6879
6880requires_gnutls_tls1_3
6881requires_gnutls_next_no_ticket
6882requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6883requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6884requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6885requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6886requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6887requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6888run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6889 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6890 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6891 0 \
6892 -c "HTTP/1.0 200 OK" \
6893 -c "Protocol is TLSv1.3" \
6894 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6895 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6896 -c "NamedGroup: secp521r1 ( 19 )" \
6897 -c "Verifying peer X.509 certificate... ok" \
6898 -C "received HelloRetryRequest message"
6899
6900requires_gnutls_tls1_3
6901requires_gnutls_next_no_ticket
6902requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6903requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6904requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6905requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6906requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6907requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6908run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6909 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6910 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6911 0 \
6912 -c "HTTP/1.0 200 OK" \
6913 -c "Protocol is TLSv1.3" \
6914 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6915 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6916 -c "NamedGroup: secp521r1 ( 19 )" \
6917 -c "Verifying peer X.509 certificate... ok" \
6918 -C "received HelloRetryRequest message"
6919
6920requires_gnutls_tls1_3
6921requires_gnutls_next_no_ticket
6922requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6923requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6924requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6925requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6926requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6927requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6928run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6929 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6930 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6931 0 \
6932 -c "HTTP/1.0 200 OK" \
6933 -c "Protocol is TLSv1.3" \
6934 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6935 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6936 -c "NamedGroup: secp521r1 ( 19 )" \
6937 -c "Verifying peer X.509 certificate... ok" \
6938 -C "received HelloRetryRequest message"
6939
6940requires_gnutls_tls1_3
6941requires_gnutls_next_no_ticket
6942requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6943requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6944requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6945requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6946requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6947requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6948requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6949run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6950 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6951 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6952 0 \
6953 -c "HTTP/1.0 200 OK" \
6954 -c "Protocol is TLSv1.3" \
6955 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6956 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6957 -c "NamedGroup: secp521r1 ( 19 )" \
6958 -c "Verifying peer X.509 certificate... ok" \
6959 -C "received HelloRetryRequest message"
6960
6961requires_gnutls_tls1_3
6962requires_gnutls_next_no_ticket
6963requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6964requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6965requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6966requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6967requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6968requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6969run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6970 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6971 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6972 0 \
6973 -c "HTTP/1.0 200 OK" \
6974 -c "Protocol is TLSv1.3" \
6975 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6976 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6977 -c "NamedGroup: x25519 ( 1d )" \
6978 -c "Verifying peer X.509 certificate... ok" \
6979 -C "received HelloRetryRequest message"
6980
6981requires_gnutls_tls1_3
6982requires_gnutls_next_no_ticket
6983requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6984requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]6985requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6986requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]6987requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6988requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6989run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6990 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]6991 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6992 0 \
6993 -c "HTTP/1.0 200 OK" \
6994 -c "Protocol is TLSv1.3" \
6995 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6996 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6997 -c "NamedGroup: x25519 ( 1d )" \
6998 -c "Verifying peer X.509 certificate... ok" \
6999 -C "received HelloRetryRequest message"
7000
7001requires_gnutls_tls1_3
7002requires_gnutls_next_no_ticket
7003requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7004requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7005requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7006requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7007requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7008requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7009run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7010 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7011 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7012 0 \
7013 -c "HTTP/1.0 200 OK" \
7014 -c "Protocol is TLSv1.3" \
7015 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7016 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7017 -c "NamedGroup: x25519 ( 1d )" \
7018 -c "Verifying peer X.509 certificate... ok" \
7019 -C "received HelloRetryRequest message"
7020
7021requires_gnutls_tls1_3
7022requires_gnutls_next_no_ticket
7023requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7024requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7025requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7026requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7027requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7028requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7029requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7030run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7031 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7032 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7033 0 \
7034 -c "HTTP/1.0 200 OK" \
7035 -c "Protocol is TLSv1.3" \
7036 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7037 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7038 -c "NamedGroup: x25519 ( 1d )" \
7039 -c "Verifying peer X.509 certificate... ok" \
7040 -C "received HelloRetryRequest message"
7041
7042requires_gnutls_tls1_3
7043requires_gnutls_next_no_ticket
7044requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7045requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7046requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7047requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7048requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7049requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7050run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7051 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7052 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7053 0 \
7054 -c "HTTP/1.0 200 OK" \
7055 -c "Protocol is TLSv1.3" \
7056 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7057 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7058 -c "NamedGroup: x448 ( 1e )" \
7059 -c "Verifying peer X.509 certificate... ok" \
7060 -C "received HelloRetryRequest message"
7061
7062requires_gnutls_tls1_3
7063requires_gnutls_next_no_ticket
7064requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7065requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7066requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7067requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7068requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7069requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7070run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7071 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7072 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7073 0 \
7074 -c "HTTP/1.0 200 OK" \
7075 -c "Protocol is TLSv1.3" \
7076 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7077 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7078 -c "NamedGroup: x448 ( 1e )" \
7079 -c "Verifying peer X.509 certificate... ok" \
7080 -C "received HelloRetryRequest message"
7081
7082requires_gnutls_tls1_3
7083requires_gnutls_next_no_ticket
7084requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7085requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7086requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7087requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7088requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7089requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7090run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7091 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7092 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7093 0 \
7094 -c "HTTP/1.0 200 OK" \
7095 -c "Protocol is TLSv1.3" \
7096 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7097 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7098 -c "NamedGroup: x448 ( 1e )" \
7099 -c "Verifying peer X.509 certificate... ok" \
7100 -C "received HelloRetryRequest message"
7101
7102requires_gnutls_tls1_3
7103requires_gnutls_next_no_ticket
7104requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7105requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7106requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7107requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7108requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7109requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7110requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7111run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7112 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7113 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7114 0 \
7115 -c "HTTP/1.0 200 OK" \
7116 -c "Protocol is TLSv1.3" \
7117 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
7118 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7119 -c "NamedGroup: x448 ( 1e )" \
7120 -c "Verifying peer X.509 certificate... ok" \
7121 -C "received HelloRetryRequest message"
7122
7123requires_gnutls_tls1_3
7124requires_gnutls_next_no_ticket
7125requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7126requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7127requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7128requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7129requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7130requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7131run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7132 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7133 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7134 0 \
7135 -c "HTTP/1.0 200 OK" \
7136 -c "Protocol is TLSv1.3" \
7137 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7138 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7139 -c "NamedGroup: secp256r1 ( 17 )" \
7140 -c "Verifying peer X.509 certificate... ok" \
7141 -C "received HelloRetryRequest message"
7142
7143requires_gnutls_tls1_3
7144requires_gnutls_next_no_ticket
7145requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7146requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7147requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7148requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7149requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7150requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7151run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7152 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7153 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7154 0 \
7155 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7156 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7157 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7158 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7159 -c "NamedGroup: secp256r1 ( 17 )" \
7160 -c "Verifying peer X.509 certificate... ok" \
7161 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7162
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7163requires_gnutls_tls1_3
7164requires_gnutls_next_no_ticket
7165requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7166requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7167requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7168requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7169requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7170requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7171run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7172 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7173 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7174 0 \
7175 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7176 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7177 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7178 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7179 -c "NamedGroup: secp256r1 ( 17 )" \
7180 -c "Verifying peer X.509 certificate... ok" \
7181 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7182
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7183requires_gnutls_tls1_3
7184requires_gnutls_next_no_ticket
7185requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7186requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7187requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7188requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7189requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7190requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7191requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7192run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7193 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7194 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7195 0 \
7196 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7197 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7198 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7199 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7200 -c "NamedGroup: secp256r1 ( 17 )" \
7201 -c "Verifying peer X.509 certificate... ok" \
7202 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7203
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7204requires_gnutls_tls1_3
7205requires_gnutls_next_no_ticket
7206requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7207requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7208requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7209requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7210requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7211requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7212run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7213 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7214 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7215 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7216 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7217 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7218 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7219 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7220 -c "NamedGroup: secp384r1 ( 18 )" \
7221 -c "Verifying peer X.509 certificate... ok" \
7222 -C "received HelloRetryRequest message"
7223
7224requires_gnutls_tls1_3
7225requires_gnutls_next_no_ticket
7226requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7227requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7228requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7229requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7230requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7231requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7232run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7233 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7234 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7235 0 \
7236 -c "HTTP/1.0 200 OK" \
7237 -c "Protocol is TLSv1.3" \
7238 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7239 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7240 -c "NamedGroup: secp384r1 ( 18 )" \
7241 -c "Verifying peer X.509 certificate... ok" \
7242 -C "received HelloRetryRequest message"
7243
7244requires_gnutls_tls1_3
7245requires_gnutls_next_no_ticket
7246requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7247requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7248requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7249requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7250requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7251requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7252run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7253 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7254 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7255 0 \
7256 -c "HTTP/1.0 200 OK" \
7257 -c "Protocol is TLSv1.3" \
7258 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7259 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7260 -c "NamedGroup: secp384r1 ( 18 )" \
7261 -c "Verifying peer X.509 certificate... ok" \
7262 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7263
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7264requires_gnutls_tls1_3
7265requires_gnutls_next_no_ticket
7266requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7267requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7268requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7269requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7270requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7271requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7272requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7273run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7274 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7275 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7276 0 \
7277 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7278 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7279 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7280 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7281 -c "NamedGroup: secp384r1 ( 18 )" \
7282 -c "Verifying peer X.509 certificate... ok" \
7283 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7284
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7285requires_gnutls_tls1_3
7286requires_gnutls_next_no_ticket
7287requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7288requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7289requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7290requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7291requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7292requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7293run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7294 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7295 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7296 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7297 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7298 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7299 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7300 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7301 -c "NamedGroup: secp521r1 ( 19 )" \
7302 -c "Verifying peer X.509 certificate... ok" \
7303 -C "received HelloRetryRequest message"
7304
7305requires_gnutls_tls1_3
7306requires_gnutls_next_no_ticket
7307requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7308requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7309requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7310requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7311requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7312requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7313run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7314 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7315 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7316 0 \
7317 -c "HTTP/1.0 200 OK" \
7318 -c "Protocol is TLSv1.3" \
7319 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7320 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7321 -c "NamedGroup: secp521r1 ( 19 )" \
7322 -c "Verifying peer X.509 certificate... ok" \
7323 -C "received HelloRetryRequest message"
7324
7325requires_gnutls_tls1_3
7326requires_gnutls_next_no_ticket
7327requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7328requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7329requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7330requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7331requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7332requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7333run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7334 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7335 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7336 0 \
7337 -c "HTTP/1.0 200 OK" \
7338 -c "Protocol is TLSv1.3" \
7339 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7340 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7341 -c "NamedGroup: secp521r1 ( 19 )" \
7342 -c "Verifying peer X.509 certificate... ok" \
7343 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7344
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7345requires_gnutls_tls1_3
7346requires_gnutls_next_no_ticket
7347requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7348requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7349requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7350requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7351requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7352requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7353requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7354run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7355 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7356 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7357 0 \
7358 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7359 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7360 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7361 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7362 -c "NamedGroup: secp521r1 ( 19 )" \
7363 -c "Verifying peer X.509 certificate... ok" \
7364 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7365
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7366requires_gnutls_tls1_3
7367requires_gnutls_next_no_ticket
7368requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7369requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7370requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7371requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7372requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7373requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7374run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7375 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7376 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7377 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7378 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7379 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7380 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7381 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7382 -c "NamedGroup: x25519 ( 1d )" \
7383 -c "Verifying peer X.509 certificate... ok" \
7384 -C "received HelloRetryRequest message"
7385
7386requires_gnutls_tls1_3
7387requires_gnutls_next_no_ticket
7388requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7389requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7390requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7391requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7392requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7393requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7394run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7395 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7396 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7397 0 \
7398 -c "HTTP/1.0 200 OK" \
7399 -c "Protocol is TLSv1.3" \
7400 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7401 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7402 -c "NamedGroup: x25519 ( 1d )" \
7403 -c "Verifying peer X.509 certificate... ok" \
7404 -C "received HelloRetryRequest message"
7405
7406requires_gnutls_tls1_3
7407requires_gnutls_next_no_ticket
7408requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7409requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7410requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7411requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7412requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7413requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7414run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7415 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7416 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7417 0 \
7418 -c "HTTP/1.0 200 OK" \
7419 -c "Protocol is TLSv1.3" \
7420 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7421 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7422 -c "NamedGroup: x25519 ( 1d )" \
7423 -c "Verifying peer X.509 certificate... ok" \
7424 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7425
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7426requires_gnutls_tls1_3
7427requires_gnutls_next_no_ticket
7428requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7429requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7430requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7431requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7432requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7433requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7434requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7435run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7436 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7437 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7438 0 \
7439 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7440 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7441 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7442 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7443 -c "NamedGroup: x25519 ( 1d )" \
7444 -c "Verifying peer X.509 certificate... ok" \
7445 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7446
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7447requires_gnutls_tls1_3
7448requires_gnutls_next_no_ticket
7449requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7450requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7451requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7452requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7453requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7454requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7455run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7456 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7457 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7458 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7459 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7460 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7461 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7462 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7463 -c "NamedGroup: x448 ( 1e )" \
7464 -c "Verifying peer X.509 certificate... ok" \
7465 -C "received HelloRetryRequest message"
7466
7467requires_gnutls_tls1_3
7468requires_gnutls_next_no_ticket
7469requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7470requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7471requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7472requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7473requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7474requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7475run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7476 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7477 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7478 0 \
7479 -c "HTTP/1.0 200 OK" \
7480 -c "Protocol is TLSv1.3" \
7481 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7482 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7483 -c "NamedGroup: x448 ( 1e )" \
7484 -c "Verifying peer X.509 certificate... ok" \
7485 -C "received HelloRetryRequest message"
7486
7487requires_gnutls_tls1_3
7488requires_gnutls_next_no_ticket
7489requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7490requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7491requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7492requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7493requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7494requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7495run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7496 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7497 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7498 0 \
7499 -c "HTTP/1.0 200 OK" \
7500 -c "Protocol is TLSv1.3" \
7501 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7502 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7503 -c "NamedGroup: x448 ( 1e )" \
7504 -c "Verifying peer X.509 certificate... ok" \
7505 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7506
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7507requires_gnutls_tls1_3
7508requires_gnutls_next_no_ticket
7509requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7510requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7511requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7512requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7513requires_key_exchange_with_cert_in_tls13_enabled
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7514requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7515requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7516run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7517 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7518 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7519 0 \
7520 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7521 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7522 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]7523 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7524 -c "NamedGroup: x448 ( 1e )" \
7525 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]7526 -C "received HelloRetryRequest message"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]7527
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7528requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7529requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7530requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7531requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7532requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7533requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7534requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7535requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7536requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7537requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7538run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7539 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7540 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7541 0 \
7542 -s "Protocol is TLSv1.3" \
7543 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7544 -s "received signature algorithm: 0x403" \
7545 -s "got named group: secp256r1(0017)" \
7546 -s "Verifying peer X.509 certificate... ok" \
7547 -c "Protocol is TLSv1.3" \
7548 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7549 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7550 -c "NamedGroup: secp256r1 ( 17 )" \
7551 -c "Verifying peer X.509 certificate... ok" \
7552 -C "received HelloRetryRequest message"
7553
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7554requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7555requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7556requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7557requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7558requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7559requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7560requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7561requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7562requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7564run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7565 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7566 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7567 0 \
7568 -s "Protocol is TLSv1.3" \
7569 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7570 -s "received signature algorithm: 0x503" \
7571 -s "got named group: secp256r1(0017)" \
7572 -s "Verifying peer X.509 certificate... ok" \
7573 -c "Protocol is TLSv1.3" \
7574 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7575 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7576 -c "NamedGroup: secp256r1 ( 17 )" \
7577 -c "Verifying peer X.509 certificate... ok" \
7578 -C "received HelloRetryRequest message"
7579
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7580requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7581requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7582requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7583requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7584requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7585requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7586requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7587requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7588requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7589requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7590run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7591 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7592 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7593 0 \
7594 -s "Protocol is TLSv1.3" \
7595 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7596 -s "received signature algorithm: 0x603" \
7597 -s "got named group: secp256r1(0017)" \
7598 -s "Verifying peer X.509 certificate... ok" \
7599 -c "Protocol is TLSv1.3" \
7600 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7601 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7602 -c "NamedGroup: secp256r1 ( 17 )" \
7603 -c "Verifying peer X.509 certificate... ok" \
7604 -C "received HelloRetryRequest message"
7605
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7606requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7607requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7608requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7609requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7610requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7611requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7612requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7613requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7614requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7615requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7616requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7617requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7618run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7619 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7620 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7621 0 \
7622 -s "Protocol is TLSv1.3" \
7623 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7624 -s "received signature algorithm: 0x804" \
7625 -s "got named group: secp256r1(0017)" \
7626 -s "Verifying peer X.509 certificate... ok" \
7627 -c "Protocol is TLSv1.3" \
7628 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7629 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7630 -c "NamedGroup: secp256r1 ( 17 )" \
7631 -c "Verifying peer X.509 certificate... ok" \
7632 -C "received HelloRetryRequest message"
7633
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7634requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7635requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7636requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7637requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7638requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7639requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7640requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7641requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7642requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7643requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7644run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7645 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7646 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7647 0 \
7648 -s "Protocol is TLSv1.3" \
7649 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7650 -s "received signature algorithm: 0x403" \
7651 -s "got named group: secp384r1(0018)" \
7652 -s "Verifying peer X.509 certificate... ok" \
7653 -c "Protocol is TLSv1.3" \
7654 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7655 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7656 -c "NamedGroup: secp384r1 ( 18 )" \
7657 -c "Verifying peer X.509 certificate... ok" \
7658 -C "received HelloRetryRequest message"
7659
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7660requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7661requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7662requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7663requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7664requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7665requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7666requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7667requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7668requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7670run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7671 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7672 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7673 0 \
7674 -s "Protocol is TLSv1.3" \
7675 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7676 -s "received signature algorithm: 0x503" \
7677 -s "got named group: secp384r1(0018)" \
7678 -s "Verifying peer X.509 certificate... ok" \
7679 -c "Protocol is TLSv1.3" \
7680 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7681 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7682 -c "NamedGroup: secp384r1 ( 18 )" \
7683 -c "Verifying peer X.509 certificate... ok" \
7684 -C "received HelloRetryRequest message"
7685
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7686requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7687requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7688requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7689requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7690requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7691requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7692requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7693requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7694requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7695requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7696run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7697 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7698 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7699 0 \
7700 -s "Protocol is TLSv1.3" \
7701 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7702 -s "received signature algorithm: 0x603" \
7703 -s "got named group: secp384r1(0018)" \
7704 -s "Verifying peer X.509 certificate... ok" \
7705 -c "Protocol is TLSv1.3" \
7706 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7707 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7708 -c "NamedGroup: secp384r1 ( 18 )" \
7709 -c "Verifying peer X.509 certificate... ok" \
7710 -C "received HelloRetryRequest message"
7711
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7712requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7713requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7714requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7715requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7716requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7717requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7718requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7719requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7720requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7721requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7722requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7723requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7724run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7725 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7726 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7727 0 \
7728 -s "Protocol is TLSv1.3" \
7729 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7730 -s "received signature algorithm: 0x804" \
7731 -s "got named group: secp384r1(0018)" \
7732 -s "Verifying peer X.509 certificate... ok" \
7733 -c "Protocol is TLSv1.3" \
7734 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7735 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7736 -c "NamedGroup: secp384r1 ( 18 )" \
7737 -c "Verifying peer X.509 certificate... ok" \
7738 -C "received HelloRetryRequest message"
7739
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7740requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7741requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7742requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7743requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7744requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7745requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7746requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7747requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7748requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7749requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7750run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7751 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7752 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7753 0 \
7754 -s "Protocol is TLSv1.3" \
7755 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7756 -s "received signature algorithm: 0x403" \
7757 -s "got named group: secp521r1(0019)" \
7758 -s "Verifying peer X.509 certificate... ok" \
7759 -c "Protocol is TLSv1.3" \
7760 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7761 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7762 -c "NamedGroup: secp521r1 ( 19 )" \
7763 -c "Verifying peer X.509 certificate... ok" \
7764 -C "received HelloRetryRequest message"
7765
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7766requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7767requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7768requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7769requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7770requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7771requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7772requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7773requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7774requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7775requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7776run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7777 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7778 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7779 0 \
7780 -s "Protocol is TLSv1.3" \
7781 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7782 -s "received signature algorithm: 0x503" \
7783 -s "got named group: secp521r1(0019)" \
7784 -s "Verifying peer X.509 certificate... ok" \
7785 -c "Protocol is TLSv1.3" \
7786 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7787 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7788 -c "NamedGroup: secp521r1 ( 19 )" \
7789 -c "Verifying peer X.509 certificate... ok" \
7790 -C "received HelloRetryRequest message"
7791
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7792requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7793requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7794requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7795requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7797requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7798requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7799requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7800requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7801requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7802run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7803 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7804 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7805 0 \
7806 -s "Protocol is TLSv1.3" \
7807 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7808 -s "received signature algorithm: 0x603" \
7809 -s "got named group: secp521r1(0019)" \
7810 -s "Verifying peer X.509 certificate... ok" \
7811 -c "Protocol is TLSv1.3" \
7812 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7813 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7814 -c "NamedGroup: secp521r1 ( 19 )" \
7815 -c "Verifying peer X.509 certificate... ok" \
7816 -C "received HelloRetryRequest message"
7817
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7818requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7819requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7820requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7821requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7822requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7823requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7824requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7825requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7826requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7827requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7828requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7829requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7830run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7831 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7832 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7833 0 \
7834 -s "Protocol is TLSv1.3" \
7835 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7836 -s "received signature algorithm: 0x804" \
7837 -s "got named group: secp521r1(0019)" \
7838 -s "Verifying peer X.509 certificate... ok" \
7839 -c "Protocol is TLSv1.3" \
7840 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7841 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7842 -c "NamedGroup: secp521r1 ( 19 )" \
7843 -c "Verifying peer X.509 certificate... ok" \
7844 -C "received HelloRetryRequest message"
7845
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7846requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7847requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7848requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7849requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7850requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7851requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7852requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7853requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7854requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7856run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7857 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7858 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7859 0 \
7860 -s "Protocol is TLSv1.3" \
7861 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7862 -s "received signature algorithm: 0x403" \
7863 -s "got named group: x25519(001d)" \
7864 -s "Verifying peer X.509 certificate... ok" \
7865 -c "Protocol is TLSv1.3" \
7866 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7867 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7868 -c "NamedGroup: x25519 ( 1d )" \
7869 -c "Verifying peer X.509 certificate... ok" \
7870 -C "received HelloRetryRequest message"
7871
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7872requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7873requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7874requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7875requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7876requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7877requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7878requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7879requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7880requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7881requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7882run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7883 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7884 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7885 0 \
7886 -s "Protocol is TLSv1.3" \
7887 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7888 -s "received signature algorithm: 0x503" \
7889 -s "got named group: x25519(001d)" \
7890 -s "Verifying peer X.509 certificate... ok" \
7891 -c "Protocol is TLSv1.3" \
7892 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7893 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7894 -c "NamedGroup: x25519 ( 1d )" \
7895 -c "Verifying peer X.509 certificate... ok" \
7896 -C "received HelloRetryRequest message"
7897
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7898requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7899requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7900requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7901requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7902requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7903requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7904requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7905requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7906requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7907requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7908run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7909 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7910 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7911 0 \
7912 -s "Protocol is TLSv1.3" \
7913 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7914 -s "received signature algorithm: 0x603" \
7915 -s "got named group: x25519(001d)" \
7916 -s "Verifying peer X.509 certificate... ok" \
7917 -c "Protocol is TLSv1.3" \
7918 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7919 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7920 -c "NamedGroup: x25519 ( 1d )" \
7921 -c "Verifying peer X.509 certificate... ok" \
7922 -C "received HelloRetryRequest message"
7923
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7924requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7925requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7926requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7927requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7928requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7929requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7930requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7931requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7932requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7933requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7934requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7935requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7936run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7937 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7938 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7939 0 \
7940 -s "Protocol is TLSv1.3" \
7941 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7942 -s "received signature algorithm: 0x804" \
7943 -s "got named group: x25519(001d)" \
7944 -s "Verifying peer X.509 certificate... ok" \
7945 -c "Protocol is TLSv1.3" \
7946 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7947 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7948 -c "NamedGroup: x25519 ( 1d )" \
7949 -c "Verifying peer X.509 certificate... ok" \
7950 -C "received HelloRetryRequest message"
7951
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7952requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7953requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7954requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7955requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7956requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7957requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7958requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7959requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7960requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7961requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7962run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7963 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7964 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7965 0 \
7966 -s "Protocol is TLSv1.3" \
7967 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7968 -s "received signature algorithm: 0x403" \
7969 -s "got named group: x448(001e)" \
7970 -s "Verifying peer X.509 certificate... ok" \
7971 -c "Protocol is TLSv1.3" \
7972 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7973 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7974 -c "NamedGroup: x448 ( 1e )" \
7975 -c "Verifying peer X.509 certificate... ok" \
7976 -C "received HelloRetryRequest message"
7977
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7978requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7979requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7980requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7981requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7982requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7983requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]7984requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7985requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]7986requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7988run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]7989 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7990 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7991 0 \
7992 -s "Protocol is TLSv1.3" \
7993 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7994 -s "received signature algorithm: 0x503" \
7995 -s "got named group: x448(001e)" \
7996 -s "Verifying peer X.509 certificate... ok" \
7997 -c "Protocol is TLSv1.3" \
7998 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7999 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8000 -c "NamedGroup: x448 ( 1e )" \
8001 -c "Verifying peer X.509 certificate... ok" \
8002 -C "received HelloRetryRequest message"
8003
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8004requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8005requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8006requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8007requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8008requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8009requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8010requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8011requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8012requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8013requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8014run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8015 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8016 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8017 0 \
8018 -s "Protocol is TLSv1.3" \
8019 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
8020 -s "received signature algorithm: 0x603" \
8021 -s "got named group: x448(001e)" \
8022 -s "Verifying peer X.509 certificate... ok" \
8023 -c "Protocol is TLSv1.3" \
8024 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
8025 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8026 -c "NamedGroup: x448 ( 1e )" \
8027 -c "Verifying peer X.509 certificate... ok" \
8028 -C "received HelloRetryRequest message"
8029
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8030requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8031requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8032requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8033requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8034requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8035requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8036requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8037requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8038requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8039requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8040requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8041requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8042run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8043 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8044 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8045 0 \
8046 -s "Protocol is TLSv1.3" \
8047 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
8048 -s "received signature algorithm: 0x804" \
8049 -s "got named group: x448(001e)" \
8050 -s "Verifying peer X.509 certificate... ok" \
8051 -c "Protocol is TLSv1.3" \
8052 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
8053 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8054 -c "NamedGroup: x448 ( 1e )" \
8055 -c "Verifying peer X.509 certificate... ok" \
8056 -C "received HelloRetryRequest message"
8057
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8058requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8059requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8060requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8061requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8062requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8063requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8064requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8065requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8066requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8067requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8068run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8069 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8070 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8071 0 \
8072 -s "Protocol is TLSv1.3" \
8073 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8074 -s "received signature algorithm: 0x403" \
8075 -s "got named group: secp256r1(0017)" \
8076 -s "Verifying peer X.509 certificate... ok" \
8077 -c "Protocol is TLSv1.3" \
8078 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8079 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8080 -c "NamedGroup: secp256r1 ( 17 )" \
8081 -c "Verifying peer X.509 certificate... ok" \
8082 -C "received HelloRetryRequest message"
8083
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8084requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8085requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8086requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8087requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8088requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8089requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8090requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8091requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8092requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8093requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8094run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8095 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8096 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8097 0 \
8098 -s "Protocol is TLSv1.3" \
8099 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8100 -s "received signature algorithm: 0x503" \
8101 -s "got named group: secp256r1(0017)" \
8102 -s "Verifying peer X.509 certificate... ok" \
8103 -c "Protocol is TLSv1.3" \
8104 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8105 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8106 -c "NamedGroup: secp256r1 ( 17 )" \
8107 -c "Verifying peer X.509 certificate... ok" \
8108 -C "received HelloRetryRequest message"
8109
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8110requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8111requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8112requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8113requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8114requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8115requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8116requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8117requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8118requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8119requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8120run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8121 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8122 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8123 0 \
8124 -s "Protocol is TLSv1.3" \
8125 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8126 -s "received signature algorithm: 0x603" \
8127 -s "got named group: secp256r1(0017)" \
8128 -s "Verifying peer X.509 certificate... ok" \
8129 -c "Protocol is TLSv1.3" \
8130 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8131 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8132 -c "NamedGroup: secp256r1 ( 17 )" \
8133 -c "Verifying peer X.509 certificate... ok" \
8134 -C "received HelloRetryRequest message"
8135
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8136requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8137requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8138requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8139requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8140requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8141requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8142requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8143requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8144requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8145requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8146requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8147requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8148run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8149 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8150 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8151 0 \
8152 -s "Protocol is TLSv1.3" \
8153 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8154 -s "received signature algorithm: 0x804" \
8155 -s "got named group: secp256r1(0017)" \
8156 -s "Verifying peer X.509 certificate... ok" \
8157 -c "Protocol is TLSv1.3" \
8158 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8159 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8160 -c "NamedGroup: secp256r1 ( 17 )" \
8161 -c "Verifying peer X.509 certificate... ok" \
8162 -C "received HelloRetryRequest message"
8163
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8164requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8165requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8166requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8167requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8168requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8169requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8170requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8171requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8172requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8173requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8174run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8175 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8176 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8177 0 \
8178 -s "Protocol is TLSv1.3" \
8179 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8180 -s "received signature algorithm: 0x403" \
8181 -s "got named group: secp384r1(0018)" \
8182 -s "Verifying peer X.509 certificate... ok" \
8183 -c "Protocol is TLSv1.3" \
8184 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8185 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8186 -c "NamedGroup: secp384r1 ( 18 )" \
8187 -c "Verifying peer X.509 certificate... ok" \
8188 -C "received HelloRetryRequest message"
8189
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8190requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8191requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8192requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8193requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8194requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8195requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8196requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8197requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8198requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8199requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8200run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8201 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8202 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8203 0 \
8204 -s "Protocol is TLSv1.3" \
8205 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8206 -s "received signature algorithm: 0x503" \
8207 -s "got named group: secp384r1(0018)" \
8208 -s "Verifying peer X.509 certificate... ok" \
8209 -c "Protocol is TLSv1.3" \
8210 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8211 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8212 -c "NamedGroup: secp384r1 ( 18 )" \
8213 -c "Verifying peer X.509 certificate... ok" \
8214 -C "received HelloRetryRequest message"
8215
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8216requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8217requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8218requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8219requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8221requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8222requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8223requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8224requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8225requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8226run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8227 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8228 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8229 0 \
8230 -s "Protocol is TLSv1.3" \
8231 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8232 -s "received signature algorithm: 0x603" \
8233 -s "got named group: secp384r1(0018)" \
8234 -s "Verifying peer X.509 certificate... ok" \
8235 -c "Protocol is TLSv1.3" \
8236 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8237 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8238 -c "NamedGroup: secp384r1 ( 18 )" \
8239 -c "Verifying peer X.509 certificate... ok" \
8240 -C "received HelloRetryRequest message"
8241
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8242requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8243requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8244requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8245requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8246requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8247requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8248requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8249requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8250requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8251requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8252requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8253requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8254run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8255 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8256 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8257 0 \
8258 -s "Protocol is TLSv1.3" \
8259 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8260 -s "received signature algorithm: 0x804" \
8261 -s "got named group: secp384r1(0018)" \
8262 -s "Verifying peer X.509 certificate... ok" \
8263 -c "Protocol is TLSv1.3" \
8264 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8265 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8266 -c "NamedGroup: secp384r1 ( 18 )" \
8267 -c "Verifying peer X.509 certificate... ok" \
8268 -C "received HelloRetryRequest message"
8269
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8270requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8271requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8272requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8273requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8274requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8275requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8276requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8277requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8278requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8279requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8280run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8281 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8282 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8283 0 \
8284 -s "Protocol is TLSv1.3" \
8285 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8286 -s "received signature algorithm: 0x403" \
8287 -s "got named group: secp521r1(0019)" \
8288 -s "Verifying peer X.509 certificate... ok" \
8289 -c "Protocol is TLSv1.3" \
8290 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8291 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8292 -c "NamedGroup: secp521r1 ( 19 )" \
8293 -c "Verifying peer X.509 certificate... ok" \
8294 -C "received HelloRetryRequest message"
8295
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8296requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8297requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8298requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8299requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8300requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8301requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8302requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8303requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8304requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8305requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8306run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8307 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8308 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8309 0 \
8310 -s "Protocol is TLSv1.3" \
8311 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8312 -s "received signature algorithm: 0x503" \
8313 -s "got named group: secp521r1(0019)" \
8314 -s "Verifying peer X.509 certificate... ok" \
8315 -c "Protocol is TLSv1.3" \
8316 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8317 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8318 -c "NamedGroup: secp521r1 ( 19 )" \
8319 -c "Verifying peer X.509 certificate... ok" \
8320 -C "received HelloRetryRequest message"
8321
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8322requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8323requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8324requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8325requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8326requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8327requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8328requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8329requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8330requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8331requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8332run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8333 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8334 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8335 0 \
8336 -s "Protocol is TLSv1.3" \
8337 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8338 -s "received signature algorithm: 0x603" \
8339 -s "got named group: secp521r1(0019)" \
8340 -s "Verifying peer X.509 certificate... ok" \
8341 -c "Protocol is TLSv1.3" \
8342 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8343 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8344 -c "NamedGroup: secp521r1 ( 19 )" \
8345 -c "Verifying peer X.509 certificate... ok" \
8346 -C "received HelloRetryRequest message"
8347
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8348requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8349requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8350requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8351requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8352requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8353requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8354requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8355requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8356requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8357requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8358requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8359requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8360run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8361 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8362 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8363 0 \
8364 -s "Protocol is TLSv1.3" \
8365 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8366 -s "received signature algorithm: 0x804" \
8367 -s "got named group: secp521r1(0019)" \
8368 -s "Verifying peer X.509 certificate... ok" \
8369 -c "Protocol is TLSv1.3" \
8370 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8371 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8372 -c "NamedGroup: secp521r1 ( 19 )" \
8373 -c "Verifying peer X.509 certificate... ok" \
8374 -C "received HelloRetryRequest message"
8375
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8376requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8377requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8378requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8379requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8380requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8381requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8382requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8383requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8384requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8385requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8386run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8387 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8388 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8389 0 \
8390 -s "Protocol is TLSv1.3" \
8391 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8392 -s "received signature algorithm: 0x403" \
8393 -s "got named group: x25519(001d)" \
8394 -s "Verifying peer X.509 certificate... ok" \
8395 -c "Protocol is TLSv1.3" \
8396 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8397 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8398 -c "NamedGroup: x25519 ( 1d )" \
8399 -c "Verifying peer X.509 certificate... ok" \
8400 -C "received HelloRetryRequest message"
8401
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8402requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8403requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8404requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8405requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8406requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8407requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8408requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8409requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8410requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8412run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8413 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8414 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8415 0 \
8416 -s "Protocol is TLSv1.3" \
8417 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8418 -s "received signature algorithm: 0x503" \
8419 -s "got named group: x25519(001d)" \
8420 -s "Verifying peer X.509 certificate... ok" \
8421 -c "Protocol is TLSv1.3" \
8422 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8423 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8424 -c "NamedGroup: x25519 ( 1d )" \
8425 -c "Verifying peer X.509 certificate... ok" \
8426 -C "received HelloRetryRequest message"
8427
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8428requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8429requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8430requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8431requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8432requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8433requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8434requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8435requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8436requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8437requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8438run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8439 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8440 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8441 0 \
8442 -s "Protocol is TLSv1.3" \
8443 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8444 -s "received signature algorithm: 0x603" \
8445 -s "got named group: x25519(001d)" \
8446 -s "Verifying peer X.509 certificate... ok" \
8447 -c "Protocol is TLSv1.3" \
8448 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8449 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8450 -c "NamedGroup: x25519 ( 1d )" \
8451 -c "Verifying peer X.509 certificate... ok" \
8452 -C "received HelloRetryRequest message"
8453
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8454requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8455requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8456requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8457requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8458requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8459requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8460requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8461requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8462requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8463requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8464requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8465requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8466run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8467 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8468 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8469 0 \
8470 -s "Protocol is TLSv1.3" \
8471 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8472 -s "received signature algorithm: 0x804" \
8473 -s "got named group: x25519(001d)" \
8474 -s "Verifying peer X.509 certificate... ok" \
8475 -c "Protocol is TLSv1.3" \
8476 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8477 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8478 -c "NamedGroup: x25519 ( 1d )" \
8479 -c "Verifying peer X.509 certificate... ok" \
8480 -C "received HelloRetryRequest message"
8481
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8482requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8483requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8484requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8485requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8486requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8487requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8488requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8489requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8490requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8491requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8492run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8493 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8494 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8495 0 \
8496 -s "Protocol is TLSv1.3" \
8497 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8498 -s "received signature algorithm: 0x403" \
8499 -s "got named group: x448(001e)" \
8500 -s "Verifying peer X.509 certificate... ok" \
8501 -c "Protocol is TLSv1.3" \
8502 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8503 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8504 -c "NamedGroup: x448 ( 1e )" \
8505 -c "Verifying peer X.509 certificate... ok" \
8506 -C "received HelloRetryRequest message"
8507
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8508requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8509requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8510requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8511requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8512requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8513requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8514requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8515requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8516requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8517requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8518run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8519 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8520 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8521 0 \
8522 -s "Protocol is TLSv1.3" \
8523 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8524 -s "received signature algorithm: 0x503" \
8525 -s "got named group: x448(001e)" \
8526 -s "Verifying peer X.509 certificate... ok" \
8527 -c "Protocol is TLSv1.3" \
8528 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8529 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8530 -c "NamedGroup: x448 ( 1e )" \
8531 -c "Verifying peer X.509 certificate... ok" \
8532 -C "received HelloRetryRequest message"
8533
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8534requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8535requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8536requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8537requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8538requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8539requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8540requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8541requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8542requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8543requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8544run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8545 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8546 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8547 0 \
8548 -s "Protocol is TLSv1.3" \
8549 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8550 -s "received signature algorithm: 0x603" \
8551 -s "got named group: x448(001e)" \
8552 -s "Verifying peer X.509 certificate... ok" \
8553 -c "Protocol is TLSv1.3" \
8554 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8555 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8556 -c "NamedGroup: x448 ( 1e )" \
8557 -c "Verifying peer X.509 certificate... ok" \
8558 -C "received HelloRetryRequest message"
8559
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8560requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8561requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8562requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8563requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8564requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8565requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8566requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8567requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8568requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8569requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8570requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8571requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8572run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8573 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8574 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8575 0 \
8576 -s "Protocol is TLSv1.3" \
8577 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8578 -s "received signature algorithm: 0x804" \
8579 -s "got named group: x448(001e)" \
8580 -s "Verifying peer X.509 certificate... ok" \
8581 -c "Protocol is TLSv1.3" \
8582 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8583 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8584 -c "NamedGroup: x448 ( 1e )" \
8585 -c "Verifying peer X.509 certificate... ok" \
8586 -C "received HelloRetryRequest message"
8587
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8588requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8589requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8590requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8591requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8592requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8593requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8594requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8595requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8596requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8597requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8598run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8599 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8600 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8601 0 \
8602 -s "Protocol is TLSv1.3" \
8603 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8604 -s "received signature algorithm: 0x403" \
8605 -s "got named group: secp256r1(0017)" \
8606 -s "Verifying peer X.509 certificate... ok" \
8607 -c "Protocol is TLSv1.3" \
8608 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8609 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8610 -c "NamedGroup: secp256r1 ( 17 )" \
8611 -c "Verifying peer X.509 certificate... ok" \
8612 -C "received HelloRetryRequest message"
8613
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8614requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8615requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8616requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8617requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8618requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8619requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8620requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8621requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8622requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8623requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8624run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8625 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8626 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8627 0 \
8628 -s "Protocol is TLSv1.3" \
8629 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8630 -s "received signature algorithm: 0x503" \
8631 -s "got named group: secp256r1(0017)" \
8632 -s "Verifying peer X.509 certificate... ok" \
8633 -c "Protocol is TLSv1.3" \
8634 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8635 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8636 -c "NamedGroup: secp256r1 ( 17 )" \
8637 -c "Verifying peer X.509 certificate... ok" \
8638 -C "received HelloRetryRequest message"
8639
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8640requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8641requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8642requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8643requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8644requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8645requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8646requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8647requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8648requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8649requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8650run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8651 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8652 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8653 0 \
8654 -s "Protocol is TLSv1.3" \
8655 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8656 -s "received signature algorithm: 0x603" \
8657 -s "got named group: secp256r1(0017)" \
8658 -s "Verifying peer X.509 certificate... ok" \
8659 -c "Protocol is TLSv1.3" \
8660 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8661 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8662 -c "NamedGroup: secp256r1 ( 17 )" \
8663 -c "Verifying peer X.509 certificate... ok" \
8664 -C "received HelloRetryRequest message"
8665
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8666requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8667requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8668requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8669requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8670requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8671requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8672requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8673requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8674requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8675requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8676requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8677requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8678run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8679 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8680 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8681 0 \
8682 -s "Protocol is TLSv1.3" \
8683 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8684 -s "received signature algorithm: 0x804" \
8685 -s "got named group: secp256r1(0017)" \
8686 -s "Verifying peer X.509 certificate... ok" \
8687 -c "Protocol is TLSv1.3" \
8688 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8689 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8690 -c "NamedGroup: secp256r1 ( 17 )" \
8691 -c "Verifying peer X.509 certificate... ok" \
8692 -C "received HelloRetryRequest message"
8693
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8694requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8695requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8696requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8697requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8698requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8699requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8700requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8701requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8702requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8703requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8704run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8705 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8706 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8707 0 \
8708 -s "Protocol is TLSv1.3" \
8709 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8710 -s "received signature algorithm: 0x403" \
8711 -s "got named group: secp384r1(0018)" \
8712 -s "Verifying peer X.509 certificate... ok" \
8713 -c "Protocol is TLSv1.3" \
8714 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8715 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8716 -c "NamedGroup: secp384r1 ( 18 )" \
8717 -c "Verifying peer X.509 certificate... ok" \
8718 -C "received HelloRetryRequest message"
8719
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8720requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8721requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8722requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8723requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8724requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8725requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8726requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8727requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8728requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8729requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8730run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8731 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8732 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8733 0 \
8734 -s "Protocol is TLSv1.3" \
8735 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8736 -s "received signature algorithm: 0x503" \
8737 -s "got named group: secp384r1(0018)" \
8738 -s "Verifying peer X.509 certificate... ok" \
8739 -c "Protocol is TLSv1.3" \
8740 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8741 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8742 -c "NamedGroup: secp384r1 ( 18 )" \
8743 -c "Verifying peer X.509 certificate... ok" \
8744 -C "received HelloRetryRequest message"
8745
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8746requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8747requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8748requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8749requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8750requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8751requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8752requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8753requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8754requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8756run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8757 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8758 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8759 0 \
8760 -s "Protocol is TLSv1.3" \
8761 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8762 -s "received signature algorithm: 0x603" \
8763 -s "got named group: secp384r1(0018)" \
8764 -s "Verifying peer X.509 certificate... ok" \
8765 -c "Protocol is TLSv1.3" \
8766 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8767 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8768 -c "NamedGroup: secp384r1 ( 18 )" \
8769 -c "Verifying peer X.509 certificate... ok" \
8770 -C "received HelloRetryRequest message"
8771
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8772requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8773requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8774requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8775requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8776requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8777requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8778requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8779requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8780requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8781requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8782requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8783requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8784run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8785 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8786 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8787 0 \
8788 -s "Protocol is TLSv1.3" \
8789 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8790 -s "received signature algorithm: 0x804" \
8791 -s "got named group: secp384r1(0018)" \
8792 -s "Verifying peer X.509 certificate... ok" \
8793 -c "Protocol is TLSv1.3" \
8794 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8795 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8796 -c "NamedGroup: secp384r1 ( 18 )" \
8797 -c "Verifying peer X.509 certificate... ok" \
8798 -C "received HelloRetryRequest message"
8799
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8800requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8801requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8802requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8803requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8804requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8805requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8806requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8807requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8808requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8809requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8810run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8811 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8812 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8813 0 \
8814 -s "Protocol is TLSv1.3" \
8815 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8816 -s "received signature algorithm: 0x403" \
8817 -s "got named group: secp521r1(0019)" \
8818 -s "Verifying peer X.509 certificate... ok" \
8819 -c "Protocol is TLSv1.3" \
8820 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8821 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8822 -c "NamedGroup: secp521r1 ( 19 )" \
8823 -c "Verifying peer X.509 certificate... ok" \
8824 -C "received HelloRetryRequest message"
8825
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8826requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8827requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8828requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8829requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8830requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8831requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8832requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8833requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8834requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8835requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8836run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8837 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8838 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8839 0 \
8840 -s "Protocol is TLSv1.3" \
8841 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8842 -s "received signature algorithm: 0x503" \
8843 -s "got named group: secp521r1(0019)" \
8844 -s "Verifying peer X.509 certificate... ok" \
8845 -c "Protocol is TLSv1.3" \
8846 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8847 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8848 -c "NamedGroup: secp521r1 ( 19 )" \
8849 -c "Verifying peer X.509 certificate... ok" \
8850 -C "received HelloRetryRequest message"
8851
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8852requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8853requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8854requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8855requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8856requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8857requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8858requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8859requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8860requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8861requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8862run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8863 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8864 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8865 0 \
8866 -s "Protocol is TLSv1.3" \
8867 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8868 -s "received signature algorithm: 0x603" \
8869 -s "got named group: secp521r1(0019)" \
8870 -s "Verifying peer X.509 certificate... ok" \
8871 -c "Protocol is TLSv1.3" \
8872 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8873 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8874 -c "NamedGroup: secp521r1 ( 19 )" \
8875 -c "Verifying peer X.509 certificate... ok" \
8876 -C "received HelloRetryRequest message"
8877
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8878requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8879requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8880requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8881requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8882requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8883requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8884requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8885requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8886requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8887requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8888requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8889requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8890run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8891 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8892 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8893 0 \
8894 -s "Protocol is TLSv1.3" \
8895 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8896 -s "received signature algorithm: 0x804" \
8897 -s "got named group: secp521r1(0019)" \
8898 -s "Verifying peer X.509 certificate... ok" \
8899 -c "Protocol is TLSv1.3" \
8900 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8901 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8902 -c "NamedGroup: secp521r1 ( 19 )" \
8903 -c "Verifying peer X.509 certificate... ok" \
8904 -C "received HelloRetryRequest message"
8905
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8906requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8907requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8908requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8909requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8910requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8911requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8912requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8913requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8914requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8915requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8916run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8917 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8918 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8919 0 \
8920 -s "Protocol is TLSv1.3" \
8921 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8922 -s "received signature algorithm: 0x403" \
8923 -s "got named group: x25519(001d)" \
8924 -s "Verifying peer X.509 certificate... ok" \
8925 -c "Protocol is TLSv1.3" \
8926 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8927 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8928 -c "NamedGroup: x25519 ( 1d )" \
8929 -c "Verifying peer X.509 certificate... ok" \
8930 -C "received HelloRetryRequest message"
8931
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8932requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8933requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8934requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8935requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8936requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8937requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8938requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8939requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8940requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8941requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8942run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8943 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8944 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8945 0 \
8946 -s "Protocol is TLSv1.3" \
8947 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8948 -s "received signature algorithm: 0x503" \
8949 -s "got named group: x25519(001d)" \
8950 -s "Verifying peer X.509 certificate... ok" \
8951 -c "Protocol is TLSv1.3" \
8952 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8953 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8954 -c "NamedGroup: x25519 ( 1d )" \
8955 -c "Verifying peer X.509 certificate... ok" \
8956 -C "received HelloRetryRequest message"
8957
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8958requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8959requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8960requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8961requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8962requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8963requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8964requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8965requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8966requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8967requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8968run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8969 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8970 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8971 0 \
8972 -s "Protocol is TLSv1.3" \
8973 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8974 -s "received signature algorithm: 0x603" \
8975 -s "got named group: x25519(001d)" \
8976 -s "Verifying peer X.509 certificate... ok" \
8977 -c "Protocol is TLSv1.3" \
8978 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8979 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8980 -c "NamedGroup: x25519 ( 1d )" \
8981 -c "Verifying peer X.509 certificate... ok" \
8982 -C "received HelloRetryRequest message"
8983
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8984requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8985requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8986requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8987requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8988requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8989requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8990requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]8991requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8992requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]8993requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8994requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8995requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8996run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]8997 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8998 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8999 0 \
9000 -s "Protocol is TLSv1.3" \
9001 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
9002 -s "received signature algorithm: 0x804" \
9003 -s "got named group: x25519(001d)" \
9004 -s "Verifying peer X.509 certificate... ok" \
9005 -c "Protocol is TLSv1.3" \
9006 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9007 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9008 -c "NamedGroup: x25519 ( 1d )" \
9009 -c "Verifying peer X.509 certificate... ok" \
9010 -C "received HelloRetryRequest message"
9011
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9012requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9013requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9014requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9015requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9016requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9017requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9018requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9019requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9020requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9021requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9022run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9023 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9024 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9025 0 \
9026 -s "Protocol is TLSv1.3" \
9027 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
9028 -s "received signature algorithm: 0x403" \
9029 -s "got named group: x448(001e)" \
9030 -s "Verifying peer X.509 certificate... ok" \
9031 -c "Protocol is TLSv1.3" \
9032 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9033 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9034 -c "NamedGroup: x448 ( 1e )" \
9035 -c "Verifying peer X.509 certificate... ok" \
9036 -C "received HelloRetryRequest message"
9037
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9038requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9039requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9040requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9041requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9042requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9043requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9044requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9045requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9046requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9047requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9048run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9049 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9050 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9051 0 \
9052 -s "Protocol is TLSv1.3" \
9053 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
9054 -s "received signature algorithm: 0x503" \
9055 -s "got named group: x448(001e)" \
9056 -s "Verifying peer X.509 certificate... ok" \
9057 -c "Protocol is TLSv1.3" \
9058 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9059 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9060 -c "NamedGroup: x448 ( 1e )" \
9061 -c "Verifying peer X.509 certificate... ok" \
9062 -C "received HelloRetryRequest message"
9063
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9064requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9065requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9066requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9067requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9068requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9069requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9070requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9071requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9072requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9073requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9074run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9075 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9076 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9077 0 \
9078 -s "Protocol is TLSv1.3" \
9079 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
9080 -s "received signature algorithm: 0x603" \
9081 -s "got named group: x448(001e)" \
9082 -s "Verifying peer X.509 certificate... ok" \
9083 -c "Protocol is TLSv1.3" \
9084 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9085 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9086 -c "NamedGroup: x448 ( 1e )" \
9087 -c "Verifying peer X.509 certificate... ok" \
9088 -C "received HelloRetryRequest message"
9089
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9090requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9091requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9092requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9093requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9094requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9095requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9096requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9097requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9098requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9099requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9101requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9102run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9103 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9104 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9105 0 \
9106 -s "Protocol is TLSv1.3" \
9107 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
9108 -s "received signature algorithm: 0x804" \
9109 -s "got named group: x448(001e)" \
9110 -s "Verifying peer X.509 certificate... ok" \
9111 -c "Protocol is TLSv1.3" \
9112 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
9113 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9114 -c "NamedGroup: x448 ( 1e )" \
9115 -c "Verifying peer X.509 certificate... ok" \
9116 -C "received HelloRetryRequest message"
9117
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9118requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9119requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9120requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9121requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9122requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9123requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9124requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9125requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9126requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9127requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9128run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9129 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9130 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9131 0 \
9132 -s "Protocol is TLSv1.3" \
9133 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9134 -s "received signature algorithm: 0x403" \
9135 -s "got named group: secp256r1(0017)" \
9136 -s "Verifying peer X.509 certificate... ok" \
9137 -c "Protocol is TLSv1.3" \
9138 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9139 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9140 -c "NamedGroup: secp256r1 ( 17 )" \
9141 -c "Verifying peer X.509 certificate... ok" \
9142 -C "received HelloRetryRequest message"
9143
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9144requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9145requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9146requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9147requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9148requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9149requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9150requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9151requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9152requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9153requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9154run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9155 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9156 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9157 0 \
9158 -s "Protocol is TLSv1.3" \
9159 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9160 -s "received signature algorithm: 0x503" \
9161 -s "got named group: secp256r1(0017)" \
9162 -s "Verifying peer X.509 certificate... ok" \
9163 -c "Protocol is TLSv1.3" \
9164 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9165 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9166 -c "NamedGroup: secp256r1 ( 17 )" \
9167 -c "Verifying peer X.509 certificate... ok" \
9168 -C "received HelloRetryRequest message"
9169
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9170requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9171requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9172requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9173requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9174requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9175requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9176requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9177requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9178requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9180run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9181 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9182 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9183 0 \
9184 -s "Protocol is TLSv1.3" \
9185 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9186 -s "received signature algorithm: 0x603" \
9187 -s "got named group: secp256r1(0017)" \
9188 -s "Verifying peer X.509 certificate... ok" \
9189 -c "Protocol is TLSv1.3" \
9190 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9191 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9192 -c "NamedGroup: secp256r1 ( 17 )" \
9193 -c "Verifying peer X.509 certificate... ok" \
9194 -C "received HelloRetryRequest message"
9195
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9196requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9197requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9198requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9199requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9200requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9201requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9202requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9203requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9204requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9205requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9206requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9207requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9208run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9209 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9210 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9211 0 \
9212 -s "Protocol is TLSv1.3" \
9213 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9214 -s "received signature algorithm: 0x804" \
9215 -s "got named group: secp256r1(0017)" \
9216 -s "Verifying peer X.509 certificate... ok" \
9217 -c "Protocol is TLSv1.3" \
9218 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9219 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9220 -c "NamedGroup: secp256r1 ( 17 )" \
9221 -c "Verifying peer X.509 certificate... ok" \
9222 -C "received HelloRetryRequest message"
9223
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9224requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9225requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9226requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9227requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9228requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9229requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9230requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9231requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9232requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9233requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9234run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9235 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9236 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9237 0 \
9238 -s "Protocol is TLSv1.3" \
9239 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9240 -s "received signature algorithm: 0x403" \
9241 -s "got named group: secp384r1(0018)" \
9242 -s "Verifying peer X.509 certificate... ok" \
9243 -c "Protocol is TLSv1.3" \
9244 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9245 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9246 -c "NamedGroup: secp384r1 ( 18 )" \
9247 -c "Verifying peer X.509 certificate... ok" \
9248 -C "received HelloRetryRequest message"
9249
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9250requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9251requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9252requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9253requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9254requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9255requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9256requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9257requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9258requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9259requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9260run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9261 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9262 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9263 0 \
9264 -s "Protocol is TLSv1.3" \
9265 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9266 -s "received signature algorithm: 0x503" \
9267 -s "got named group: secp384r1(0018)" \
9268 -s "Verifying peer X.509 certificate... ok" \
9269 -c "Protocol is TLSv1.3" \
9270 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9271 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9272 -c "NamedGroup: secp384r1 ( 18 )" \
9273 -c "Verifying peer X.509 certificate... ok" \
9274 -C "received HelloRetryRequest message"
9275
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9276requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9277requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9278requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9279requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9280requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9281requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9282requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9283requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9284requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9286run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9287 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9288 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9289 0 \
9290 -s "Protocol is TLSv1.3" \
9291 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9292 -s "received signature algorithm: 0x603" \
9293 -s "got named group: secp384r1(0018)" \
9294 -s "Verifying peer X.509 certificate... ok" \
9295 -c "Protocol is TLSv1.3" \
9296 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9297 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9298 -c "NamedGroup: secp384r1 ( 18 )" \
9299 -c "Verifying peer X.509 certificate... ok" \
9300 -C "received HelloRetryRequest message"
9301
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9302requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9303requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9304requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9305requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9306requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9307requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9308requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9309requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9310requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9311requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9312requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9313requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9314run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9315 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9316 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9317 0 \
9318 -s "Protocol is TLSv1.3" \
9319 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9320 -s "received signature algorithm: 0x804" \
9321 -s "got named group: secp384r1(0018)" \
9322 -s "Verifying peer X.509 certificate... ok" \
9323 -c "Protocol is TLSv1.3" \
9324 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9325 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9326 -c "NamedGroup: secp384r1 ( 18 )" \
9327 -c "Verifying peer X.509 certificate... ok" \
9328 -C "received HelloRetryRequest message"
9329
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9330requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9331requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9332requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9333requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9334requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9335requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9336requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9337requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9338requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9340run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9341 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9342 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9343 0 \
9344 -s "Protocol is TLSv1.3" \
9345 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9346 -s "received signature algorithm: 0x403" \
9347 -s "got named group: secp521r1(0019)" \
9348 -s "Verifying peer X.509 certificate... ok" \
9349 -c "Protocol is TLSv1.3" \
9350 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9351 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9352 -c "NamedGroup: secp521r1 ( 19 )" \
9353 -c "Verifying peer X.509 certificate... ok" \
9354 -C "received HelloRetryRequest message"
9355
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9356requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9357requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9358requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9359requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9360requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9361requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9362requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9363requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9364requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9365requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9366run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9367 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9368 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9369 0 \
9370 -s "Protocol is TLSv1.3" \
9371 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9372 -s "received signature algorithm: 0x503" \
9373 -s "got named group: secp521r1(0019)" \
9374 -s "Verifying peer X.509 certificate... ok" \
9375 -c "Protocol is TLSv1.3" \
9376 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9377 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9378 -c "NamedGroup: secp521r1 ( 19 )" \
9379 -c "Verifying peer X.509 certificate... ok" \
9380 -C "received HelloRetryRequest message"
9381
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9382requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9383requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9384requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9385requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9386requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9387requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9388requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9389requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9390requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9391requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9392run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9393 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9394 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9395 0 \
9396 -s "Protocol is TLSv1.3" \
9397 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9398 -s "received signature algorithm: 0x603" \
9399 -s "got named group: secp521r1(0019)" \
9400 -s "Verifying peer X.509 certificate... ok" \
9401 -c "Protocol is TLSv1.3" \
9402 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9403 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9404 -c "NamedGroup: secp521r1 ( 19 )" \
9405 -c "Verifying peer X.509 certificate... ok" \
9406 -C "received HelloRetryRequest message"
9407
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9408requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9409requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9410requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9411requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9412requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9413requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9414requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9415requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9416requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9417requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9418requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9419requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9420run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9421 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9422 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9423 0 \
9424 -s "Protocol is TLSv1.3" \
9425 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9426 -s "received signature algorithm: 0x804" \
9427 -s "got named group: secp521r1(0019)" \
9428 -s "Verifying peer X.509 certificate... ok" \
9429 -c "Protocol is TLSv1.3" \
9430 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9431 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9432 -c "NamedGroup: secp521r1 ( 19 )" \
9433 -c "Verifying peer X.509 certificate... ok" \
9434 -C "received HelloRetryRequest message"
9435
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9436requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9437requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9438requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9439requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9440requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9441requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9442requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9443requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9444requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9445requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9446run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9447 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9448 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9449 0 \
9450 -s "Protocol is TLSv1.3" \
9451 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9452 -s "received signature algorithm: 0x403" \
9453 -s "got named group: x25519(001d)" \
9454 -s "Verifying peer X.509 certificate... ok" \
9455 -c "Protocol is TLSv1.3" \
9456 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9457 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9458 -c "NamedGroup: x25519 ( 1d )" \
9459 -c "Verifying peer X.509 certificate... ok" \
9460 -C "received HelloRetryRequest message"
9461
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9462requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9463requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9464requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9465requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9466requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9467requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9468requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9469requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9470requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9471requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9472run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9473 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9474 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9475 0 \
9476 -s "Protocol is TLSv1.3" \
9477 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9478 -s "received signature algorithm: 0x503" \
9479 -s "got named group: x25519(001d)" \
9480 -s "Verifying peer X.509 certificate... ok" \
9481 -c "Protocol is TLSv1.3" \
9482 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9483 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9484 -c "NamedGroup: x25519 ( 1d )" \
9485 -c "Verifying peer X.509 certificate... ok" \
9486 -C "received HelloRetryRequest message"
9487
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9488requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9489requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9490requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9491requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9492requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9493requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9494requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9495requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9496requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9497requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9498run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9499 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9500 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9501 0 \
9502 -s "Protocol is TLSv1.3" \
9503 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9504 -s "received signature algorithm: 0x603" \
9505 -s "got named group: x25519(001d)" \
9506 -s "Verifying peer X.509 certificate... ok" \
9507 -c "Protocol is TLSv1.3" \
9508 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9509 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9510 -c "NamedGroup: x25519 ( 1d )" \
9511 -c "Verifying peer X.509 certificate... ok" \
9512 -C "received HelloRetryRequest message"
9513
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9514requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9515requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9516requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9517requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9518requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9519requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9520requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9521requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9522requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9523requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9524requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9525requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9526run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9527 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9528 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9529 0 \
9530 -s "Protocol is TLSv1.3" \
9531 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9532 -s "received signature algorithm: 0x804" \
9533 -s "got named group: x25519(001d)" \
9534 -s "Verifying peer X.509 certificate... ok" \
9535 -c "Protocol is TLSv1.3" \
9536 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9537 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9538 -c "NamedGroup: x25519 ( 1d )" \
9539 -c "Verifying peer X.509 certificate... ok" \
9540 -C "received HelloRetryRequest message"
9541
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9542requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9543requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9544requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9545requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9546requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9547requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9548requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9549requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9550requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9551requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9552run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9553 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9554 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9555 0 \
9556 -s "Protocol is TLSv1.3" \
9557 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9558 -s "received signature algorithm: 0x403" \
9559 -s "got named group: x448(001e)" \
9560 -s "Verifying peer X.509 certificate... ok" \
9561 -c "Protocol is TLSv1.3" \
9562 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9563 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9564 -c "NamedGroup: x448 ( 1e )" \
9565 -c "Verifying peer X.509 certificate... ok" \
9566 -C "received HelloRetryRequest message"
9567
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9568requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9569requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9570requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9571requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9572requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9573requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9574requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9575requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9576requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9577requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9578run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9579 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9580 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9581 0 \
9582 -s "Protocol is TLSv1.3" \
9583 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9584 -s "received signature algorithm: 0x503" \
9585 -s "got named group: x448(001e)" \
9586 -s "Verifying peer X.509 certificate... ok" \
9587 -c "Protocol is TLSv1.3" \
9588 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9589 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9590 -c "NamedGroup: x448 ( 1e )" \
9591 -c "Verifying peer X.509 certificate... ok" \
9592 -C "received HelloRetryRequest message"
9593
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9594requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9595requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9596requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9597requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9598requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9599requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9600requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9601requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9602requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9603requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9604run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9605 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9606 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9607 0 \
9608 -s "Protocol is TLSv1.3" \
9609 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9610 -s "received signature algorithm: 0x603" \
9611 -s "got named group: x448(001e)" \
9612 -s "Verifying peer X.509 certificate... ok" \
9613 -c "Protocol is TLSv1.3" \
9614 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9615 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9616 -c "NamedGroup: x448 ( 1e )" \
9617 -c "Verifying peer X.509 certificate... ok" \
9618 -C "received HelloRetryRequest message"
9619
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9620requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9621requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9622requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9623requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9624requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9625requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9626requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9627requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9628requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9629requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9630requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9631requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9632run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9633 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9634 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9635 0 \
9636 -s "Protocol is TLSv1.3" \
9637 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9638 -s "received signature algorithm: 0x804" \
9639 -s "got named group: x448(001e)" \
9640 -s "Verifying peer X.509 certificate... ok" \
9641 -c "Protocol is TLSv1.3" \
9642 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9643 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9644 -c "NamedGroup: x448 ( 1e )" \
9645 -c "Verifying peer X.509 certificate... ok" \
9646 -C "received HelloRetryRequest message"
9647
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9648requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9649requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9650requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9651requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9652requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9653requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9654requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9655requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9656requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9657requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9658run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9659 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9660 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9661 0 \
9662 -s "Protocol is TLSv1.3" \
9663 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9664 -s "received signature algorithm: 0x403" \
9665 -s "got named group: secp256r1(0017)" \
9666 -s "Verifying peer X.509 certificate... ok" \
9667 -c "Protocol is TLSv1.3" \
9668 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9669 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9670 -c "NamedGroup: secp256r1 ( 17 )" \
9671 -c "Verifying peer X.509 certificate... ok" \
9672 -C "received HelloRetryRequest message"
9673
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9674requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9675requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9676requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9677requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9678requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9679requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9680requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9681requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9682requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9683requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9684run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9685 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9686 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9687 0 \
9688 -s "Protocol is TLSv1.3" \
9689 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9690 -s "received signature algorithm: 0x503" \
9691 -s "got named group: secp256r1(0017)" \
9692 -s "Verifying peer X.509 certificate... ok" \
9693 -c "Protocol is TLSv1.3" \
9694 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9695 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9696 -c "NamedGroup: secp256r1 ( 17 )" \
9697 -c "Verifying peer X.509 certificate... ok" \
9698 -C "received HelloRetryRequest message"
9699
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9700requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9701requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9702requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9703requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9704requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9705requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9706requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9707requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9708requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9709requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9710run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9711 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9712 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9713 0 \
9714 -s "Protocol is TLSv1.3" \
9715 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9716 -s "received signature algorithm: 0x603" \
9717 -s "got named group: secp256r1(0017)" \
9718 -s "Verifying peer X.509 certificate... ok" \
9719 -c "Protocol is TLSv1.3" \
9720 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9721 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9722 -c "NamedGroup: secp256r1 ( 17 )" \
9723 -c "Verifying peer X.509 certificate... ok" \
9724 -C "received HelloRetryRequest message"
9725
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9726requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9727requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9728requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9729requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9730requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9731requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9732requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9733requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9734requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9735requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9736requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9737requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9738run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9739 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9740 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9741 0 \
9742 -s "Protocol is TLSv1.3" \
9743 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9744 -s "received signature algorithm: 0x804" \
9745 -s "got named group: secp256r1(0017)" \
9746 -s "Verifying peer X.509 certificate... ok" \
9747 -c "Protocol is TLSv1.3" \
9748 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9749 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9750 -c "NamedGroup: secp256r1 ( 17 )" \
9751 -c "Verifying peer X.509 certificate... ok" \
9752 -C "received HelloRetryRequest message"
9753
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9754requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9755requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9756requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9757requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9758requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9759requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9760requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9761requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9762requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9763requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9764run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9765 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9766 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9767 0 \
9768 -s "Protocol is TLSv1.3" \
9769 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9770 -s "received signature algorithm: 0x403" \
9771 -s "got named group: secp384r1(0018)" \
9772 -s "Verifying peer X.509 certificate... ok" \
9773 -c "Protocol is TLSv1.3" \
9774 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9775 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9776 -c "NamedGroup: secp384r1 ( 18 )" \
9777 -c "Verifying peer X.509 certificate... ok" \
9778 -C "received HelloRetryRequest message"
9779
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9780requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9781requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9782requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9783requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9784requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9785requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9786requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9787requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9788requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9789requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9790run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9791 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9792 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9793 0 \
9794 -s "Protocol is TLSv1.3" \
9795 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9796 -s "received signature algorithm: 0x503" \
9797 -s "got named group: secp384r1(0018)" \
9798 -s "Verifying peer X.509 certificate... ok" \
9799 -c "Protocol is TLSv1.3" \
9800 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9801 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9802 -c "NamedGroup: secp384r1 ( 18 )" \
9803 -c "Verifying peer X.509 certificate... ok" \
9804 -C "received HelloRetryRequest message"
9805
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9806requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9807requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9808requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9809requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9810requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9811requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9812requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9813requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9814requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9815requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9816run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9817 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9818 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9819 0 \
9820 -s "Protocol is TLSv1.3" \
9821 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9822 -s "received signature algorithm: 0x603" \
9823 -s "got named group: secp384r1(0018)" \
9824 -s "Verifying peer X.509 certificate... ok" \
9825 -c "Protocol is TLSv1.3" \
9826 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9827 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9828 -c "NamedGroup: secp384r1 ( 18 )" \
9829 -c "Verifying peer X.509 certificate... ok" \
9830 -C "received HelloRetryRequest message"
9831
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9832requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9833requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9834requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9835requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9836requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9837requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9838requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9839requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9840requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9841requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9842requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9843requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9844run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9845 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9846 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9847 0 \
9848 -s "Protocol is TLSv1.3" \
9849 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9850 -s "received signature algorithm: 0x804" \
9851 -s "got named group: secp384r1(0018)" \
9852 -s "Verifying peer X.509 certificate... ok" \
9853 -c "Protocol is TLSv1.3" \
9854 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9855 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9856 -c "NamedGroup: secp384r1 ( 18 )" \
9857 -c "Verifying peer X.509 certificate... ok" \
9858 -C "received HelloRetryRequest message"
9859
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9860requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9861requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9862requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9863requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9864requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9865requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9866requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9867requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9868requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9869requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9870run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9871 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9872 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9873 0 \
9874 -s "Protocol is TLSv1.3" \
9875 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9876 -s "received signature algorithm: 0x403" \
9877 -s "got named group: secp521r1(0019)" \
9878 -s "Verifying peer X.509 certificate... ok" \
9879 -c "Protocol is TLSv1.3" \
9880 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9881 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9882 -c "NamedGroup: secp521r1 ( 19 )" \
9883 -c "Verifying peer X.509 certificate... ok" \
9884 -C "received HelloRetryRequest message"
9885
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9886requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9887requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9888requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9889requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9890requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9891requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9892requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9893requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9894requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9895requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9896run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9897 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9898 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9899 0 \
9900 -s "Protocol is TLSv1.3" \
9901 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9902 -s "received signature algorithm: 0x503" \
9903 -s "got named group: secp521r1(0019)" \
9904 -s "Verifying peer X.509 certificate... ok" \
9905 -c "Protocol is TLSv1.3" \
9906 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9907 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9908 -c "NamedGroup: secp521r1 ( 19 )" \
9909 -c "Verifying peer X.509 certificate... ok" \
9910 -C "received HelloRetryRequest message"
9911
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9912requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9913requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9914requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9915requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9916requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9917requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9918requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9919requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9920requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9921requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9922run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9923 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9924 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9925 0 \
9926 -s "Protocol is TLSv1.3" \
9927 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9928 -s "received signature algorithm: 0x603" \
9929 -s "got named group: secp521r1(0019)" \
9930 -s "Verifying peer X.509 certificate... ok" \
9931 -c "Protocol is TLSv1.3" \
9932 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9933 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9934 -c "NamedGroup: secp521r1 ( 19 )" \
9935 -c "Verifying peer X.509 certificate... ok" \
9936 -C "received HelloRetryRequest message"
9937
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9938requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9939requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9940requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9941requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9942requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9943requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9944requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9945requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9946requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9947requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9948requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9949requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9950run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9951 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9952 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9953 0 \
9954 -s "Protocol is TLSv1.3" \
9955 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9956 -s "received signature algorithm: 0x804" \
9957 -s "got named group: secp521r1(0019)" \
9958 -s "Verifying peer X.509 certificate... ok" \
9959 -c "Protocol is TLSv1.3" \
9960 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9961 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9962 -c "NamedGroup: secp521r1 ( 19 )" \
9963 -c "Verifying peer X.509 certificate... ok" \
9964 -C "received HelloRetryRequest message"
9965
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9966requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9967requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9968requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9969requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9970requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9971requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9972requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9973requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9974requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9975requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9976run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]9977 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9978 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9979 0 \
9980 -s "Protocol is TLSv1.3" \
9981 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9982 -s "received signature algorithm: 0x403" \
9983 -s "got named group: x25519(001d)" \
9984 -s "Verifying peer X.509 certificate... ok" \
9985 -c "Protocol is TLSv1.3" \
9986 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9987 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9988 -c "NamedGroup: x25519 ( 1d )" \
9989 -c "Verifying peer X.509 certificate... ok" \
9990 -C "received HelloRetryRequest message"
9991
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9992requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9993requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9994requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]9995requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9996requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9997requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]9998requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9999requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10000requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10001requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10002run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10003 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10004 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10005 0 \
10006 -s "Protocol is TLSv1.3" \
10007 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
10008 -s "received signature algorithm: 0x503" \
10009 -s "got named group: x25519(001d)" \
10010 -s "Verifying peer X.509 certificate... ok" \
10011 -c "Protocol is TLSv1.3" \
10012 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10013 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10014 -c "NamedGroup: x25519 ( 1d )" \
10015 -c "Verifying peer X.509 certificate... ok" \
10016 -C "received HelloRetryRequest message"
10017
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10018requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10019requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10020requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10021requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10022requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10023requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10024requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10025requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10026requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10027requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10028run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10029 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10030 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10031 0 \
10032 -s "Protocol is TLSv1.3" \
10033 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
10034 -s "received signature algorithm: 0x603" \
10035 -s "got named group: x25519(001d)" \
10036 -s "Verifying peer X.509 certificate... ok" \
10037 -c "Protocol is TLSv1.3" \
10038 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10039 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10040 -c "NamedGroup: x25519 ( 1d )" \
10041 -c "Verifying peer X.509 certificate... ok" \
10042 -C "received HelloRetryRequest message"
10043
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10044requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10045requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10046requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10047requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10048requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10049requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10050requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10051requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10052requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10053requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10054requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10055requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10056run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10057 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10058 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10059 0 \
10060 -s "Protocol is TLSv1.3" \
10061 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
10062 -s "received signature algorithm: 0x804" \
10063 -s "got named group: x25519(001d)" \
10064 -s "Verifying peer X.509 certificate... ok" \
10065 -c "Protocol is TLSv1.3" \
10066 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10067 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10068 -c "NamedGroup: x25519 ( 1d )" \
10069 -c "Verifying peer X.509 certificate... ok" \
10070 -C "received HelloRetryRequest message"
10071
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10072requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10073requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10074requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10075requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10076requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10077requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10078requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10079requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10080requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10081requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10082run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10083 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10084 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10085 0 \
10086 -s "Protocol is TLSv1.3" \
10087 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
10088 -s "received signature algorithm: 0x403" \
10089 -s "got named group: x448(001e)" \
10090 -s "Verifying peer X.509 certificate... ok" \
10091 -c "Protocol is TLSv1.3" \
10092 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10093 -c "Certificate Verify: Signature algorithm ( 0403 )" \
10094 -c "NamedGroup: x448 ( 1e )" \
10095 -c "Verifying peer X.509 certificate... ok" \
10096 -C "received HelloRetryRequest message"
10097
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10098requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10099requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10100requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10101requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10102requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10103requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10104requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10105requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10106requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10107requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10108run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10109 "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10110 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10111 0 \
10112 -s "Protocol is TLSv1.3" \
10113 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
10114 -s "received signature algorithm: 0x503" \
10115 -s "got named group: x448(001e)" \
10116 -s "Verifying peer X.509 certificate... ok" \
10117 -c "Protocol is TLSv1.3" \
10118 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10119 -c "Certificate Verify: Signature algorithm ( 0503 )" \
10120 -c "NamedGroup: x448 ( 1e )" \
10121 -c "Verifying peer X.509 certificate... ok" \
10122 -C "received HelloRetryRequest message"
10123
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10124requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10125requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10126requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10127requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10128requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10129requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10130requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10131requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10132requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10133requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10134run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10135 "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10136 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10137 0 \
10138 -s "Protocol is TLSv1.3" \
10139 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
10140 -s "received signature algorithm: 0x603" \
10141 -s "got named group: x448(001e)" \
10142 -s "Verifying peer X.509 certificate... ok" \
10143 -c "Protocol is TLSv1.3" \
10144 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10145 -c "Certificate Verify: Signature algorithm ( 0603 )" \
10146 -c "NamedGroup: x448 ( 1e )" \
10147 -c "Verifying peer X.509 certificate... ok" \
10148 -C "received HelloRetryRequest message"
10149
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10150requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10151requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10152requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10153requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10154requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10155requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10156requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10157requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10158requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10159requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10160requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10161requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
10162run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10163 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10164 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10165 0 \
10166 -s "Protocol is TLSv1.3" \
10167 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
10168 -s "received signature algorithm: 0x804" \
10169 -s "got named group: x448(001e)" \
10170 -s "Verifying peer X.509 certificate... ok" \
10171 -c "Protocol is TLSv1.3" \
10172 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
10173 -c "Certificate Verify: Signature algorithm ( 0804 )" \
10174 -c "NamedGroup: x448 ( 1e )" \
10175 -c "Verifying peer X.509 certificate... ok" \
10176 -C "received HelloRetryRequest message"
10177
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10178requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10179requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10180requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10181requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10182requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10183requires_openssl_tls1_3
10184run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10185 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10186 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10187 0 \
10188 -s "Protocol is TLSv1.3" \
10189 -s "got named group: secp384r1(0018)" \
10190 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10191 -s "HRR selected_group: secp384r1"
10192
10193requires_config_enabled MBEDTLS_SSL_SRV_C
10194requires_config_enabled MBEDTLS_DEBUG_C
10195requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10196requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10197requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10198requires_openssl_tls1_3
10199run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10200 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10201 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10202 0 \
10203 -s "Protocol is TLSv1.3" \
10204 -s "got named group: secp521r1(0019)" \
10205 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10206 -s "HRR selected_group: secp521r1"
10207
10208requires_config_enabled MBEDTLS_SSL_SRV_C
10209requires_config_enabled MBEDTLS_DEBUG_C
10210requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10211requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10212requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10213requires_openssl_tls1_3
10214run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10215 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10216 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10217 0 \
10218 -s "Protocol is TLSv1.3" \
10219 -s "got named group: x25519(001d)" \
10220 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10221 -s "HRR selected_group: x25519"
10222
10223requires_config_enabled MBEDTLS_SSL_SRV_C
10224requires_config_enabled MBEDTLS_DEBUG_C
10225requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10226requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10227requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10228requires_openssl_tls1_3
10229run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10230 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10231 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10232 0 \
10233 -s "Protocol is TLSv1.3" \
10234 -s "got named group: x448(001e)" \
10235 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10236 -s "HRR selected_group: x448"
10237
10238requires_config_enabled MBEDTLS_SSL_SRV_C
10239requires_config_enabled MBEDTLS_DEBUG_C
10240requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10241requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10242requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10243requires_openssl_tls1_3
10244run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10245 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10246 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10247 0 \
10248 -s "Protocol is TLSv1.3" \
10249 -s "got named group: secp256r1(0017)" \
10250 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10251 -s "HRR selected_group: secp256r1"
10252
10253requires_config_enabled MBEDTLS_SSL_SRV_C
10254requires_config_enabled MBEDTLS_DEBUG_C
10255requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10256requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10258requires_openssl_tls1_3
10259run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10260 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10261 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10262 0 \
10263 -s "Protocol is TLSv1.3" \
10264 -s "got named group: secp521r1(0019)" \
10265 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10266 -s "HRR selected_group: secp521r1"
10267
10268requires_config_enabled MBEDTLS_SSL_SRV_C
10269requires_config_enabled MBEDTLS_DEBUG_C
10270requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10271requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10272requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10273requires_openssl_tls1_3
10274run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10275 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10276 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10277 0 \
10278 -s "Protocol is TLSv1.3" \
10279 -s "got named group: x25519(001d)" \
10280 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10281 -s "HRR selected_group: x25519"
10282
10283requires_config_enabled MBEDTLS_SSL_SRV_C
10284requires_config_enabled MBEDTLS_DEBUG_C
10285requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10286requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10287requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10288requires_openssl_tls1_3
10289run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10290 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10291 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10292 0 \
10293 -s "Protocol is TLSv1.3" \
10294 -s "got named group: x448(001e)" \
10295 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10296 -s "HRR selected_group: x448"
10297
10298requires_config_enabled MBEDTLS_SSL_SRV_C
10299requires_config_enabled MBEDTLS_DEBUG_C
10300requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10301requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10302requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10303requires_openssl_tls1_3
10304run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10305 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10306 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10307 0 \
10308 -s "Protocol is TLSv1.3" \
10309 -s "got named group: secp256r1(0017)" \
10310 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10311 -s "HRR selected_group: secp256r1"
10312
10313requires_config_enabled MBEDTLS_SSL_SRV_C
10314requires_config_enabled MBEDTLS_DEBUG_C
10315requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10316requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10317requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10318requires_openssl_tls1_3
10319run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10320 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10321 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10322 0 \
10323 -s "Protocol is TLSv1.3" \
10324 -s "got named group: secp384r1(0018)" \
10325 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10326 -s "HRR selected_group: secp384r1"
10327
10328requires_config_enabled MBEDTLS_SSL_SRV_C
10329requires_config_enabled MBEDTLS_DEBUG_C
10330requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10331requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10332requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10333requires_openssl_tls1_3
10334run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10335 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10336 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10337 0 \
10338 -s "Protocol is TLSv1.3" \
10339 -s "got named group: x25519(001d)" \
10340 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10341 -s "HRR selected_group: x25519"
10342
10343requires_config_enabled MBEDTLS_SSL_SRV_C
10344requires_config_enabled MBEDTLS_DEBUG_C
10345requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10346requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10347requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10348requires_openssl_tls1_3
10349run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10350 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10351 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10352 0 \
10353 -s "Protocol is TLSv1.3" \
10354 -s "got named group: x448(001e)" \
10355 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10356 -s "HRR selected_group: x448"
10357
10358requires_config_enabled MBEDTLS_SSL_SRV_C
10359requires_config_enabled MBEDTLS_DEBUG_C
10360requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10361requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10362requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10363requires_openssl_tls1_3
10364run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10365 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10366 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10367 0 \
10368 -s "Protocol is TLSv1.3" \
10369 -s "got named group: secp256r1(0017)" \
10370 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10371 -s "HRR selected_group: secp256r1"
10372
10373requires_config_enabled MBEDTLS_SSL_SRV_C
10374requires_config_enabled MBEDTLS_DEBUG_C
10375requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10376requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10377requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10378requires_openssl_tls1_3
10379run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10380 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10381 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10382 0 \
10383 -s "Protocol is TLSv1.3" \
10384 -s "got named group: secp384r1(0018)" \
10385 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10386 -s "HRR selected_group: secp384r1"
10387
10388requires_config_enabled MBEDTLS_SSL_SRV_C
10389requires_config_enabled MBEDTLS_DEBUG_C
10390requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10391requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10392requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10393requires_openssl_tls1_3
10394run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10395 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10396 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10397 0 \
10398 -s "Protocol is TLSv1.3" \
10399 -s "got named group: secp521r1(0019)" \
10400 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10401 -s "HRR selected_group: secp521r1"
10402
10403requires_config_enabled MBEDTLS_SSL_SRV_C
10404requires_config_enabled MBEDTLS_DEBUG_C
10405requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10406requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10407requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10408requires_openssl_tls1_3
10409run_test "TLS 1.3 O->m: HRR x25519 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10410 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10411 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:X448 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10412 0 \
10413 -s "Protocol is TLSv1.3" \
10414 -s "got named group: x448(001e)" \
10415 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10416 -s "HRR selected_group: x448"
10417
10418requires_config_enabled MBEDTLS_SSL_SRV_C
10419requires_config_enabled MBEDTLS_DEBUG_C
10420requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10421requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10422requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10423requires_openssl_tls1_3
10424run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10425 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10426 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-256 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10427 0 \
10428 -s "Protocol is TLSv1.3" \
10429 -s "got named group: secp256r1(0017)" \
10430 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10431 -s "HRR selected_group: secp256r1"
10432
10433requires_config_enabled MBEDTLS_SSL_SRV_C
10434requires_config_enabled MBEDTLS_DEBUG_C
10435requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10436requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10437requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10438requires_openssl_tls1_3
10439run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10440 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10441 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-384 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10442 0 \
10443 -s "Protocol is TLSv1.3" \
10444 -s "got named group: secp384r1(0018)" \
10445 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10446 -s "HRR selected_group: secp384r1"
10447
10448requires_config_enabled MBEDTLS_SSL_SRV_C
10449requires_config_enabled MBEDTLS_DEBUG_C
10450requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10451requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10452requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10453requires_openssl_tls1_3
10454run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10455 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10456 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-521 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10457 0 \
10458 -s "Protocol is TLSv1.3" \
10459 -s "got named group: secp521r1(0019)" \
10460 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10461 -s "HRR selected_group: secp521r1"
10462
10463requires_config_enabled MBEDTLS_SSL_SRV_C
10464requires_config_enabled MBEDTLS_DEBUG_C
10465requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10466requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10467requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10468requires_openssl_tls1_3
10469run_test "TLS 1.3 O->m: HRR x448 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10470 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10471 "$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:X25519 -msg -tls1_3" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10472 0 \
10473 -s "Protocol is TLSv1.3" \
10474 -s "got named group: x25519(001d)" \
10475 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10476 -s "HRR selected_group: x25519"
10477
10478requires_config_enabled MBEDTLS_SSL_SRV_C
10479requires_config_enabled MBEDTLS_DEBUG_C
10480requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10481requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10482requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10483requires_gnutls_tls1_3
10484requires_gnutls_next_no_ticket
10485requires_gnutls_next_disable_tls13_compat
10486run_test "TLS 1.3 G->m: HRR secp256r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10487 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10488 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10489 0 \
10490 -s "Protocol is TLSv1.3" \
10491 -s "got named group: secp384r1(0018)" \
10492 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10493 -s "HRR selected_group: secp384r1"
10494
10495requires_config_enabled MBEDTLS_SSL_SRV_C
10496requires_config_enabled MBEDTLS_DEBUG_C
10497requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10498requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10499requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10500requires_gnutls_tls1_3
10501requires_gnutls_next_no_ticket
10502requires_gnutls_next_disable_tls13_compat
10503run_test "TLS 1.3 G->m: HRR secp256r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10504 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10505 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10506 0 \
10507 -s "Protocol is TLSv1.3" \
10508 -s "got named group: secp521r1(0019)" \
10509 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10510 -s "HRR selected_group: secp521r1"
10511
10512requires_config_enabled MBEDTLS_SSL_SRV_C
10513requires_config_enabled MBEDTLS_DEBUG_C
10514requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10515requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10516requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10517requires_gnutls_tls1_3
10518requires_gnutls_next_no_ticket
10519requires_gnutls_next_disable_tls13_compat
10520run_test "TLS 1.3 G->m: HRR secp256r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10521 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10522 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10523 0 \
10524 -s "Protocol is TLSv1.3" \
10525 -s "got named group: x25519(001d)" \
10526 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10527 -s "HRR selected_group: x25519"
10528
10529requires_config_enabled MBEDTLS_SSL_SRV_C
10530requires_config_enabled MBEDTLS_DEBUG_C
10531requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10532requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10533requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10534requires_gnutls_tls1_3
10535requires_gnutls_next_no_ticket
10536requires_gnutls_next_disable_tls13_compat
10537run_test "TLS 1.3 G->m: HRR secp256r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10538 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10539 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10540 0 \
10541 -s "Protocol is TLSv1.3" \
10542 -s "got named group: x448(001e)" \
10543 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10544 -s "HRR selected_group: x448"
10545
10546requires_config_enabled MBEDTLS_SSL_SRV_C
10547requires_config_enabled MBEDTLS_DEBUG_C
10548requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10549requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10550requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10551requires_gnutls_tls1_3
10552requires_gnutls_next_no_ticket
10553requires_gnutls_next_disable_tls13_compat
10554run_test "TLS 1.3 G->m: HRR secp384r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10555 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10556 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10557 0 \
10558 -s "Protocol is TLSv1.3" \
10559 -s "got named group: secp256r1(0017)" \
10560 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10561 -s "HRR selected_group: secp256r1"
10562
10563requires_config_enabled MBEDTLS_SSL_SRV_C
10564requires_config_enabled MBEDTLS_DEBUG_C
10565requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10566requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10567requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10568requires_gnutls_tls1_3
10569requires_gnutls_next_no_ticket
10570requires_gnutls_next_disable_tls13_compat
10571run_test "TLS 1.3 G->m: HRR secp384r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10572 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10573 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10574 0 \
10575 -s "Protocol is TLSv1.3" \
10576 -s "got named group: secp521r1(0019)" \
10577 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10578 -s "HRR selected_group: secp521r1"
10579
10580requires_config_enabled MBEDTLS_SSL_SRV_C
10581requires_config_enabled MBEDTLS_DEBUG_C
10582requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10583requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10584requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10585requires_gnutls_tls1_3
10586requires_gnutls_next_no_ticket
10587requires_gnutls_next_disable_tls13_compat
10588run_test "TLS 1.3 G->m: HRR secp384r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10589 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10590 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10591 0 \
10592 -s "Protocol is TLSv1.3" \
10593 -s "got named group: x25519(001d)" \
10594 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10595 -s "HRR selected_group: x25519"
10596
10597requires_config_enabled MBEDTLS_SSL_SRV_C
10598requires_config_enabled MBEDTLS_DEBUG_C
10599requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10600requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10601requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10602requires_gnutls_tls1_3
10603requires_gnutls_next_no_ticket
10604requires_gnutls_next_disable_tls13_compat
10605run_test "TLS 1.3 G->m: HRR secp384r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10606 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10607 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10608 0 \
10609 -s "Protocol is TLSv1.3" \
10610 -s "got named group: x448(001e)" \
10611 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10612 -s "HRR selected_group: x448"
10613
10614requires_config_enabled MBEDTLS_SSL_SRV_C
10615requires_config_enabled MBEDTLS_DEBUG_C
10616requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10617requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10618requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10619requires_gnutls_tls1_3
10620requires_gnutls_next_no_ticket
10621requires_gnutls_next_disable_tls13_compat
10622run_test "TLS 1.3 G->m: HRR secp521r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10623 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10624 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10625 0 \
10626 -s "Protocol is TLSv1.3" \
10627 -s "got named group: secp256r1(0017)" \
10628 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10629 -s "HRR selected_group: secp256r1"
10630
10631requires_config_enabled MBEDTLS_SSL_SRV_C
10632requires_config_enabled MBEDTLS_DEBUG_C
10633requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10634requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10635requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10636requires_gnutls_tls1_3
10637requires_gnutls_next_no_ticket
10638requires_gnutls_next_disable_tls13_compat
10639run_test "TLS 1.3 G->m: HRR secp521r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10640 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10641 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10642 0 \
10643 -s "Protocol is TLSv1.3" \
10644 -s "got named group: secp384r1(0018)" \
10645 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10646 -s "HRR selected_group: secp384r1"
10647
10648requires_config_enabled MBEDTLS_SSL_SRV_C
10649requires_config_enabled MBEDTLS_DEBUG_C
10650requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10651requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10652requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10653requires_gnutls_tls1_3
10654requires_gnutls_next_no_ticket
10655requires_gnutls_next_disable_tls13_compat
10656run_test "TLS 1.3 G->m: HRR secp521r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10657 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10658 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10659 0 \
10660 -s "Protocol is TLSv1.3" \
10661 -s "got named group: x25519(001d)" \
10662 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10663 -s "HRR selected_group: x25519"
10664
10665requires_config_enabled MBEDTLS_SSL_SRV_C
10666requires_config_enabled MBEDTLS_DEBUG_C
10667requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10668requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10670requires_gnutls_tls1_3
10671requires_gnutls_next_no_ticket
10672requires_gnutls_next_disable_tls13_compat
10673run_test "TLS 1.3 G->m: HRR secp521r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10674 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10675 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10676 0 \
10677 -s "Protocol is TLSv1.3" \
10678 -s "got named group: x448(001e)" \
10679 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10680 -s "HRR selected_group: x448"
10681
10682requires_config_enabled MBEDTLS_SSL_SRV_C
10683requires_config_enabled MBEDTLS_DEBUG_C
10684requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10685requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10686requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10687requires_gnutls_tls1_3
10688requires_gnutls_next_no_ticket
10689requires_gnutls_next_disable_tls13_compat
10690run_test "TLS 1.3 G->m: HRR x25519 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10691 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10692 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10693 0 \
10694 -s "Protocol is TLSv1.3" \
10695 -s "got named group: secp256r1(0017)" \
10696 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10697 -s "HRR selected_group: secp256r1"
10698
10699requires_config_enabled MBEDTLS_SSL_SRV_C
10700requires_config_enabled MBEDTLS_DEBUG_C
10701requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10702requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10703requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10704requires_gnutls_tls1_3
10705requires_gnutls_next_no_ticket
10706requires_gnutls_next_disable_tls13_compat
10707run_test "TLS 1.3 G->m: HRR x25519 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10708 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10709 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10710 0 \
10711 -s "Protocol is TLSv1.3" \
10712 -s "got named group: secp384r1(0018)" \
10713 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10714 -s "HRR selected_group: secp384r1"
10715
10716requires_config_enabled MBEDTLS_SSL_SRV_C
10717requires_config_enabled MBEDTLS_DEBUG_C
10718requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10719requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10720requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10721requires_gnutls_tls1_3
10722requires_gnutls_next_no_ticket
10723requires_gnutls_next_disable_tls13_compat
10724run_test "TLS 1.3 G->m: HRR x25519 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10725 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10726 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10727 0 \
10728 -s "Protocol is TLSv1.3" \
10729 -s "got named group: secp521r1(0019)" \
10730 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10731 -s "HRR selected_group: secp521r1"
10732
10733requires_config_enabled MBEDTLS_SSL_SRV_C
10734requires_config_enabled MBEDTLS_DEBUG_C
10735requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10736requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10737requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10738requires_gnutls_tls1_3
10739requires_gnutls_next_no_ticket
10740requires_gnutls_next_disable_tls13_compat
10741run_test "TLS 1.3 G->m: HRR x25519 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10742 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10743 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10744 0 \
10745 -s "Protocol is TLSv1.3" \
10746 -s "got named group: x448(001e)" \
10747 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10748 -s "HRR selected_group: x448"
10749
10750requires_config_enabled MBEDTLS_SSL_SRV_C
10751requires_config_enabled MBEDTLS_DEBUG_C
10752requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10753requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10754requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10755requires_gnutls_tls1_3
10756requires_gnutls_next_no_ticket
10757requires_gnutls_next_disable_tls13_compat
10758run_test "TLS 1.3 G->m: HRR x448 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10759 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10760 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10761 0 \
10762 -s "Protocol is TLSv1.3" \
10763 -s "got named group: secp256r1(0017)" \
10764 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10765 -s "HRR selected_group: secp256r1"
10766
10767requires_config_enabled MBEDTLS_SSL_SRV_C
10768requires_config_enabled MBEDTLS_DEBUG_C
10769requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10770requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10771requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10772requires_gnutls_tls1_3
10773requires_gnutls_next_no_ticket
10774requires_gnutls_next_disable_tls13_compat
10775run_test "TLS 1.3 G->m: HRR x448 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10776 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10777 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10778 0 \
10779 -s "Protocol is TLSv1.3" \
10780 -s "got named group: secp384r1(0018)" \
10781 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10782 -s "HRR selected_group: secp384r1"
10783
10784requires_config_enabled MBEDTLS_SSL_SRV_C
10785requires_config_enabled MBEDTLS_DEBUG_C
10786requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10787requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10788requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10789requires_gnutls_tls1_3
10790requires_gnutls_next_no_ticket
10791requires_gnutls_next_disable_tls13_compat
10792run_test "TLS 1.3 G->m: HRR x448 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10793 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10794 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10795 0 \
10796 -s "Protocol is TLSv1.3" \
10797 -s "got named group: secp521r1(0019)" \
10798 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10799 -s "HRR selected_group: secp521r1"
10800
10801requires_config_enabled MBEDTLS_SSL_SRV_C
10802requires_config_enabled MBEDTLS_DEBUG_C
10803requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10804requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10805requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10806requires_gnutls_tls1_3
10807requires_gnutls_next_no_ticket
10808requires_gnutls_next_disable_tls13_compat
10809run_test "TLS 1.3 G->m: HRR x448 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10810 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10811 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10812 0 \
10813 -s "Protocol is TLSv1.3" \
10814 -s "got named group: x25519(001d)" \
10815 -s "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10816 -s "HRR selected_group: x25519"
10817
10818requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10819requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10820requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10821requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10822requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10823requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]10824run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10825 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10826 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1 force_version=tls13" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]10827 0 \
10828 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10829 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]10830 -c "NamedGroup: secp256r1 ( 17 )" \
10831 -c "NamedGroup: secp384r1 ( 18 )" \
10832 -c "Verifying peer X.509 certificate... ok" \
10833 -c "received HelloRetryRequest message" \
10834 -c "selected_group ( 24 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10835
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10836requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10837requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10838requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10839requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10840requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10841requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]10842run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10843 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10844 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1 force_version=tls13" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10845 0 \
10846 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10847 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]10848 -c "NamedGroup: secp256r1 ( 17 )" \
10849 -c "NamedGroup: secp521r1 ( 19 )" \
10850 -c "Verifying peer X.509 certificate... ok" \
10851 -c "received HelloRetryRequest message" \
10852 -c "selected_group ( 25 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10853
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10854requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10855requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10856requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10857requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10858requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]10860run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10861 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10862 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519 force_version=tls13" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10863 0 \
10864 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10865 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]10866 -c "NamedGroup: secp256r1 ( 17 )" \
10867 -c "NamedGroup: x25519 ( 1d )" \
10868 -c "Verifying peer X.509 certificate... ok" \
10869 -c "received HelloRetryRequest message" \
10870 -c "selected_group ( 29 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10871
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10872requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10873requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10874requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10875requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10876requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10877requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]10878run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10879 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10880 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448 force_version=tls13" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10881 0 \
10882 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10883 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]10884 -c "NamedGroup: secp256r1 ( 17 )" \
10885 -c "NamedGroup: x448 ( 1e )" \
10886 -c "Verifying peer X.509 certificate... ok" \
10887 -c "received HelloRetryRequest message" \
10888 -c "selected_group ( 30 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10889
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10890requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10891requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10892requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10893requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10894requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10895requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10896run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10897 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10898 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10899 0 \
10900 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10901 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10902 -c "NamedGroup: secp384r1 ( 18 )" \
10903 -c "NamedGroup: secp256r1 ( 17 )" \
10904 -c "Verifying peer X.509 certificate... ok" \
10905 -c "received HelloRetryRequest message" \
10906 -c "selected_group ( 23 )"
10907
10908requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10909requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10910requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10911requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10912requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10913requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10914run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10915 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10916 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10917 0 \
10918 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10919 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10920 -c "NamedGroup: secp384r1 ( 18 )" \
10921 -c "NamedGroup: secp521r1 ( 19 )" \
10922 -c "Verifying peer X.509 certificate... ok" \
10923 -c "received HelloRetryRequest message" \
10924 -c "selected_group ( 25 )"
10925
10926requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10927requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10928requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10929requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10930requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10931requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10932run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10933 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10934 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10935 0 \
10936 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10937 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10938 -c "NamedGroup: secp384r1 ( 18 )" \
10939 -c "NamedGroup: x25519 ( 1d )" \
10940 -c "Verifying peer X.509 certificate... ok" \
10941 -c "received HelloRetryRequest message" \
10942 -c "selected_group ( 29 )"
10943
10944requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10945requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10946requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10947requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10948requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10949requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10950run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10951 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10952 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10953 0 \
10954 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10955 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10956 -c "NamedGroup: secp384r1 ( 18 )" \
10957 -c "NamedGroup: x448 ( 1e )" \
10958 -c "Verifying peer X.509 certificate... ok" \
10959 -c "received HelloRetryRequest message" \
10960 -c "selected_group ( 30 )"
10961
10962requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10963requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10964requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10965requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10966requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10967requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10968run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10969 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10970 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10971 0 \
10972 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10973 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10974 -c "NamedGroup: secp521r1 ( 19 )" \
10975 -c "NamedGroup: secp256r1 ( 17 )" \
10976 -c "Verifying peer X.509 certificate... ok" \
10977 -c "received HelloRetryRequest message" \
10978 -c "selected_group ( 23 )"
10979
10980requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10981requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]10982requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10983requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]10984requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10985requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10986run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]10987 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
10988 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10989 0 \
10990 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10991 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10992 -c "NamedGroup: secp521r1 ( 19 )" \
10993 -c "NamedGroup: secp384r1 ( 18 )" \
10994 -c "Verifying peer X.509 certificate... ok" \
10995 -c "received HelloRetryRequest message" \
10996 -c "selected_group ( 24 )"
10997
10998requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10999requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11000requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11001requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11002requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11003requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11004run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11005 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
11006 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11007 0 \
11008 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11009 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11010 -c "NamedGroup: secp521r1 ( 19 )" \
11011 -c "NamedGroup: x25519 ( 1d )" \
11012 -c "Verifying peer X.509 certificate... ok" \
11013 -c "received HelloRetryRequest message" \
11014 -c "selected_group ( 29 )"
11015
11016requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11017requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11018requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11019requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11020requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11021requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11022run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11023 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
11024 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11025 0 \
11026 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11027 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11028 -c "NamedGroup: secp521r1 ( 19 )" \
11029 -c "NamedGroup: x448 ( 1e )" \
11030 -c "Verifying peer X.509 certificate... ok" \
11031 -c "received HelloRetryRequest message" \
11032 -c "selected_group ( 30 )"
11033
11034requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11035requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11036requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11037requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11038requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11039requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11040run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11041 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
11042 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11043 0 \
11044 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11045 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11046 -c "NamedGroup: x25519 ( 1d )" \
11047 -c "NamedGroup: secp256r1 ( 17 )" \
11048 -c "Verifying peer X.509 certificate... ok" \
11049 -c "received HelloRetryRequest message" \
11050 -c "selected_group ( 23 )"
11051
11052requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11053requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11054requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11055requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11056requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11057requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11058run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11059 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
11060 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11061 0 \
11062 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11063 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11064 -c "NamedGroup: x25519 ( 1d )" \
11065 -c "NamedGroup: secp384r1 ( 18 )" \
11066 -c "Verifying peer X.509 certificate... ok" \
11067 -c "received HelloRetryRequest message" \
11068 -c "selected_group ( 24 )"
11069
11070requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11071requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11072requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11073requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11074requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11075requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11076run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11077 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
11078 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11079 0 \
11080 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11081 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11082 -c "NamedGroup: x25519 ( 1d )" \
11083 -c "NamedGroup: secp521r1 ( 19 )" \
11084 -c "Verifying peer X.509 certificate... ok" \
11085 -c "received HelloRetryRequest message" \
11086 -c "selected_group ( 25 )"
11087
11088requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11089requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11090requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11091requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11092requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11093requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11094run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11095 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
11096 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11097 0 \
11098 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11099 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11100 -c "NamedGroup: x25519 ( 1d )" \
11101 -c "NamedGroup: x448 ( 1e )" \
11102 -c "Verifying peer X.509 certificate... ok" \
11103 -c "received HelloRetryRequest message" \
11104 -c "selected_group ( 30 )"
11105
11106requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11107requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11108requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11109requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11110requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11111requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11112run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11113 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
11114 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11115 0 \
11116 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11117 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11118 -c "NamedGroup: x448 ( 1e )" \
11119 -c "NamedGroup: secp256r1 ( 17 )" \
11120 -c "Verifying peer X.509 certificate... ok" \
11121 -c "received HelloRetryRequest message" \
11122 -c "selected_group ( 23 )"
11123
11124requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11125requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11126requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11127requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11128requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11129requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11130run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11131 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
11132 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11133 0 \
11134 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11135 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11136 -c "NamedGroup: x448 ( 1e )" \
11137 -c "NamedGroup: secp384r1 ( 18 )" \
11138 -c "Verifying peer X.509 certificate... ok" \
11139 -c "received HelloRetryRequest message" \
11140 -c "selected_group ( 24 )"
11141
11142requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11143requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11144requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11145requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11146requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11147requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11148run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11149 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
11150 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11151 0 \
11152 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11153 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11154 -c "NamedGroup: x448 ( 1e )" \
11155 -c "NamedGroup: secp521r1 ( 19 )" \
11156 -c "Verifying peer X.509 certificate... ok" \
11157 -c "received HelloRetryRequest message" \
11158 -c "selected_group ( 25 )"
11159
11160requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11161requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11162requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11163requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11164requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11165requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11166run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11167 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
11168 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11169 0 \
11170 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11171 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11172 -c "NamedGroup: x448 ( 1e )" \
11173 -c "NamedGroup: x25519 ( 1d )" \
11174 -c "Verifying peer X.509 certificate... ok" \
11175 -c "received HelloRetryRequest message" \
11176 -c "selected_group ( 29 )"
11177
11178requires_gnutls_tls1_3
11179requires_gnutls_next_no_ticket
11180requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11181requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11182requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11183requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11184requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11185requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11186run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11187 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11188 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11189 0 \
11190 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11191 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11192 -c "NamedGroup: secp256r1 ( 17 )" \
11193 -c "NamedGroup: secp384r1 ( 18 )" \
11194 -c "Verifying peer X.509 certificate... ok" \
11195 -c "received HelloRetryRequest message" \
11196 -c "selected_group ( 24 )"
11197
11198requires_gnutls_tls1_3
11199requires_gnutls_next_no_ticket
11200requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11201requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11202requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11203requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11204requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11205requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11206run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11207 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11208 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11209 0 \
11210 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11211 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11212 -c "NamedGroup: secp256r1 ( 17 )" \
11213 -c "NamedGroup: secp521r1 ( 19 )" \
11214 -c "Verifying peer X.509 certificate... ok" \
11215 -c "received HelloRetryRequest message" \
11216 -c "selected_group ( 25 )"
11217
11218requires_gnutls_tls1_3
11219requires_gnutls_next_no_ticket
11220requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11221requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11222requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11223requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11224requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11225requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11226run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11227 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11228 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11229 0 \
11230 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11231 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11232 -c "NamedGroup: secp256r1 ( 17 )" \
11233 -c "NamedGroup: x25519 ( 1d )" \
11234 -c "Verifying peer X.509 certificate... ok" \
11235 -c "received HelloRetryRequest message" \
11236 -c "selected_group ( 29 )"
11237
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]11238requires_gnutls_tls1_3
11239requires_gnutls_next_no_ticket
11240requires_gnutls_next_disable_tls13_compat
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]11241requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11242requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]11243requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11244requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]11245requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]11246run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11247 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11248 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448 force_version=tls13" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]11249 0 \
11250 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11251 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]11252 -c "NamedGroup: secp256r1 ( 17 )" \
11253 -c "NamedGroup: x448 ( 1e )" \
11254 -c "Verifying peer X.509 certificate... ok" \
11255 -c "received HelloRetryRequest message" \
11256 -c "selected_group ( 30 )"
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11257
11258requires_gnutls_tls1_3
11259requires_gnutls_next_no_ticket
11260requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11261requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11262requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11263requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11264requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11265requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11266run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11267 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11268 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11269 0 \
11270 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11271 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11272 -c "NamedGroup: secp384r1 ( 18 )" \
11273 -c "NamedGroup: secp256r1 ( 17 )" \
11274 -c "Verifying peer X.509 certificate... ok" \
11275 -c "received HelloRetryRequest message" \
11276 -c "selected_group ( 23 )"
11277
11278requires_gnutls_tls1_3
11279requires_gnutls_next_no_ticket
11280requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11281requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11282requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11283requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11284requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11286run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11287 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11288 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11289 0 \
11290 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11291 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11292 -c "NamedGroup: secp384r1 ( 18 )" \
11293 -c "NamedGroup: secp521r1 ( 19 )" \
11294 -c "Verifying peer X.509 certificate... ok" \
11295 -c "received HelloRetryRequest message" \
11296 -c "selected_group ( 25 )"
11297
11298requires_gnutls_tls1_3
11299requires_gnutls_next_no_ticket
11300requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11301requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11302requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11303requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11304requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11305requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11306run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11307 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11308 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11309 0 \
11310 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11311 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11312 -c "NamedGroup: secp384r1 ( 18 )" \
11313 -c "NamedGroup: x25519 ( 1d )" \
11314 -c "Verifying peer X.509 certificate... ok" \
11315 -c "received HelloRetryRequest message" \
11316 -c "selected_group ( 29 )"
11317
11318requires_gnutls_tls1_3
11319requires_gnutls_next_no_ticket
11320requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11321requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11322requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11323requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11324requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11326run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11327 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11328 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11329 0 \
11330 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11331 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11332 -c "NamedGroup: secp384r1 ( 18 )" \
11333 -c "NamedGroup: x448 ( 1e )" \
11334 -c "Verifying peer X.509 certificate... ok" \
11335 -c "received HelloRetryRequest message" \
11336 -c "selected_group ( 30 )"
11337
11338requires_gnutls_tls1_3
11339requires_gnutls_next_no_ticket
11340requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11341requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11342requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11343requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11344requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11345requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11346run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11347 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11348 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11349 0 \
11350 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11351 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11352 -c "NamedGroup: secp521r1 ( 19 )" \
11353 -c "NamedGroup: secp256r1 ( 17 )" \
11354 -c "Verifying peer X.509 certificate... ok" \
11355 -c "received HelloRetryRequest message" \
11356 -c "selected_group ( 23 )"
11357
11358requires_gnutls_tls1_3
11359requires_gnutls_next_no_ticket
11360requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11361requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11362requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11363requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11364requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11365requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11366run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11367 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11368 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11369 0 \
11370 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11371 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11372 -c "NamedGroup: secp521r1 ( 19 )" \
11373 -c "NamedGroup: secp384r1 ( 18 )" \
11374 -c "Verifying peer X.509 certificate... ok" \
11375 -c "received HelloRetryRequest message" \
11376 -c "selected_group ( 24 )"
11377
11378requires_gnutls_tls1_3
11379requires_gnutls_next_no_ticket
11380requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11381requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11382requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11383requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11384requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11385requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11386run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11387 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11388 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11389 0 \
11390 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11391 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11392 -c "NamedGroup: secp521r1 ( 19 )" \
11393 -c "NamedGroup: x25519 ( 1d )" \
11394 -c "Verifying peer X.509 certificate... ok" \
11395 -c "received HelloRetryRequest message" \
11396 -c "selected_group ( 29 )"
11397
11398requires_gnutls_tls1_3
11399requires_gnutls_next_no_ticket
11400requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11401requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11402requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11403requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11404requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11405requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11406run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11407 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11408 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11409 0 \
11410 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11411 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11412 -c "NamedGroup: secp521r1 ( 19 )" \
11413 -c "NamedGroup: x448 ( 1e )" \
11414 -c "Verifying peer X.509 certificate... ok" \
11415 -c "received HelloRetryRequest message" \
11416 -c "selected_group ( 30 )"
11417
11418requires_gnutls_tls1_3
11419requires_gnutls_next_no_ticket
11420requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11421requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11422requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11423requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11424requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11425requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11426run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11427 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11428 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11429 0 \
11430 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11431 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11432 -c "NamedGroup: x25519 ( 1d )" \
11433 -c "NamedGroup: secp256r1 ( 17 )" \
11434 -c "Verifying peer X.509 certificate... ok" \
11435 -c "received HelloRetryRequest message" \
11436 -c "selected_group ( 23 )"
11437
11438requires_gnutls_tls1_3
11439requires_gnutls_next_no_ticket
11440requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11441requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11442requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11443requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11444requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11445requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11446run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11447 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11448 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11449 0 \
11450 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11451 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11452 -c "NamedGroup: x25519 ( 1d )" \
11453 -c "NamedGroup: secp384r1 ( 18 )" \
11454 -c "Verifying peer X.509 certificate... ok" \
11455 -c "received HelloRetryRequest message" \
11456 -c "selected_group ( 24 )"
11457
11458requires_gnutls_tls1_3
11459requires_gnutls_next_no_ticket
11460requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11461requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11462requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11463requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11464requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11465requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11466run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11467 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11468 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11469 0 \
11470 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11471 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11472 -c "NamedGroup: x25519 ( 1d )" \
11473 -c "NamedGroup: secp521r1 ( 19 )" \
11474 -c "Verifying peer X.509 certificate... ok" \
11475 -c "received HelloRetryRequest message" \
11476 -c "selected_group ( 25 )"
11477
11478requires_gnutls_tls1_3
11479requires_gnutls_next_no_ticket
11480requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11481requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11482requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11483requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11484requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11485requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11486run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11487 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11488 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11489 0 \
11490 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11491 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11492 -c "NamedGroup: x25519 ( 1d )" \
11493 -c "NamedGroup: x448 ( 1e )" \
11494 -c "Verifying peer X.509 certificate... ok" \
11495 -c "received HelloRetryRequest message" \
11496 -c "selected_group ( 30 )"
11497
11498requires_gnutls_tls1_3
11499requires_gnutls_next_no_ticket
11500requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11501requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11502requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11503requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11504requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11505requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11506run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11507 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11508 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11509 0 \
11510 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11511 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11512 -c "NamedGroup: x448 ( 1e )" \
11513 -c "NamedGroup: secp256r1 ( 17 )" \
11514 -c "Verifying peer X.509 certificate... ok" \
11515 -c "received HelloRetryRequest message" \
11516 -c "selected_group ( 23 )"
11517
11518requires_gnutls_tls1_3
11519requires_gnutls_next_no_ticket
11520requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11521requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11522requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11523requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11524requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11525requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11526run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11527 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11528 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11529 0 \
11530 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11531 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11532 -c "NamedGroup: x448 ( 1e )" \
11533 -c "NamedGroup: secp384r1 ( 18 )" \
11534 -c "Verifying peer X.509 certificate... ok" \
11535 -c "received HelloRetryRequest message" \
11536 -c "selected_group ( 24 )"
11537
11538requires_gnutls_tls1_3
11539requires_gnutls_next_no_ticket
11540requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11541requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11542requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11543requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11544requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11545requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11546run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11547 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11548 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11549 0 \
11550 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11551 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11552 -c "NamedGroup: x448 ( 1e )" \
11553 -c "NamedGroup: secp521r1 ( 19 )" \
11554 -c "Verifying peer X.509 certificate... ok" \
11555 -c "received HelloRetryRequest message" \
11556 -c "selected_group ( 25 )"
11557
11558requires_gnutls_tls1_3
11559requires_gnutls_next_no_ticket
11560requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11561requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11562requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11563requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11564requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11565requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11566run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11567 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11568 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519 force_version=tls13" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11569 0 \
11570 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11571 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11572 -c "NamedGroup: x448 ( 1e )" \
11573 -c "NamedGroup: x25519 ( 1d )" \
11574 -c "Verifying peer X.509 certificate... ok" \
11575 -c "received HelloRetryRequest message" \
11576 -c "selected_group ( 29 )"
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11577
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11578requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11579requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11580requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11581requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11582requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11583requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11584requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11585requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11586requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11587requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11588run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11589 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11590 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11591 0 \
11592 -s "Protocol is TLSv1.3" \
11593 -s "got named group: secp384r1(0018)" \
11594 -s "Verifying peer X.509 certificate... ok" \
11595 -c "Protocol is TLSv1.3" \
11596 -c "NamedGroup: secp256r1 ( 17 )" \
11597 -c "NamedGroup: secp384r1 ( 18 )" \
11598 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11599 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11600 -c "received HelloRetryRequest message" \
11601 -c "selected_group ( 24 )"
11602
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11603requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11604requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11605requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11606requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11607requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11608requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11609requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11610requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11611requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11612requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11613run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11614 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11615 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11616 0 \
11617 -s "Protocol is TLSv1.3" \
11618 -s "got named group: secp521r1(0019)" \
11619 -s "Verifying peer X.509 certificate... ok" \
11620 -c "Protocol is TLSv1.3" \
11621 -c "NamedGroup: secp256r1 ( 17 )" \
11622 -c "NamedGroup: secp521r1 ( 19 )" \
11623 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11624 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11625 -c "received HelloRetryRequest message" \
11626 -c "selected_group ( 25 )"
11627
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11628requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11629requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11630requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11631requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11632requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11633requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11634requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11635requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11636requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11637requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11638run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11639 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11640 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11641 0 \
11642 -s "Protocol is TLSv1.3" \
11643 -s "got named group: x25519(001d)" \
11644 -s "Verifying peer X.509 certificate... ok" \
11645 -c "Protocol is TLSv1.3" \
11646 -c "NamedGroup: secp256r1 ( 17 )" \
11647 -c "NamedGroup: x25519 ( 1d )" \
11648 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11649 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11650 -c "received HelloRetryRequest message" \
11651 -c "selected_group ( 29 )"
11652
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11653requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11654requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11655requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11656requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11657requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11658requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11659requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11660requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11661requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11662requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11663run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11664 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11665 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11666 0 \
11667 -s "Protocol is TLSv1.3" \
11668 -s "got named group: x448(001e)" \
11669 -s "Verifying peer X.509 certificate... ok" \
11670 -c "Protocol is TLSv1.3" \
11671 -c "NamedGroup: secp256r1 ( 17 )" \
11672 -c "NamedGroup: x448 ( 1e )" \
11673 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11674 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11675 -c "received HelloRetryRequest message" \
11676 -c "selected_group ( 30 )"
11677
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11678requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11679requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11680requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11681requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11682requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11683requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11684requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11685requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11686requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11687requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11688run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11689 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11690 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11691 0 \
11692 -s "Protocol is TLSv1.3" \
11693 -s "got named group: secp256r1(0017)" \
11694 -s "Verifying peer X.509 certificate... ok" \
11695 -c "Protocol is TLSv1.3" \
11696 -c "NamedGroup: secp384r1 ( 18 )" \
11697 -c "NamedGroup: secp256r1 ( 17 )" \
11698 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11699 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11700 -c "received HelloRetryRequest message" \
11701 -c "selected_group ( 23 )"
11702
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11703requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11704requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11705requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11706requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11707requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11708requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11709requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11710requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11711requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11712requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11713run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11714 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11715 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11716 0 \
11717 -s "Protocol is TLSv1.3" \
11718 -s "got named group: secp521r1(0019)" \
11719 -s "Verifying peer X.509 certificate... ok" \
11720 -c "Protocol is TLSv1.3" \
11721 -c "NamedGroup: secp384r1 ( 18 )" \
11722 -c "NamedGroup: secp521r1 ( 19 )" \
11723 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11724 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11725 -c "received HelloRetryRequest message" \
11726 -c "selected_group ( 25 )"
11727
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11728requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11729requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11730requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11731requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11732requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11733requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11734requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11735requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11736requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11737requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11738run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11739 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11740 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11741 0 \
11742 -s "Protocol is TLSv1.3" \
11743 -s "got named group: x25519(001d)" \
11744 -s "Verifying peer X.509 certificate... ok" \
11745 -c "Protocol is TLSv1.3" \
11746 -c "NamedGroup: secp384r1 ( 18 )" \
11747 -c "NamedGroup: x25519 ( 1d )" \
11748 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11749 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11750 -c "received HelloRetryRequest message" \
11751 -c "selected_group ( 29 )"
11752
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11753requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11754requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11755requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11756requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11758requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11759requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11760requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11761requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11762requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11763run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11764 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11765 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11766 0 \
11767 -s "Protocol is TLSv1.3" \
11768 -s "got named group: x448(001e)" \
11769 -s "Verifying peer X.509 certificate... ok" \
11770 -c "Protocol is TLSv1.3" \
11771 -c "NamedGroup: secp384r1 ( 18 )" \
11772 -c "NamedGroup: x448 ( 1e )" \
11773 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11774 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11775 -c "received HelloRetryRequest message" \
11776 -c "selected_group ( 30 )"
11777
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11778requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11779requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11780requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11781requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11782requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11783requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11784requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11785requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11786requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11787requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11788run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11789 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11790 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11791 0 \
11792 -s "Protocol is TLSv1.3" \
11793 -s "got named group: secp256r1(0017)" \
11794 -s "Verifying peer X.509 certificate... ok" \
11795 -c "Protocol is TLSv1.3" \
11796 -c "NamedGroup: secp521r1 ( 19 )" \
11797 -c "NamedGroup: secp256r1 ( 17 )" \
11798 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11799 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11800 -c "received HelloRetryRequest message" \
11801 -c "selected_group ( 23 )"
11802
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11803requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11804requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11805requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11806requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11807requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11808requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11809requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11810requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11811requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11812requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11813run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11814 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11815 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11816 0 \
11817 -s "Protocol is TLSv1.3" \
11818 -s "got named group: secp384r1(0018)" \
11819 -s "Verifying peer X.509 certificate... ok" \
11820 -c "Protocol is TLSv1.3" \
11821 -c "NamedGroup: secp521r1 ( 19 )" \
11822 -c "NamedGroup: secp384r1 ( 18 )" \
11823 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11824 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11825 -c "received HelloRetryRequest message" \
11826 -c "selected_group ( 24 )"
11827
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11828requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11829requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11830requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11831requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11832requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11833requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11834requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11835requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11836requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11837requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11838run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11839 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11840 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11841 0 \
11842 -s "Protocol is TLSv1.3" \
11843 -s "got named group: x25519(001d)" \
11844 -s "Verifying peer X.509 certificate... ok" \
11845 -c "Protocol is TLSv1.3" \
11846 -c "NamedGroup: secp521r1 ( 19 )" \
11847 -c "NamedGroup: x25519 ( 1d )" \
11848 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11849 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11850 -c "received HelloRetryRequest message" \
11851 -c "selected_group ( 29 )"
11852
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11853requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11854requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11855requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11856requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11857requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11858requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11859requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11860requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11861requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11862requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11863run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11864 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11865 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11866 0 \
11867 -s "Protocol is TLSv1.3" \
11868 -s "got named group: x448(001e)" \
11869 -s "Verifying peer X.509 certificate... ok" \
11870 -c "Protocol is TLSv1.3" \
11871 -c "NamedGroup: secp521r1 ( 19 )" \
11872 -c "NamedGroup: x448 ( 1e )" \
11873 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11874 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11875 -c "received HelloRetryRequest message" \
11876 -c "selected_group ( 30 )"
11877
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11878requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11879requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11880requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11881requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11882requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11883requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11884requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11885requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11886requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11887requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11888run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11889 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11890 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11891 0 \
11892 -s "Protocol is TLSv1.3" \
11893 -s "got named group: secp256r1(0017)" \
11894 -s "Verifying peer X.509 certificate... ok" \
11895 -c "Protocol is TLSv1.3" \
11896 -c "NamedGroup: x25519 ( 1d )" \
11897 -c "NamedGroup: secp256r1 ( 17 )" \
11898 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11899 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11900 -c "received HelloRetryRequest message" \
11901 -c "selected_group ( 23 )"
11902
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11903requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11904requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11905requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11906requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11907requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11908requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11909requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11910requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11911requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11912requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11913run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11914 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11915 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11916 0 \
11917 -s "Protocol is TLSv1.3" \
11918 -s "got named group: secp384r1(0018)" \
11919 -s "Verifying peer X.509 certificate... ok" \
11920 -c "Protocol is TLSv1.3" \
11921 -c "NamedGroup: x25519 ( 1d )" \
11922 -c "NamedGroup: secp384r1 ( 18 )" \
11923 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11924 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11925 -c "received HelloRetryRequest message" \
11926 -c "selected_group ( 24 )"
11927
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11928requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11929requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11930requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11931requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11932requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11933requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11934requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11935requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11936requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11937requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11938run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11939 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11940 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11941 0 \
11942 -s "Protocol is TLSv1.3" \
11943 -s "got named group: secp521r1(0019)" \
11944 -s "Verifying peer X.509 certificate... ok" \
11945 -c "Protocol is TLSv1.3" \
11946 -c "NamedGroup: x25519 ( 1d )" \
11947 -c "NamedGroup: secp521r1 ( 19 )" \
11948 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11949 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11950 -c "received HelloRetryRequest message" \
11951 -c "selected_group ( 25 )"
11952
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11953requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11954requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11955requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11956requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11957requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11958requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11959requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11960requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11961requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11962requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11963run_test "TLS 1.3 m->m: HRR x25519 -> x448" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11964 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11965 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11966 0 \
11967 -s "Protocol is TLSv1.3" \
11968 -s "got named group: x448(001e)" \
11969 -s "Verifying peer X.509 certificate... ok" \
11970 -c "Protocol is TLSv1.3" \
11971 -c "NamedGroup: x25519 ( 1d )" \
11972 -c "NamedGroup: x448 ( 1e )" \
11973 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11974 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11975 -c "received HelloRetryRequest message" \
11976 -c "selected_group ( 30 )"
11977
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11978requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11979requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11980requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11981requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11982requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11983requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11984requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11985requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]11986requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11988run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]11989 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11990 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11991 0 \
11992 -s "Protocol is TLSv1.3" \
11993 -s "got named group: secp256r1(0017)" \
11994 -s "Verifying peer X.509 certificate... ok" \
11995 -c "Protocol is TLSv1.3" \
11996 -c "NamedGroup: x448 ( 1e )" \
11997 -c "NamedGroup: secp256r1 ( 17 )" \
11998 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]11999 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12000 -c "received HelloRetryRequest message" \
12001 -c "selected_group ( 23 )"
12002
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12003requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12004requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12005requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]12006requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12007requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12008requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12009requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12010requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]12011requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12012requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12013run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]12014 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12015 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12016 0 \
12017 -s "Protocol is TLSv1.3" \
12018 -s "got named group: secp384r1(0018)" \
12019 -s "Verifying peer X.509 certificate... ok" \
12020 -c "Protocol is TLSv1.3" \
12021 -c "NamedGroup: x448 ( 1e )" \
12022 -c "NamedGroup: secp384r1 ( 18 )" \
12023 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12024 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12025 -c "received HelloRetryRequest message" \
12026 -c "selected_group ( 24 )"
12027
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12028requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12029requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12030requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]12031requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12033requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12034requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12035requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]12036requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12037requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12038run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]12039 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12040 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12041 0 \
12042 -s "Protocol is TLSv1.3" \
12043 -s "got named group: secp521r1(0019)" \
12044 -s "Verifying peer X.509 certificate... ok" \
12045 -c "Protocol is TLSv1.3" \
12046 -c "NamedGroup: x448 ( 1e )" \
12047 -c "NamedGroup: secp521r1 ( 19 )" \
12048 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12049 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12050 -c "received HelloRetryRequest message" \
12051 -c "selected_group ( 25 )"
12052
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]12053requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12054requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12055requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]12056requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12057requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12058requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12059requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12060requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronbc5adf42022-10-04 11:06:14 +0200[diff] [blame]12061requires_key_exchange_with_cert_in_tls13_enabled
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12062requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12063run_test "TLS 1.3 m->m: HRR x448 -> x25519" \
Jerry Yub7c12a42022-06-12 20:53:02 +0800[diff] [blame]12064 "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
12065 "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519 force_version=tls13" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12066 0 \
12067 -s "Protocol is TLSv1.3" \
12068 -s "got named group: x25519(001d)" \
12069 -s "Verifying peer X.509 certificate... ok" \
12070 -c "Protocol is TLSv1.3" \
12071 -c "NamedGroup: x448 ( 1e )" \
12072 -c "NamedGroup: x25519 ( 1d )" \
12073 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame]12074 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]12075 -c "received HelloRetryRequest message" \
12076 -c "selected_group ( 29 )"