TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9b938b7c37ba8f975c3089b59845d09d0e351bd9 / . / tests / opt-testcases / tls13-compat.sh
blob: 48ba469e9b17bfccccca2755795f5b9db4757957 [file] [log] [blame]
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1#!/bin/sh
2
3# tls13-compat.sh
4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# Purpose
21#
22# List TLS1.3 compat test cases. They are generated by
23# `./tests/scripts/generate_tls13_compat_tests.py -a -o tests/opt-testcases/tls13-compat.sh`.
24#
25# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
26# AND REGENERATE THIS FILE.
27#
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]28requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]29requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]30requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
31requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
32requires_openssl_tls1_3
33run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
34 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
35 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
36 0 \
37 -s "Protocol is TLSv1.3" \
38 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
39 -s "received signature algorithm: 0x403" \
40 -s "got named group: secp256r1(0017)" \
41 -s "Verifying peer X.509 certificate... ok" \
42 -s "HTTP/1.0 200 OK" \
43 -C "received HelloRetryRequest message"
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]44
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]45requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]46requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]47requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
48requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
49requires_openssl_tls1_3
50run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
51 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
52 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
53 0 \
54 -s "Protocol is TLSv1.3" \
55 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
56 -s "received signature algorithm: 0x503" \
57 -s "got named group: secp256r1(0017)" \
58 -s "Verifying peer X.509 certificate... ok" \
59 -s "HTTP/1.0 200 OK" \
60 -C "received HelloRetryRequest message"
61
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]62requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]63requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]64requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
65requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
66requires_openssl_tls1_3
67run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
68 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
69 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
70 0 \
71 -s "Protocol is TLSv1.3" \
72 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
73 -s "received signature algorithm: 0x603" \
74 -s "got named group: secp256r1(0017)" \
75 -s "Verifying peer X.509 certificate... ok" \
76 -s "HTTP/1.0 200 OK" \
77 -C "received HelloRetryRequest message"
78
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]79requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]80requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]81requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
82requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
83requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
84requires_openssl_tls1_3
85run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
86 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
87 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
88 0 \
89 -s "Protocol is TLSv1.3" \
90 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
91 -s "received signature algorithm: 0x804" \
92 -s "got named group: secp256r1(0017)" \
93 -s "Verifying peer X.509 certificate... ok" \
94 -s "HTTP/1.0 200 OK" \
95 -C "received HelloRetryRequest message"
96
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]97requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]98requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]99requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
101requires_openssl_tls1_3
102run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
103 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
104 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
105 0 \
106 -s "Protocol is TLSv1.3" \
107 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
108 -s "received signature algorithm: 0x403" \
109 -s "got named group: secp384r1(0018)" \
110 -s "Verifying peer X.509 certificate... ok" \
111 -s "HTTP/1.0 200 OK" \
112 -C "received HelloRetryRequest message"
113
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]114requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]115requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]116requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
117requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
118requires_openssl_tls1_3
119run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
120 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
121 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
122 0 \
123 -s "Protocol is TLSv1.3" \
124 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
125 -s "received signature algorithm: 0x503" \
126 -s "got named group: secp384r1(0018)" \
127 -s "Verifying peer X.509 certificate... ok" \
128 -s "HTTP/1.0 200 OK" \
129 -C "received HelloRetryRequest message"
130
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]131requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]132requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]133requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
134requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
135requires_openssl_tls1_3
136run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
137 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
138 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
139 0 \
140 -s "Protocol is TLSv1.3" \
141 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
142 -s "received signature algorithm: 0x603" \
143 -s "got named group: secp384r1(0018)" \
144 -s "Verifying peer X.509 certificate... ok" \
145 -s "HTTP/1.0 200 OK" \
146 -C "received HelloRetryRequest message"
147
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]148requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]149requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]150requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
151requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
152requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
153requires_openssl_tls1_3
154run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
155 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
156 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
157 0 \
158 -s "Protocol is TLSv1.3" \
159 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
160 -s "received signature algorithm: 0x804" \
161 -s "got named group: secp384r1(0018)" \
162 -s "Verifying peer X.509 certificate... ok" \
163 -s "HTTP/1.0 200 OK" \
164 -C "received HelloRetryRequest message"
165
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]166requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]167requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]168requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
169requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
170requires_openssl_tls1_3
171run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
172 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
173 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
174 0 \
175 -s "Protocol is TLSv1.3" \
176 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
177 -s "received signature algorithm: 0x403" \
178 -s "got named group: secp521r1(0019)" \
179 -s "Verifying peer X.509 certificate... ok" \
180 -s "HTTP/1.0 200 OK" \
181 -C "received HelloRetryRequest message"
182
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]183requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]184requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]185requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
186requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
187requires_openssl_tls1_3
188run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
189 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
190 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
191 0 \
192 -s "Protocol is TLSv1.3" \
193 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
194 -s "received signature algorithm: 0x503" \
195 -s "got named group: secp521r1(0019)" \
196 -s "Verifying peer X.509 certificate... ok" \
197 -s "HTTP/1.0 200 OK" \
198 -C "received HelloRetryRequest message"
199
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]200requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]201requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]202requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
203requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
204requires_openssl_tls1_3
205run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
206 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
207 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
208 0 \
209 -s "Protocol is TLSv1.3" \
210 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
211 -s "received signature algorithm: 0x603" \
212 -s "got named group: secp521r1(0019)" \
213 -s "Verifying peer X.509 certificate... ok" \
214 -s "HTTP/1.0 200 OK" \
215 -C "received HelloRetryRequest message"
216
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]217requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]218requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]219requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
221requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
222requires_openssl_tls1_3
223run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
224 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
225 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
226 0 \
227 -s "Protocol is TLSv1.3" \
228 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
229 -s "received signature algorithm: 0x804" \
230 -s "got named group: secp521r1(0019)" \
231 -s "Verifying peer X.509 certificate... ok" \
232 -s "HTTP/1.0 200 OK" \
233 -C "received HelloRetryRequest message"
234
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]235requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]236requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
239requires_openssl_tls1_3
240run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
241 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
242 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
243 0 \
244 -s "Protocol is TLSv1.3" \
245 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
246 -s "received signature algorithm: 0x403" \
247 -s "got named group: x25519(001d)" \
248 -s "Verifying peer X.509 certificate... ok" \
249 -s "HTTP/1.0 200 OK" \
250 -C "received HelloRetryRequest message"
251
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]252requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]253requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]254requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
255requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
256requires_openssl_tls1_3
257run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
258 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
259 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
260 0 \
261 -s "Protocol is TLSv1.3" \
262 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
263 -s "received signature algorithm: 0x503" \
264 -s "got named group: x25519(001d)" \
265 -s "Verifying peer X.509 certificate... ok" \
266 -s "HTTP/1.0 200 OK" \
267 -C "received HelloRetryRequest message"
268
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]269requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]270requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]271requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
272requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
273requires_openssl_tls1_3
274run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
275 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
276 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
277 0 \
278 -s "Protocol is TLSv1.3" \
279 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
280 -s "received signature algorithm: 0x603" \
281 -s "got named group: x25519(001d)" \
282 -s "Verifying peer X.509 certificate... ok" \
283 -s "HTTP/1.0 200 OK" \
284 -C "received HelloRetryRequest message"
285
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]286requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]287requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]288requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
289requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
290requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
291requires_openssl_tls1_3
292run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
293 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
294 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
295 0 \
296 -s "Protocol is TLSv1.3" \
297 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
298 -s "received signature algorithm: 0x804" \
299 -s "got named group: x25519(001d)" \
300 -s "Verifying peer X.509 certificate... ok" \
301 -s "HTTP/1.0 200 OK" \
302 -C "received HelloRetryRequest message"
303
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]304requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]305requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]306requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
307requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
308requires_openssl_tls1_3
309run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
310 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
311 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
312 0 \
313 -s "Protocol is TLSv1.3" \
314 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
315 -s "received signature algorithm: 0x403" \
316 -s "got named group: x448(001e)" \
317 -s "Verifying peer X.509 certificate... ok" \
318 -s "HTTP/1.0 200 OK" \
319 -C "received HelloRetryRequest message"
320
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]321requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]322requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]323requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
324requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
325requires_openssl_tls1_3
326run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
327 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
328 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
329 0 \
330 -s "Protocol is TLSv1.3" \
331 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
332 -s "received signature algorithm: 0x503" \
333 -s "got named group: x448(001e)" \
334 -s "Verifying peer X.509 certificate... ok" \
335 -s "HTTP/1.0 200 OK" \
336 -C "received HelloRetryRequest message"
337
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]338requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]339requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]340requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
341requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
342requires_openssl_tls1_3
343run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
344 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
345 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
346 0 \
347 -s "Protocol is TLSv1.3" \
348 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
349 -s "received signature algorithm: 0x603" \
350 -s "got named group: x448(001e)" \
351 -s "Verifying peer X.509 certificate... ok" \
352 -s "HTTP/1.0 200 OK" \
353 -C "received HelloRetryRequest message"
354
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]355requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]356requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]357requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
358requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
359requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
360requires_openssl_tls1_3
361run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
362 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
363 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
364 0 \
365 -s "Protocol is TLSv1.3" \
366 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
367 -s "received signature algorithm: 0x804" \
368 -s "got named group: x448(001e)" \
369 -s "Verifying peer X.509 certificate... ok" \
370 -s "HTTP/1.0 200 OK" \
371 -C "received HelloRetryRequest message"
372
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]373requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]374requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]375requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
376requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
377requires_openssl_tls1_3
378run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
379 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
380 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
381 0 \
382 -s "Protocol is TLSv1.3" \
383 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
384 -s "received signature algorithm: 0x403" \
385 -s "got named group: secp256r1(0017)" \
386 -s "Verifying peer X.509 certificate... ok" \
387 -s "HTTP/1.0 200 OK" \
388 -C "received HelloRetryRequest message"
389
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]390requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]391requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]392requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
393requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
394requires_openssl_tls1_3
395run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
396 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
397 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
398 0 \
399 -s "Protocol is TLSv1.3" \
400 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
401 -s "received signature algorithm: 0x503" \
402 -s "got named group: secp256r1(0017)" \
403 -s "Verifying peer X.509 certificate... ok" \
404 -s "HTTP/1.0 200 OK" \
405 -C "received HelloRetryRequest message"
406
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]407requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]408requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]409requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
410requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
411requires_openssl_tls1_3
412run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
413 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
414 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
415 0 \
416 -s "Protocol is TLSv1.3" \
417 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
418 -s "received signature algorithm: 0x603" \
419 -s "got named group: secp256r1(0017)" \
420 -s "Verifying peer X.509 certificate... ok" \
421 -s "HTTP/1.0 200 OK" \
422 -C "received HelloRetryRequest message"
423
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]424requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]425requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]426requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
427requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
428requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
429requires_openssl_tls1_3
430run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
431 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
432 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
433 0 \
434 -s "Protocol is TLSv1.3" \
435 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
436 -s "received signature algorithm: 0x804" \
437 -s "got named group: secp256r1(0017)" \
438 -s "Verifying peer X.509 certificate... ok" \
439 -s "HTTP/1.0 200 OK" \
440 -C "received HelloRetryRequest message"
441
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]442requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]443requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]444requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
445requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
446requires_openssl_tls1_3
447run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
448 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
449 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
450 0 \
451 -s "Protocol is TLSv1.3" \
452 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
453 -s "received signature algorithm: 0x403" \
454 -s "got named group: secp384r1(0018)" \
455 -s "Verifying peer X.509 certificate... ok" \
456 -s "HTTP/1.0 200 OK" \
457 -C "received HelloRetryRequest message"
458
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]459requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]460requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]461requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
462requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
463requires_openssl_tls1_3
464run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
465 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
466 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
467 0 \
468 -s "Protocol is TLSv1.3" \
469 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
470 -s "received signature algorithm: 0x503" \
471 -s "got named group: secp384r1(0018)" \
472 -s "Verifying peer X.509 certificate... ok" \
473 -s "HTTP/1.0 200 OK" \
474 -C "received HelloRetryRequest message"
475
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]476requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]477requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]478requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
479requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
480requires_openssl_tls1_3
481run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
482 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
483 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
484 0 \
485 -s "Protocol is TLSv1.3" \
486 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
487 -s "received signature algorithm: 0x603" \
488 -s "got named group: secp384r1(0018)" \
489 -s "Verifying peer X.509 certificate... ok" \
490 -s "HTTP/1.0 200 OK" \
491 -C "received HelloRetryRequest message"
492
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]493requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]494requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]495requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
496requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
497requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
498requires_openssl_tls1_3
499run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
500 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
501 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
502 0 \
503 -s "Protocol is TLSv1.3" \
504 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
505 -s "received signature algorithm: 0x804" \
506 -s "got named group: secp384r1(0018)" \
507 -s "Verifying peer X.509 certificate... ok" \
508 -s "HTTP/1.0 200 OK" \
509 -C "received HelloRetryRequest message"
510
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]511requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]512requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]513requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
514requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
515requires_openssl_tls1_3
516run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
517 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
518 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
519 0 \
520 -s "Protocol is TLSv1.3" \
521 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
522 -s "received signature algorithm: 0x403" \
523 -s "got named group: secp521r1(0019)" \
524 -s "Verifying peer X.509 certificate... ok" \
525 -s "HTTP/1.0 200 OK" \
526 -C "received HelloRetryRequest message"
527
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]528requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]529requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]530requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
531requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
532requires_openssl_tls1_3
533run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
534 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
535 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
536 0 \
537 -s "Protocol is TLSv1.3" \
538 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
539 -s "received signature algorithm: 0x503" \
540 -s "got named group: secp521r1(0019)" \
541 -s "Verifying peer X.509 certificate... ok" \
542 -s "HTTP/1.0 200 OK" \
543 -C "received HelloRetryRequest message"
544
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]545requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]546requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]547requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
548requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
549requires_openssl_tls1_3
550run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
551 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
552 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
553 0 \
554 -s "Protocol is TLSv1.3" \
555 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
556 -s "received signature algorithm: 0x603" \
557 -s "got named group: secp521r1(0019)" \
558 -s "Verifying peer X.509 certificate... ok" \
559 -s "HTTP/1.0 200 OK" \
560 -C "received HelloRetryRequest message"
561
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]562requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]563requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]564requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
565requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
566requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
567requires_openssl_tls1_3
568run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
569 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
570 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
571 0 \
572 -s "Protocol is TLSv1.3" \
573 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
574 -s "received signature algorithm: 0x804" \
575 -s "got named group: secp521r1(0019)" \
576 -s "Verifying peer X.509 certificate... ok" \
577 -s "HTTP/1.0 200 OK" \
578 -C "received HelloRetryRequest message"
579
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]580requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]581requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]582requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
583requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
584requires_openssl_tls1_3
585run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
586 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
587 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
588 0 \
589 -s "Protocol is TLSv1.3" \
590 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
591 -s "received signature algorithm: 0x403" \
592 -s "got named group: x25519(001d)" \
593 -s "Verifying peer X.509 certificate... ok" \
594 -s "HTTP/1.0 200 OK" \
595 -C "received HelloRetryRequest message"
596
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]597requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]598requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]599requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
600requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
601requires_openssl_tls1_3
602run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
603 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
604 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
605 0 \
606 -s "Protocol is TLSv1.3" \
607 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
608 -s "received signature algorithm: 0x503" \
609 -s "got named group: x25519(001d)" \
610 -s "Verifying peer X.509 certificate... ok" \
611 -s "HTTP/1.0 200 OK" \
612 -C "received HelloRetryRequest message"
613
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]614requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]615requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]616requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
617requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
618requires_openssl_tls1_3
619run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
620 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
621 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
622 0 \
623 -s "Protocol is TLSv1.3" \
624 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
625 -s "received signature algorithm: 0x603" \
626 -s "got named group: x25519(001d)" \
627 -s "Verifying peer X.509 certificate... ok" \
628 -s "HTTP/1.0 200 OK" \
629 -C "received HelloRetryRequest message"
630
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]631requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]632requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]633requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
634requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
635requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
636requires_openssl_tls1_3
637run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
638 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
639 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
640 0 \
641 -s "Protocol is TLSv1.3" \
642 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
643 -s "received signature algorithm: 0x804" \
644 -s "got named group: x25519(001d)" \
645 -s "Verifying peer X.509 certificate... ok" \
646 -s "HTTP/1.0 200 OK" \
647 -C "received HelloRetryRequest message"
648
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]649requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]650requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]651requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
652requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
653requires_openssl_tls1_3
654run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
655 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
656 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
657 0 \
658 -s "Protocol is TLSv1.3" \
659 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
660 -s "received signature algorithm: 0x403" \
661 -s "got named group: x448(001e)" \
662 -s "Verifying peer X.509 certificate... ok" \
663 -s "HTTP/1.0 200 OK" \
664 -C "received HelloRetryRequest message"
665
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]666requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]667requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]668requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
670requires_openssl_tls1_3
671run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
672 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
673 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
674 0 \
675 -s "Protocol is TLSv1.3" \
676 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
677 -s "received signature algorithm: 0x503" \
678 -s "got named group: x448(001e)" \
679 -s "Verifying peer X.509 certificate... ok" \
680 -s "HTTP/1.0 200 OK" \
681 -C "received HelloRetryRequest message"
682
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]683requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]684requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]685requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
686requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
687requires_openssl_tls1_3
688run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
689 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
690 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
691 0 \
692 -s "Protocol is TLSv1.3" \
693 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
694 -s "received signature algorithm: 0x603" \
695 -s "got named group: x448(001e)" \
696 -s "Verifying peer X.509 certificate... ok" \
697 -s "HTTP/1.0 200 OK" \
698 -C "received HelloRetryRequest message"
699
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]700requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]701requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]702requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
703requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
704requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
705requires_openssl_tls1_3
706run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
707 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
708 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
709 0 \
710 -s "Protocol is TLSv1.3" \
711 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
712 -s "received signature algorithm: 0x804" \
713 -s "got named group: x448(001e)" \
714 -s "Verifying peer X.509 certificate... ok" \
715 -s "HTTP/1.0 200 OK" \
716 -C "received HelloRetryRequest message"
717
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]718requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]719requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]720requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
722requires_openssl_tls1_3
723run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
724 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
725 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
726 0 \
727 -s "Protocol is TLSv1.3" \
728 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
729 -s "received signature algorithm: 0x403" \
730 -s "got named group: secp256r1(0017)" \
731 -s "Verifying peer X.509 certificate... ok" \
732 -s "HTTP/1.0 200 OK" \
733 -C "received HelloRetryRequest message"
734
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]735requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]736requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]737requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
738requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
739requires_openssl_tls1_3
740run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
741 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
742 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
743 0 \
744 -s "Protocol is TLSv1.3" \
745 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
746 -s "received signature algorithm: 0x503" \
747 -s "got named group: secp256r1(0017)" \
748 -s "Verifying peer X.509 certificate... ok" \
749 -s "HTTP/1.0 200 OK" \
750 -C "received HelloRetryRequest message"
751
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]752requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]753requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]754requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
756requires_openssl_tls1_3
757run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
758 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
759 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
760 0 \
761 -s "Protocol is TLSv1.3" \
762 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
763 -s "received signature algorithm: 0x603" \
764 -s "got named group: secp256r1(0017)" \
765 -s "Verifying peer X.509 certificate... ok" \
766 -s "HTTP/1.0 200 OK" \
767 -C "received HelloRetryRequest message"
768
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]769requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]770requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]771requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
772requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
773requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
774requires_openssl_tls1_3
775run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
776 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
777 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
778 0 \
779 -s "Protocol is TLSv1.3" \
780 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
781 -s "received signature algorithm: 0x804" \
782 -s "got named group: secp256r1(0017)" \
783 -s "Verifying peer X.509 certificate... ok" \
784 -s "HTTP/1.0 200 OK" \
785 -C "received HelloRetryRequest message"
786
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]787requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]788requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]789requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
790requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
791requires_openssl_tls1_3
792run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
793 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
794 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
795 0 \
796 -s "Protocol is TLSv1.3" \
797 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
798 -s "received signature algorithm: 0x403" \
799 -s "got named group: secp384r1(0018)" \
800 -s "Verifying peer X.509 certificate... ok" \
801 -s "HTTP/1.0 200 OK" \
802 -C "received HelloRetryRequest message"
803
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]804requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]805requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]806requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
807requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
808requires_openssl_tls1_3
809run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
810 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
811 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
812 0 \
813 -s "Protocol is TLSv1.3" \
814 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
815 -s "received signature algorithm: 0x503" \
816 -s "got named group: secp384r1(0018)" \
817 -s "Verifying peer X.509 certificate... ok" \
818 -s "HTTP/1.0 200 OK" \
819 -C "received HelloRetryRequest message"
820
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]821requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]822requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]823requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
824requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
825requires_openssl_tls1_3
826run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
827 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
828 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
829 0 \
830 -s "Protocol is TLSv1.3" \
831 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
832 -s "received signature algorithm: 0x603" \
833 -s "got named group: secp384r1(0018)" \
834 -s "Verifying peer X.509 certificate... ok" \
835 -s "HTTP/1.0 200 OK" \
836 -C "received HelloRetryRequest message"
837
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]838requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]839requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]840requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
841requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
842requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
843requires_openssl_tls1_3
844run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
845 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
846 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
847 0 \
848 -s "Protocol is TLSv1.3" \
849 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
850 -s "received signature algorithm: 0x804" \
851 -s "got named group: secp384r1(0018)" \
852 -s "Verifying peer X.509 certificate... ok" \
853 -s "HTTP/1.0 200 OK" \
854 -C "received HelloRetryRequest message"
855
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]856requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]857requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]858requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
860requires_openssl_tls1_3
861run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
862 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
863 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
864 0 \
865 -s "Protocol is TLSv1.3" \
866 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
867 -s "received signature algorithm: 0x403" \
868 -s "got named group: secp521r1(0019)" \
869 -s "Verifying peer X.509 certificate... ok" \
870 -s "HTTP/1.0 200 OK" \
871 -C "received HelloRetryRequest message"
872
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]873requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]874requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]875requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
876requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
877requires_openssl_tls1_3
878run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
879 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
880 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
881 0 \
882 -s "Protocol is TLSv1.3" \
883 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
884 -s "received signature algorithm: 0x503" \
885 -s "got named group: secp521r1(0019)" \
886 -s "Verifying peer X.509 certificate... ok" \
887 -s "HTTP/1.0 200 OK" \
888 -C "received HelloRetryRequest message"
889
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]890requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]891requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]892requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
893requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
894requires_openssl_tls1_3
895run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
896 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
897 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
898 0 \
899 -s "Protocol is TLSv1.3" \
900 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
901 -s "received signature algorithm: 0x603" \
902 -s "got named group: secp521r1(0019)" \
903 -s "Verifying peer X.509 certificate... ok" \
904 -s "HTTP/1.0 200 OK" \
905 -C "received HelloRetryRequest message"
906
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]907requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]908requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]909requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
910requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
911requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
912requires_openssl_tls1_3
913run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
914 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
915 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
916 0 \
917 -s "Protocol is TLSv1.3" \
918 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
919 -s "received signature algorithm: 0x804" \
920 -s "got named group: secp521r1(0019)" \
921 -s "Verifying peer X.509 certificate... ok" \
922 -s "HTTP/1.0 200 OK" \
923 -C "received HelloRetryRequest message"
924
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]925requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]926requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]927requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
928requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
929requires_openssl_tls1_3
930run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
931 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
932 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
933 0 \
934 -s "Protocol is TLSv1.3" \
935 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
936 -s "received signature algorithm: 0x403" \
937 -s "got named group: x25519(001d)" \
938 -s "Verifying peer X.509 certificate... ok" \
939 -s "HTTP/1.0 200 OK" \
940 -C "received HelloRetryRequest message"
941
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]942requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]943requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]944requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
945requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
946requires_openssl_tls1_3
947run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
948 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
949 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
950 0 \
951 -s "Protocol is TLSv1.3" \
952 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
953 -s "received signature algorithm: 0x503" \
954 -s "got named group: x25519(001d)" \
955 -s "Verifying peer X.509 certificate... ok" \
956 -s "HTTP/1.0 200 OK" \
957 -C "received HelloRetryRequest message"
958
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]959requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]960requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]961requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
962requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
963requires_openssl_tls1_3
964run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
965 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
966 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
967 0 \
968 -s "Protocol is TLSv1.3" \
969 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
970 -s "received signature algorithm: 0x603" \
971 -s "got named group: x25519(001d)" \
972 -s "Verifying peer X.509 certificate... ok" \
973 -s "HTTP/1.0 200 OK" \
974 -C "received HelloRetryRequest message"
975
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]976requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]977requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]978requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
979requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
980requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
981requires_openssl_tls1_3
982run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
983 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
984 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
985 0 \
986 -s "Protocol is TLSv1.3" \
987 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
988 -s "received signature algorithm: 0x804" \
989 -s "got named group: x25519(001d)" \
990 -s "Verifying peer X.509 certificate... ok" \
991 -s "HTTP/1.0 200 OK" \
992 -C "received HelloRetryRequest message"
993
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]994requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]995requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]996requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
997requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
998requires_openssl_tls1_3
999run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
1000 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1001 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1002 0 \
1003 -s "Protocol is TLSv1.3" \
1004 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1005 -s "received signature algorithm: 0x403" \
1006 -s "got named group: x448(001e)" \
1007 -s "Verifying peer X.509 certificate... ok" \
1008 -s "HTTP/1.0 200 OK" \
1009 -C "received HelloRetryRequest message"
1010
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1011requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1012requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1013requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1014requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1015requires_openssl_tls1_3
1016run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
1017 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1018 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1019 0 \
1020 -s "Protocol is TLSv1.3" \
1021 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1022 -s "received signature algorithm: 0x503" \
1023 -s "got named group: x448(001e)" \
1024 -s "Verifying peer X.509 certificate... ok" \
1025 -s "HTTP/1.0 200 OK" \
1026 -C "received HelloRetryRequest message"
1027
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1028requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1029requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1030requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1031requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1032requires_openssl_tls1_3
1033run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
1034 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1035 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1036 0 \
1037 -s "Protocol is TLSv1.3" \
1038 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1039 -s "received signature algorithm: 0x603" \
1040 -s "got named group: x448(001e)" \
1041 -s "Verifying peer X.509 certificate... ok" \
1042 -s "HTTP/1.0 200 OK" \
1043 -C "received HelloRetryRequest message"
1044
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1045requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1046requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1047requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1048requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1049requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1050requires_openssl_tls1_3
1051run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
1052 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1053 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
1054 0 \
1055 -s "Protocol is TLSv1.3" \
1056 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
1057 -s "received signature algorithm: 0x804" \
1058 -s "got named group: x448(001e)" \
1059 -s "Verifying peer X.509 certificate... ok" \
1060 -s "HTTP/1.0 200 OK" \
1061 -C "received HelloRetryRequest message"
1062
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1063requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1064requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1065requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1066requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1067requires_openssl_tls1_3
1068run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
1069 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1070 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1071 0 \
1072 -s "Protocol is TLSv1.3" \
1073 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1074 -s "received signature algorithm: 0x403" \
1075 -s "got named group: secp256r1(0017)" \
1076 -s "Verifying peer X.509 certificate... ok" \
1077 -s "HTTP/1.0 200 OK" \
1078 -C "received HelloRetryRequest message"
1079
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1080requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1081requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1082requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1084requires_openssl_tls1_3
1085run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
1086 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1087 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1088 0 \
1089 -s "Protocol is TLSv1.3" \
1090 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1091 -s "received signature algorithm: 0x503" \
1092 -s "got named group: secp256r1(0017)" \
1093 -s "Verifying peer X.509 certificate... ok" \
1094 -s "HTTP/1.0 200 OK" \
1095 -C "received HelloRetryRequest message"
1096
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1097requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1098requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1099requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1101requires_openssl_tls1_3
1102run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
1103 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1104 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1105 0 \
1106 -s "Protocol is TLSv1.3" \
1107 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1108 -s "received signature algorithm: 0x603" \
1109 -s "got named group: secp256r1(0017)" \
1110 -s "Verifying peer X.509 certificate... ok" \
1111 -s "HTTP/1.0 200 OK" \
1112 -C "received HelloRetryRequest message"
1113
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1114requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1115requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1116requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1117requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1118requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1119requires_openssl_tls1_3
1120run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
1121 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1122 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
1123 0 \
1124 -s "Protocol is TLSv1.3" \
1125 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1126 -s "received signature algorithm: 0x804" \
1127 -s "got named group: secp256r1(0017)" \
1128 -s "Verifying peer X.509 certificate... ok" \
1129 -s "HTTP/1.0 200 OK" \
1130 -C "received HelloRetryRequest message"
1131
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1132requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1133requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1134requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1136requires_openssl_tls1_3
1137run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
1138 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1139 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1140 0 \
1141 -s "Protocol is TLSv1.3" \
1142 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1143 -s "received signature algorithm: 0x403" \
1144 -s "got named group: secp384r1(0018)" \
1145 -s "Verifying peer X.509 certificate... ok" \
1146 -s "HTTP/1.0 200 OK" \
1147 -C "received HelloRetryRequest message"
1148
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1149requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1150requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1151requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1153requires_openssl_tls1_3
1154run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
1155 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1156 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1157 0 \
1158 -s "Protocol is TLSv1.3" \
1159 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1160 -s "received signature algorithm: 0x503" \
1161 -s "got named group: secp384r1(0018)" \
1162 -s "Verifying peer X.509 certificate... ok" \
1163 -s "HTTP/1.0 200 OK" \
1164 -C "received HelloRetryRequest message"
1165
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1166requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1167requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1168requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1169requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1170requires_openssl_tls1_3
1171run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
1172 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1173 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1174 0 \
1175 -s "Protocol is TLSv1.3" \
1176 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1177 -s "received signature algorithm: 0x603" \
1178 -s "got named group: secp384r1(0018)" \
1179 -s "Verifying peer X.509 certificate... ok" \
1180 -s "HTTP/1.0 200 OK" \
1181 -C "received HelloRetryRequest message"
1182
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1183requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1184requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1185requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1186requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1187requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1188requires_openssl_tls1_3
1189run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
1190 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1191 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
1192 0 \
1193 -s "Protocol is TLSv1.3" \
1194 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1195 -s "received signature algorithm: 0x804" \
1196 -s "got named group: secp384r1(0018)" \
1197 -s "Verifying peer X.509 certificate... ok" \
1198 -s "HTTP/1.0 200 OK" \
1199 -C "received HelloRetryRequest message"
1200
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1201requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1202requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1203requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1204requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1205requires_openssl_tls1_3
1206run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
1207 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1208 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1209 0 \
1210 -s "Protocol is TLSv1.3" \
1211 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1212 -s "received signature algorithm: 0x403" \
1213 -s "got named group: secp521r1(0019)" \
1214 -s "Verifying peer X.509 certificate... ok" \
1215 -s "HTTP/1.0 200 OK" \
1216 -C "received HelloRetryRequest message"
1217
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1218requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1219requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1220requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1222requires_openssl_tls1_3
1223run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
1224 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1225 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1226 0 \
1227 -s "Protocol is TLSv1.3" \
1228 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1229 -s "received signature algorithm: 0x503" \
1230 -s "got named group: secp521r1(0019)" \
1231 -s "Verifying peer X.509 certificate... ok" \
1232 -s "HTTP/1.0 200 OK" \
1233 -C "received HelloRetryRequest message"
1234
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1235requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1236requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1239requires_openssl_tls1_3
1240run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
1241 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1242 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1243 0 \
1244 -s "Protocol is TLSv1.3" \
1245 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1246 -s "received signature algorithm: 0x603" \
1247 -s "got named group: secp521r1(0019)" \
1248 -s "Verifying peer X.509 certificate... ok" \
1249 -s "HTTP/1.0 200 OK" \
1250 -C "received HelloRetryRequest message"
1251
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1252requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1253requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1254requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1255requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1256requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1257requires_openssl_tls1_3
1258run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
1259 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1260 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
1261 0 \
1262 -s "Protocol is TLSv1.3" \
1263 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1264 -s "received signature algorithm: 0x804" \
1265 -s "got named group: secp521r1(0019)" \
1266 -s "Verifying peer X.509 certificate... ok" \
1267 -s "HTTP/1.0 200 OK" \
1268 -C "received HelloRetryRequest message"
1269
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1270requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1271requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1272requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1273requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1274requires_openssl_tls1_3
1275run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
1276 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1277 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1278 0 \
1279 -s "Protocol is TLSv1.3" \
1280 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1281 -s "received signature algorithm: 0x403" \
1282 -s "got named group: x25519(001d)" \
1283 -s "Verifying peer X.509 certificate... ok" \
1284 -s "HTTP/1.0 200 OK" \
1285 -C "received HelloRetryRequest message"
1286
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1287requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1288requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1289requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1290requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1291requires_openssl_tls1_3
1292run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
1293 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1294 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1295 0 \
1296 -s "Protocol is TLSv1.3" \
1297 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1298 -s "received signature algorithm: 0x503" \
1299 -s "got named group: x25519(001d)" \
1300 -s "Verifying peer X.509 certificate... ok" \
1301 -s "HTTP/1.0 200 OK" \
1302 -C "received HelloRetryRequest message"
1303
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1304requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1305requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1306requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1307requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1308requires_openssl_tls1_3
1309run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
1310 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1311 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1312 0 \
1313 -s "Protocol is TLSv1.3" \
1314 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1315 -s "received signature algorithm: 0x603" \
1316 -s "got named group: x25519(001d)" \
1317 -s "Verifying peer X.509 certificate... ok" \
1318 -s "HTTP/1.0 200 OK" \
1319 -C "received HelloRetryRequest message"
1320
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1321requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1322requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1323requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1324requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1325requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1326requires_openssl_tls1_3
1327run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
1328 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1329 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
1330 0 \
1331 -s "Protocol is TLSv1.3" \
1332 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1333 -s "received signature algorithm: 0x804" \
1334 -s "got named group: x25519(001d)" \
1335 -s "Verifying peer X.509 certificate... ok" \
1336 -s "HTTP/1.0 200 OK" \
1337 -C "received HelloRetryRequest message"
1338
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1339requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1340requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1341requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1342requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1343requires_openssl_tls1_3
1344run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
1345 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1346 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1347 0 \
1348 -s "Protocol is TLSv1.3" \
1349 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1350 -s "received signature algorithm: 0x403" \
1351 -s "got named group: x448(001e)" \
1352 -s "Verifying peer X.509 certificate... ok" \
1353 -s "HTTP/1.0 200 OK" \
1354 -C "received HelloRetryRequest message"
1355
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1356requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1357requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1358requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1360requires_openssl_tls1_3
1361run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
1362 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1363 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1364 0 \
1365 -s "Protocol is TLSv1.3" \
1366 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1367 -s "received signature algorithm: 0x503" \
1368 -s "got named group: x448(001e)" \
1369 -s "Verifying peer X.509 certificate... ok" \
1370 -s "HTTP/1.0 200 OK" \
1371 -C "received HelloRetryRequest message"
1372
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1373requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1374requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1375requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1376requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1377requires_openssl_tls1_3
1378run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
1379 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1380 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1381 0 \
1382 -s "Protocol is TLSv1.3" \
1383 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1384 -s "received signature algorithm: 0x603" \
1385 -s "got named group: x448(001e)" \
1386 -s "Verifying peer X.509 certificate... ok" \
1387 -s "HTTP/1.0 200 OK" \
1388 -C "received HelloRetryRequest message"
1389
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1390requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1391requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1392requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1393requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1394requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1395requires_openssl_tls1_3
1396run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
1397 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1398 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
1399 0 \
1400 -s "Protocol is TLSv1.3" \
1401 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
1402 -s "received signature algorithm: 0x804" \
1403 -s "got named group: x448(001e)" \
1404 -s "Verifying peer X.509 certificate... ok" \
1405 -s "HTTP/1.0 200 OK" \
1406 -C "received HelloRetryRequest message"
1407
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1408requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1409requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1410requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1412requires_openssl_tls1_3
1413run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
1414 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1415 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1416 0 \
1417 -s "Protocol is TLSv1.3" \
1418 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1419 -s "received signature algorithm: 0x403" \
1420 -s "got named group: secp256r1(0017)" \
1421 -s "Verifying peer X.509 certificate... ok" \
1422 -s "HTTP/1.0 200 OK" \
1423 -C "received HelloRetryRequest message"
1424
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1425requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1426requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1427requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1428requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1429requires_openssl_tls1_3
1430run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
1431 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1432 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1433 0 \
1434 -s "Protocol is TLSv1.3" \
1435 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1436 -s "received signature algorithm: 0x503" \
1437 -s "got named group: secp256r1(0017)" \
1438 -s "Verifying peer X.509 certificate... ok" \
1439 -s "HTTP/1.0 200 OK" \
1440 -C "received HelloRetryRequest message"
1441
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1442requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1443requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1444requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1445requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1446requires_openssl_tls1_3
1447run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
1448 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1449 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1450 0 \
1451 -s "Protocol is TLSv1.3" \
1452 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1453 -s "received signature algorithm: 0x603" \
1454 -s "got named group: secp256r1(0017)" \
1455 -s "Verifying peer X.509 certificate... ok" \
1456 -s "HTTP/1.0 200 OK" \
1457 -C "received HelloRetryRequest message"
1458
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1459requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1460requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1461requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1462requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1463requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1464requires_openssl_tls1_3
1465run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
1466 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1467 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
1468 0 \
1469 -s "Protocol is TLSv1.3" \
1470 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1471 -s "received signature algorithm: 0x804" \
1472 -s "got named group: secp256r1(0017)" \
1473 -s "Verifying peer X.509 certificate... ok" \
1474 -s "HTTP/1.0 200 OK" \
1475 -C "received HelloRetryRequest message"
1476
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1477requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1478requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1479requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1480requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1481requires_openssl_tls1_3
1482run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
1483 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1484 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1485 0 \
1486 -s "Protocol is TLSv1.3" \
1487 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1488 -s "received signature algorithm: 0x403" \
1489 -s "got named group: secp384r1(0018)" \
1490 -s "Verifying peer X.509 certificate... ok" \
1491 -s "HTTP/1.0 200 OK" \
1492 -C "received HelloRetryRequest message"
1493
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1494requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1495requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1496requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1497requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1498requires_openssl_tls1_3
1499run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
1500 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1501 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1502 0 \
1503 -s "Protocol is TLSv1.3" \
1504 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1505 -s "received signature algorithm: 0x503" \
1506 -s "got named group: secp384r1(0018)" \
1507 -s "Verifying peer X.509 certificate... ok" \
1508 -s "HTTP/1.0 200 OK" \
1509 -C "received HelloRetryRequest message"
1510
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1511requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1512requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1513requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1514requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1515requires_openssl_tls1_3
1516run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
1517 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1518 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1519 0 \
1520 -s "Protocol is TLSv1.3" \
1521 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1522 -s "received signature algorithm: 0x603" \
1523 -s "got named group: secp384r1(0018)" \
1524 -s "Verifying peer X.509 certificate... ok" \
1525 -s "HTTP/1.0 200 OK" \
1526 -C "received HelloRetryRequest message"
1527
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1528requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1529requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1530requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1531requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1532requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1533requires_openssl_tls1_3
1534run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
1535 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1536 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
1537 0 \
1538 -s "Protocol is TLSv1.3" \
1539 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1540 -s "received signature algorithm: 0x804" \
1541 -s "got named group: secp384r1(0018)" \
1542 -s "Verifying peer X.509 certificate... ok" \
1543 -s "HTTP/1.0 200 OK" \
1544 -C "received HelloRetryRequest message"
1545
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1546requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1547requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1548requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1549requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1550requires_openssl_tls1_3
1551run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
1552 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1553 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1554 0 \
1555 -s "Protocol is TLSv1.3" \
1556 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1557 -s "received signature algorithm: 0x403" \
1558 -s "got named group: secp521r1(0019)" \
1559 -s "Verifying peer X.509 certificate... ok" \
1560 -s "HTTP/1.0 200 OK" \
1561 -C "received HelloRetryRequest message"
1562
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1563requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1564requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1565requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1566requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1567requires_openssl_tls1_3
1568run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
1569 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1570 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1571 0 \
1572 -s "Protocol is TLSv1.3" \
1573 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1574 -s "received signature algorithm: 0x503" \
1575 -s "got named group: secp521r1(0019)" \
1576 -s "Verifying peer X.509 certificate... ok" \
1577 -s "HTTP/1.0 200 OK" \
1578 -C "received HelloRetryRequest message"
1579
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1580requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1581requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1582requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1583requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1584requires_openssl_tls1_3
1585run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
1586 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1587 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1588 0 \
1589 -s "Protocol is TLSv1.3" \
1590 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1591 -s "received signature algorithm: 0x603" \
1592 -s "got named group: secp521r1(0019)" \
1593 -s "Verifying peer X.509 certificate... ok" \
1594 -s "HTTP/1.0 200 OK" \
1595 -C "received HelloRetryRequest message"
1596
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1597requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1598requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1599requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1600requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1601requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1602requires_openssl_tls1_3
1603run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
1604 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1605 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
1606 0 \
1607 -s "Protocol is TLSv1.3" \
1608 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1609 -s "received signature algorithm: 0x804" \
1610 -s "got named group: secp521r1(0019)" \
1611 -s "Verifying peer X.509 certificate... ok" \
1612 -s "HTTP/1.0 200 OK" \
1613 -C "received HelloRetryRequest message"
1614
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1615requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1616requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1617requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1618requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1619requires_openssl_tls1_3
1620run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
1621 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1622 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1623 0 \
1624 -s "Protocol is TLSv1.3" \
1625 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1626 -s "received signature algorithm: 0x403" \
1627 -s "got named group: x25519(001d)" \
1628 -s "Verifying peer X.509 certificate... ok" \
1629 -s "HTTP/1.0 200 OK" \
1630 -C "received HelloRetryRequest message"
1631
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1632requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1633requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1634requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1635requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1636requires_openssl_tls1_3
1637run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
1638 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1639 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1640 0 \
1641 -s "Protocol is TLSv1.3" \
1642 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1643 -s "received signature algorithm: 0x503" \
1644 -s "got named group: x25519(001d)" \
1645 -s "Verifying peer X.509 certificate... ok" \
1646 -s "HTTP/1.0 200 OK" \
1647 -C "received HelloRetryRequest message"
1648
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1649requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1650requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1651requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1652requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1653requires_openssl_tls1_3
1654run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
1655 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1656 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1657 0 \
1658 -s "Protocol is TLSv1.3" \
1659 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1660 -s "received signature algorithm: 0x603" \
1661 -s "got named group: x25519(001d)" \
1662 -s "Verifying peer X.509 certificate... ok" \
1663 -s "HTTP/1.0 200 OK" \
1664 -C "received HelloRetryRequest message"
1665
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1666requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1667requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1668requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1669requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1670requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1671requires_openssl_tls1_3
1672run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
1673 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1674 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
1675 0 \
1676 -s "Protocol is TLSv1.3" \
1677 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1678 -s "received signature algorithm: 0x804" \
1679 -s "got named group: x25519(001d)" \
1680 -s "Verifying peer X.509 certificate... ok" \
1681 -s "HTTP/1.0 200 OK" \
1682 -C "received HelloRetryRequest message"
1683
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1684requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1685requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1686requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1687requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1688requires_openssl_tls1_3
1689run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
1690 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1691 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1692 0 \
1693 -s "Protocol is TLSv1.3" \
1694 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1695 -s "received signature algorithm: 0x403" \
1696 -s "got named group: x448(001e)" \
1697 -s "Verifying peer X.509 certificate... ok" \
1698 -s "HTTP/1.0 200 OK" \
1699 -C "received HelloRetryRequest message"
1700
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1701requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1702requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1703requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1704requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1705requires_openssl_tls1_3
1706run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
1707 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1708 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1709 0 \
1710 -s "Protocol is TLSv1.3" \
1711 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1712 -s "received signature algorithm: 0x503" \
1713 -s "got named group: x448(001e)" \
1714 -s "Verifying peer X.509 certificate... ok" \
1715 -s "HTTP/1.0 200 OK" \
1716 -C "received HelloRetryRequest message"
1717
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1718requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1719requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1720requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1722requires_openssl_tls1_3
1723run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
1724 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1725 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
1726 0 \
1727 -s "Protocol is TLSv1.3" \
1728 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1729 -s "received signature algorithm: 0x603" \
1730 -s "got named group: x448(001e)" \
1731 -s "Verifying peer X.509 certificate... ok" \
1732 -s "HTTP/1.0 200 OK" \
1733 -C "received HelloRetryRequest message"
1734
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1735requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1736requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1737requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1738requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1739requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1740requires_openssl_tls1_3
1741run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
1742 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
1743 "$O_NEXT_CLI_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -CAfile data_files/test-ca_cat12.crt" \
1744 0 \
1745 -s "Protocol is TLSv1.3" \
1746 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
1747 -s "received signature algorithm: 0x804" \
1748 -s "got named group: x448(001e)" \
1749 -s "Verifying peer X.509 certificate... ok" \
1750 -s "HTTP/1.0 200 OK" \
1751 -C "received HelloRetryRequest message"
1752
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1753requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1754requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1755requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1756requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1757requires_gnutls_tls1_3
1758requires_gnutls_next_no_ticket
1759requires_gnutls_next_disable_tls13_compat
1760run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
1761 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1762 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1763 0 \
1764 -s "Protocol is TLSv1.3" \
1765 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1766 -s "received signature algorithm: 0x403" \
1767 -s "got named group: secp256r1(0017)" \
1768 -s "Verifying peer X.509 certificate... ok" \
1769 -c "HTTP/1.0 200 OK" \
1770 -C "received HelloRetryRequest message"
1771
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1772requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1773requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1774requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1775requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1776requires_gnutls_tls1_3
1777requires_gnutls_next_no_ticket
1778requires_gnutls_next_disable_tls13_compat
1779run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
1780 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1781 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1782 0 \
1783 -s "Protocol is TLSv1.3" \
1784 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1785 -s "received signature algorithm: 0x503" \
1786 -s "got named group: secp256r1(0017)" \
1787 -s "Verifying peer X.509 certificate... ok" \
1788 -c "HTTP/1.0 200 OK" \
1789 -C "received HelloRetryRequest message"
1790
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1791requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1792requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1793requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1794requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1795requires_gnutls_tls1_3
1796requires_gnutls_next_no_ticket
1797requires_gnutls_next_disable_tls13_compat
1798run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
1799 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1800 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1801 0 \
1802 -s "Protocol is TLSv1.3" \
1803 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1804 -s "received signature algorithm: 0x603" \
1805 -s "got named group: secp256r1(0017)" \
1806 -s "Verifying peer X.509 certificate... ok" \
1807 -c "HTTP/1.0 200 OK" \
1808 -C "received HelloRetryRequest message"
1809
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1810requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1811requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1812requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1813requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1814requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1815requires_gnutls_tls1_3
1816requires_gnutls_next_no_ticket
1817requires_gnutls_next_disable_tls13_compat
1818run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
1819 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1820 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1821 0 \
1822 -s "Protocol is TLSv1.3" \
1823 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1824 -s "received signature algorithm: 0x804" \
1825 -s "got named group: secp256r1(0017)" \
1826 -s "Verifying peer X.509 certificate... ok" \
1827 -c "HTTP/1.0 200 OK" \
1828 -C "received HelloRetryRequest message"
1829
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1830requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1831requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1832requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1833requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1834requires_gnutls_tls1_3
1835requires_gnutls_next_no_ticket
1836requires_gnutls_next_disable_tls13_compat
1837run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
1838 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1839 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1840 0 \
1841 -s "Protocol is TLSv1.3" \
1842 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1843 -s "received signature algorithm: 0x403" \
1844 -s "got named group: secp384r1(0018)" \
1845 -s "Verifying peer X.509 certificate... ok" \
1846 -c "HTTP/1.0 200 OK" \
1847 -C "received HelloRetryRequest message"
1848
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1849requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1850requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1851requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1852requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1853requires_gnutls_tls1_3
1854requires_gnutls_next_no_ticket
1855requires_gnutls_next_disable_tls13_compat
1856run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
1857 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1858 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1859 0 \
1860 -s "Protocol is TLSv1.3" \
1861 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1862 -s "received signature algorithm: 0x503" \
1863 -s "got named group: secp384r1(0018)" \
1864 -s "Verifying peer X.509 certificate... ok" \
1865 -c "HTTP/1.0 200 OK" \
1866 -C "received HelloRetryRequest message"
1867
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1868requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1869requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1870requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1871requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1872requires_gnutls_tls1_3
1873requires_gnutls_next_no_ticket
1874requires_gnutls_next_disable_tls13_compat
1875run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
1876 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1877 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1878 0 \
1879 -s "Protocol is TLSv1.3" \
1880 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1881 -s "received signature algorithm: 0x603" \
1882 -s "got named group: secp384r1(0018)" \
1883 -s "Verifying peer X.509 certificate... ok" \
1884 -c "HTTP/1.0 200 OK" \
1885 -C "received HelloRetryRequest message"
1886
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1887requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1888requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1889requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1890requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1891requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1892requires_gnutls_tls1_3
1893requires_gnutls_next_no_ticket
1894requires_gnutls_next_disable_tls13_compat
1895run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
1896 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1897 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1898 0 \
1899 -s "Protocol is TLSv1.3" \
1900 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1901 -s "received signature algorithm: 0x804" \
1902 -s "got named group: secp384r1(0018)" \
1903 -s "Verifying peer X.509 certificate... ok" \
1904 -c "HTTP/1.0 200 OK" \
1905 -C "received HelloRetryRequest message"
1906
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1907requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1908requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1909requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1910requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1911requires_gnutls_tls1_3
1912requires_gnutls_next_no_ticket
1913requires_gnutls_next_disable_tls13_compat
1914run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
1915 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1916 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1917 0 \
1918 -s "Protocol is TLSv1.3" \
1919 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1920 -s "received signature algorithm: 0x403" \
1921 -s "got named group: secp521r1(0019)" \
1922 -s "Verifying peer X.509 certificate... ok" \
1923 -c "HTTP/1.0 200 OK" \
1924 -C "received HelloRetryRequest message"
1925
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1926requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1927requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1928requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1929requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1930requires_gnutls_tls1_3
1931requires_gnutls_next_no_ticket
1932requires_gnutls_next_disable_tls13_compat
1933run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
1934 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1935 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1936 0 \
1937 -s "Protocol is TLSv1.3" \
1938 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1939 -s "received signature algorithm: 0x503" \
1940 -s "got named group: secp521r1(0019)" \
1941 -s "Verifying peer X.509 certificate... ok" \
1942 -c "HTTP/1.0 200 OK" \
1943 -C "received HelloRetryRequest message"
1944
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1945requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1946requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1947requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1948requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1949requires_gnutls_tls1_3
1950requires_gnutls_next_no_ticket
1951requires_gnutls_next_disable_tls13_compat
1952run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
1953 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1954 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1955 0 \
1956 -s "Protocol is TLSv1.3" \
1957 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1958 -s "received signature algorithm: 0x603" \
1959 -s "got named group: secp521r1(0019)" \
1960 -s "Verifying peer X.509 certificate... ok" \
1961 -c "HTTP/1.0 200 OK" \
1962 -C "received HelloRetryRequest message"
1963
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1964requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1965requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1966requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1967requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1968requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1969requires_gnutls_tls1_3
1970requires_gnutls_next_no_ticket
1971requires_gnutls_next_disable_tls13_compat
1972run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
1973 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1974 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1975 0 \
1976 -s "Protocol is TLSv1.3" \
1977 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1978 -s "received signature algorithm: 0x804" \
1979 -s "got named group: secp521r1(0019)" \
1980 -s "Verifying peer X.509 certificate... ok" \
1981 -c "HTTP/1.0 200 OK" \
1982 -C "received HelloRetryRequest message"
1983
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1984requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]1985requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1986requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1988requires_gnutls_tls1_3
1989requires_gnutls_next_no_ticket
1990requires_gnutls_next_disable_tls13_compat
1991run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
1992 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]1993 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]1994 0 \
1995 -s "Protocol is TLSv1.3" \
1996 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
1997 -s "received signature algorithm: 0x403" \
1998 -s "got named group: x25519(001d)" \
1999 -s "Verifying peer X.509 certificate... ok" \
2000 -c "HTTP/1.0 200 OK" \
2001 -C "received HelloRetryRequest message"
2002
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2003requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2004requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2005requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2006requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2007requires_gnutls_tls1_3
2008requires_gnutls_next_no_ticket
2009requires_gnutls_next_disable_tls13_compat
2010run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
2011 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2012 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2013 0 \
2014 -s "Protocol is TLSv1.3" \
2015 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2016 -s "received signature algorithm: 0x503" \
2017 -s "got named group: x25519(001d)" \
2018 -s "Verifying peer X.509 certificate... ok" \
2019 -c "HTTP/1.0 200 OK" \
2020 -C "received HelloRetryRequest message"
2021
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2022requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2023requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2024requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2025requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2026requires_gnutls_tls1_3
2027requires_gnutls_next_no_ticket
2028requires_gnutls_next_disable_tls13_compat
2029run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
2030 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2031 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2032 0 \
2033 -s "Protocol is TLSv1.3" \
2034 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2035 -s "received signature algorithm: 0x603" \
2036 -s "got named group: x25519(001d)" \
2037 -s "Verifying peer X.509 certificate... ok" \
2038 -c "HTTP/1.0 200 OK" \
2039 -C "received HelloRetryRequest message"
2040
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2041requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2042requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2043requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2044requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2045requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2046requires_gnutls_tls1_3
2047requires_gnutls_next_no_ticket
2048requires_gnutls_next_disable_tls13_compat
2049run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
2050 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2051 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2052 0 \
2053 -s "Protocol is TLSv1.3" \
2054 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2055 -s "received signature algorithm: 0x804" \
2056 -s "got named group: x25519(001d)" \
2057 -s "Verifying peer X.509 certificate... ok" \
2058 -c "HTTP/1.0 200 OK" \
2059 -C "received HelloRetryRequest message"
2060
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2061requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2062requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2063requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2064requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2065requires_gnutls_tls1_3
2066requires_gnutls_next_no_ticket
2067requires_gnutls_next_disable_tls13_compat
2068run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
2069 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2070 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2071 0 \
2072 -s "Protocol is TLSv1.3" \
2073 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2074 -s "received signature algorithm: 0x403" \
2075 -s "got named group: x448(001e)" \
2076 -s "Verifying peer X.509 certificate... ok" \
2077 -c "HTTP/1.0 200 OK" \
2078 -C "received HelloRetryRequest message"
2079
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2080requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2081requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2082requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2084requires_gnutls_tls1_3
2085requires_gnutls_next_no_ticket
2086requires_gnutls_next_disable_tls13_compat
2087run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
2088 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2089 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2090 0 \
2091 -s "Protocol is TLSv1.3" \
2092 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2093 -s "received signature algorithm: 0x503" \
2094 -s "got named group: x448(001e)" \
2095 -s "Verifying peer X.509 certificate... ok" \
2096 -c "HTTP/1.0 200 OK" \
2097 -C "received HelloRetryRequest message"
2098
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2099requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2100requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2101requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2102requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2103requires_gnutls_tls1_3
2104requires_gnutls_next_no_ticket
2105requires_gnutls_next_disable_tls13_compat
2106run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
2107 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2108 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2109 0 \
2110 -s "Protocol is TLSv1.3" \
2111 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2112 -s "received signature algorithm: 0x603" \
2113 -s "got named group: x448(001e)" \
2114 -s "Verifying peer X.509 certificate... ok" \
2115 -c "HTTP/1.0 200 OK" \
2116 -C "received HelloRetryRequest message"
2117
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2118requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2119requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2120requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2122requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2123requires_gnutls_tls1_3
2124requires_gnutls_next_no_ticket
2125requires_gnutls_next_disable_tls13_compat
2126run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
2127 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2128 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2129 0 \
2130 -s "Protocol is TLSv1.3" \
2131 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
2132 -s "received signature algorithm: 0x804" \
2133 -s "got named group: x448(001e)" \
2134 -s "Verifying peer X.509 certificate... ok" \
2135 -c "HTTP/1.0 200 OK" \
2136 -C "received HelloRetryRequest message"
2137
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2138requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2139requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2140requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2142requires_gnutls_tls1_3
2143requires_gnutls_next_no_ticket
2144requires_gnutls_next_disable_tls13_compat
2145run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
2146 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2147 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2148 0 \
2149 -s "Protocol is TLSv1.3" \
2150 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2151 -s "received signature algorithm: 0x403" \
2152 -s "got named group: secp256r1(0017)" \
2153 -s "Verifying peer X.509 certificate... ok" \
2154 -c "HTTP/1.0 200 OK" \
2155 -C "received HelloRetryRequest message"
2156
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2157requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2158requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2159requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2160requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2161requires_gnutls_tls1_3
2162requires_gnutls_next_no_ticket
2163requires_gnutls_next_disable_tls13_compat
2164run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
2165 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2166 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2167 0 \
2168 -s "Protocol is TLSv1.3" \
2169 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2170 -s "received signature algorithm: 0x503" \
2171 -s "got named group: secp256r1(0017)" \
2172 -s "Verifying peer X.509 certificate... ok" \
2173 -c "HTTP/1.0 200 OK" \
2174 -C "received HelloRetryRequest message"
2175
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2176requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2177requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2178requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2180requires_gnutls_tls1_3
2181requires_gnutls_next_no_ticket
2182requires_gnutls_next_disable_tls13_compat
2183run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
2184 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2185 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2186 0 \
2187 -s "Protocol is TLSv1.3" \
2188 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2189 -s "received signature algorithm: 0x603" \
2190 -s "got named group: secp256r1(0017)" \
2191 -s "Verifying peer X.509 certificate... ok" \
2192 -c "HTTP/1.0 200 OK" \
2193 -C "received HelloRetryRequest message"
2194
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2195requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2196requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2197requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2198requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2199requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2200requires_gnutls_tls1_3
2201requires_gnutls_next_no_ticket
2202requires_gnutls_next_disable_tls13_compat
2203run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
2204 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2205 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2206 0 \
2207 -s "Protocol is TLSv1.3" \
2208 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2209 -s "received signature algorithm: 0x804" \
2210 -s "got named group: secp256r1(0017)" \
2211 -s "Verifying peer X.509 certificate... ok" \
2212 -c "HTTP/1.0 200 OK" \
2213 -C "received HelloRetryRequest message"
2214
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2215requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2216requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2217requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2218requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2219requires_gnutls_tls1_3
2220requires_gnutls_next_no_ticket
2221requires_gnutls_next_disable_tls13_compat
2222run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
2223 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2224 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2225 0 \
2226 -s "Protocol is TLSv1.3" \
2227 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2228 -s "received signature algorithm: 0x403" \
2229 -s "got named group: secp384r1(0018)" \
2230 -s "Verifying peer X.509 certificate... ok" \
2231 -c "HTTP/1.0 200 OK" \
2232 -C "received HelloRetryRequest message"
2233
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2234requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2235requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2236requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2237requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2238requires_gnutls_tls1_3
2239requires_gnutls_next_no_ticket
2240requires_gnutls_next_disable_tls13_compat
2241run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
2242 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2243 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2244 0 \
2245 -s "Protocol is TLSv1.3" \
2246 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2247 -s "received signature algorithm: 0x503" \
2248 -s "got named group: secp384r1(0018)" \
2249 -s "Verifying peer X.509 certificate... ok" \
2250 -c "HTTP/1.0 200 OK" \
2251 -C "received HelloRetryRequest message"
2252
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2253requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2254requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2255requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2257requires_gnutls_tls1_3
2258requires_gnutls_next_no_ticket
2259requires_gnutls_next_disable_tls13_compat
2260run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
2261 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2262 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2263 0 \
2264 -s "Protocol is TLSv1.3" \
2265 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2266 -s "received signature algorithm: 0x603" \
2267 -s "got named group: secp384r1(0018)" \
2268 -s "Verifying peer X.509 certificate... ok" \
2269 -c "HTTP/1.0 200 OK" \
2270 -C "received HelloRetryRequest message"
2271
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2272requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2273requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2274requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2275requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2276requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2277requires_gnutls_tls1_3
2278requires_gnutls_next_no_ticket
2279requires_gnutls_next_disable_tls13_compat
2280run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
2281 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2282 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2283 0 \
2284 -s "Protocol is TLSv1.3" \
2285 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2286 -s "received signature algorithm: 0x804" \
2287 -s "got named group: secp384r1(0018)" \
2288 -s "Verifying peer X.509 certificate... ok" \
2289 -c "HTTP/1.0 200 OK" \
2290 -C "received HelloRetryRequest message"
2291
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2292requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2293requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2294requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2295requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2296requires_gnutls_tls1_3
2297requires_gnutls_next_no_ticket
2298requires_gnutls_next_disable_tls13_compat
2299run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
2300 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2301 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2302 0 \
2303 -s "Protocol is TLSv1.3" \
2304 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2305 -s "received signature algorithm: 0x403" \
2306 -s "got named group: secp521r1(0019)" \
2307 -s "Verifying peer X.509 certificate... ok" \
2308 -c "HTTP/1.0 200 OK" \
2309 -C "received HelloRetryRequest message"
2310
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2311requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2312requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2313requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2314requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2315requires_gnutls_tls1_3
2316requires_gnutls_next_no_ticket
2317requires_gnutls_next_disable_tls13_compat
2318run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
2319 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2320 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2321 0 \
2322 -s "Protocol is TLSv1.3" \
2323 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2324 -s "received signature algorithm: 0x503" \
2325 -s "got named group: secp521r1(0019)" \
2326 -s "Verifying peer X.509 certificate... ok" \
2327 -c "HTTP/1.0 200 OK" \
2328 -C "received HelloRetryRequest message"
2329
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2330requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2331requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2332requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2333requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2334requires_gnutls_tls1_3
2335requires_gnutls_next_no_ticket
2336requires_gnutls_next_disable_tls13_compat
2337run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
2338 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2339 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2340 0 \
2341 -s "Protocol is TLSv1.3" \
2342 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2343 -s "received signature algorithm: 0x603" \
2344 -s "got named group: secp521r1(0019)" \
2345 -s "Verifying peer X.509 certificate... ok" \
2346 -c "HTTP/1.0 200 OK" \
2347 -C "received HelloRetryRequest message"
2348
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2349requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2350requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2351requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2352requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2353requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2354requires_gnutls_tls1_3
2355requires_gnutls_next_no_ticket
2356requires_gnutls_next_disable_tls13_compat
2357run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
2358 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2359 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2360 0 \
2361 -s "Protocol is TLSv1.3" \
2362 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2363 -s "received signature algorithm: 0x804" \
2364 -s "got named group: secp521r1(0019)" \
2365 -s "Verifying peer X.509 certificate... ok" \
2366 -c "HTTP/1.0 200 OK" \
2367 -C "received HelloRetryRequest message"
2368
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2369requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2370requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2371requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2372requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2373requires_gnutls_tls1_3
2374requires_gnutls_next_no_ticket
2375requires_gnutls_next_disable_tls13_compat
2376run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
2377 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2378 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2379 0 \
2380 -s "Protocol is TLSv1.3" \
2381 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2382 -s "received signature algorithm: 0x403" \
2383 -s "got named group: x25519(001d)" \
2384 -s "Verifying peer X.509 certificate... ok" \
2385 -c "HTTP/1.0 200 OK" \
2386 -C "received HelloRetryRequest message"
2387
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2388requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2389requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2390requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2391requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2392requires_gnutls_tls1_3
2393requires_gnutls_next_no_ticket
2394requires_gnutls_next_disable_tls13_compat
2395run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
2396 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2397 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2398 0 \
2399 -s "Protocol is TLSv1.3" \
2400 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2401 -s "received signature algorithm: 0x503" \
2402 -s "got named group: x25519(001d)" \
2403 -s "Verifying peer X.509 certificate... ok" \
2404 -c "HTTP/1.0 200 OK" \
2405 -C "received HelloRetryRequest message"
2406
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2407requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2408requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2409requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2410requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2411requires_gnutls_tls1_3
2412requires_gnutls_next_no_ticket
2413requires_gnutls_next_disable_tls13_compat
2414run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
2415 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2416 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2417 0 \
2418 -s "Protocol is TLSv1.3" \
2419 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2420 -s "received signature algorithm: 0x603" \
2421 -s "got named group: x25519(001d)" \
2422 -s "Verifying peer X.509 certificate... ok" \
2423 -c "HTTP/1.0 200 OK" \
2424 -C "received HelloRetryRequest message"
2425
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2426requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2427requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2428requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2429requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2430requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2431requires_gnutls_tls1_3
2432requires_gnutls_next_no_ticket
2433requires_gnutls_next_disable_tls13_compat
2434run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
2435 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2436 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2437 0 \
2438 -s "Protocol is TLSv1.3" \
2439 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2440 -s "received signature algorithm: 0x804" \
2441 -s "got named group: x25519(001d)" \
2442 -s "Verifying peer X.509 certificate... ok" \
2443 -c "HTTP/1.0 200 OK" \
2444 -C "received HelloRetryRequest message"
2445
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2446requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2447requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2448requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2449requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2450requires_gnutls_tls1_3
2451requires_gnutls_next_no_ticket
2452requires_gnutls_next_disable_tls13_compat
2453run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
2454 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2455 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2456 0 \
2457 -s "Protocol is TLSv1.3" \
2458 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2459 -s "received signature algorithm: 0x403" \
2460 -s "got named group: x448(001e)" \
2461 -s "Verifying peer X.509 certificate... ok" \
2462 -c "HTTP/1.0 200 OK" \
2463 -C "received HelloRetryRequest message"
2464
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2465requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2466requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2467requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2468requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2469requires_gnutls_tls1_3
2470requires_gnutls_next_no_ticket
2471requires_gnutls_next_disable_tls13_compat
2472run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
2473 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2474 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2475 0 \
2476 -s "Protocol is TLSv1.3" \
2477 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2478 -s "received signature algorithm: 0x503" \
2479 -s "got named group: x448(001e)" \
2480 -s "Verifying peer X.509 certificate... ok" \
2481 -c "HTTP/1.0 200 OK" \
2482 -C "received HelloRetryRequest message"
2483
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2484requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2485requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2486requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2487requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2488requires_gnutls_tls1_3
2489requires_gnutls_next_no_ticket
2490requires_gnutls_next_disable_tls13_compat
2491run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
2492 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2493 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2494 0 \
2495 -s "Protocol is TLSv1.3" \
2496 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2497 -s "received signature algorithm: 0x603" \
2498 -s "got named group: x448(001e)" \
2499 -s "Verifying peer X.509 certificate... ok" \
2500 -c "HTTP/1.0 200 OK" \
2501 -C "received HelloRetryRequest message"
2502
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2503requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2504requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2505requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2506requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2507requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2508requires_gnutls_tls1_3
2509requires_gnutls_next_no_ticket
2510requires_gnutls_next_disable_tls13_compat
2511run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
2512 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2513 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2514 0 \
2515 -s "Protocol is TLSv1.3" \
2516 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
2517 -s "received signature algorithm: 0x804" \
2518 -s "got named group: x448(001e)" \
2519 -s "Verifying peer X.509 certificate... ok" \
2520 -c "HTTP/1.0 200 OK" \
2521 -C "received HelloRetryRequest message"
2522
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2523requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2524requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2525requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2526requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2527requires_gnutls_tls1_3
2528requires_gnutls_next_no_ticket
2529requires_gnutls_next_disable_tls13_compat
2530run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
2531 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2532 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2533 0 \
2534 -s "Protocol is TLSv1.3" \
2535 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2536 -s "received signature algorithm: 0x403" \
2537 -s "got named group: secp256r1(0017)" \
2538 -s "Verifying peer X.509 certificate... ok" \
2539 -c "HTTP/1.0 200 OK" \
2540 -C "received HelloRetryRequest message"
2541
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2542requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2543requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2544requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2545requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2546requires_gnutls_tls1_3
2547requires_gnutls_next_no_ticket
2548requires_gnutls_next_disable_tls13_compat
2549run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
2550 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2551 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2552 0 \
2553 -s "Protocol is TLSv1.3" \
2554 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2555 -s "received signature algorithm: 0x503" \
2556 -s "got named group: secp256r1(0017)" \
2557 -s "Verifying peer X.509 certificate... ok" \
2558 -c "HTTP/1.0 200 OK" \
2559 -C "received HelloRetryRequest message"
2560
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2561requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2562requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2563requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2564requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2565requires_gnutls_tls1_3
2566requires_gnutls_next_no_ticket
2567requires_gnutls_next_disable_tls13_compat
2568run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
2569 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2570 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2571 0 \
2572 -s "Protocol is TLSv1.3" \
2573 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2574 -s "received signature algorithm: 0x603" \
2575 -s "got named group: secp256r1(0017)" \
2576 -s "Verifying peer X.509 certificate... ok" \
2577 -c "HTTP/1.0 200 OK" \
2578 -C "received HelloRetryRequest message"
2579
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2580requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2581requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2582requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2583requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2584requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2585requires_gnutls_tls1_3
2586requires_gnutls_next_no_ticket
2587requires_gnutls_next_disable_tls13_compat
2588run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
2589 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2590 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2591 0 \
2592 -s "Protocol is TLSv1.3" \
2593 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2594 -s "received signature algorithm: 0x804" \
2595 -s "got named group: secp256r1(0017)" \
2596 -s "Verifying peer X.509 certificate... ok" \
2597 -c "HTTP/1.0 200 OK" \
2598 -C "received HelloRetryRequest message"
2599
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2600requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2601requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2602requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2603requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2604requires_gnutls_tls1_3
2605requires_gnutls_next_no_ticket
2606requires_gnutls_next_disable_tls13_compat
2607run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
2608 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2609 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2610 0 \
2611 -s "Protocol is TLSv1.3" \
2612 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2613 -s "received signature algorithm: 0x403" \
2614 -s "got named group: secp384r1(0018)" \
2615 -s "Verifying peer X.509 certificate... ok" \
2616 -c "HTTP/1.0 200 OK" \
2617 -C "received HelloRetryRequest message"
2618
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2619requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2620requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2621requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2622requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2623requires_gnutls_tls1_3
2624requires_gnutls_next_no_ticket
2625requires_gnutls_next_disable_tls13_compat
2626run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
2627 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2628 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2629 0 \
2630 -s "Protocol is TLSv1.3" \
2631 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2632 -s "received signature algorithm: 0x503" \
2633 -s "got named group: secp384r1(0018)" \
2634 -s "Verifying peer X.509 certificate... ok" \
2635 -c "HTTP/1.0 200 OK" \
2636 -C "received HelloRetryRequest message"
2637
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2638requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2639requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2640requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2641requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2642requires_gnutls_tls1_3
2643requires_gnutls_next_no_ticket
2644requires_gnutls_next_disable_tls13_compat
2645run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
2646 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2647 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2648 0 \
2649 -s "Protocol is TLSv1.3" \
2650 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2651 -s "received signature algorithm: 0x603" \
2652 -s "got named group: secp384r1(0018)" \
2653 -s "Verifying peer X.509 certificate... ok" \
2654 -c "HTTP/1.0 200 OK" \
2655 -C "received HelloRetryRequest message"
2656
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2657requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2658requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2659requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2660requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2661requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2662requires_gnutls_tls1_3
2663requires_gnutls_next_no_ticket
2664requires_gnutls_next_disable_tls13_compat
2665run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
2666 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2667 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2668 0 \
2669 -s "Protocol is TLSv1.3" \
2670 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2671 -s "received signature algorithm: 0x804" \
2672 -s "got named group: secp384r1(0018)" \
2673 -s "Verifying peer X.509 certificate... ok" \
2674 -c "HTTP/1.0 200 OK" \
2675 -C "received HelloRetryRequest message"
2676
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2677requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2678requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2679requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2680requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2681requires_gnutls_tls1_3
2682requires_gnutls_next_no_ticket
2683requires_gnutls_next_disable_tls13_compat
2684run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
2685 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2686 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2687 0 \
2688 -s "Protocol is TLSv1.3" \
2689 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2690 -s "received signature algorithm: 0x403" \
2691 -s "got named group: secp521r1(0019)" \
2692 -s "Verifying peer X.509 certificate... ok" \
2693 -c "HTTP/1.0 200 OK" \
2694 -C "received HelloRetryRequest message"
2695
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2696requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2697requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2698requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2700requires_gnutls_tls1_3
2701requires_gnutls_next_no_ticket
2702requires_gnutls_next_disable_tls13_compat
2703run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
2704 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2705 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2706 0 \
2707 -s "Protocol is TLSv1.3" \
2708 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2709 -s "received signature algorithm: 0x503" \
2710 -s "got named group: secp521r1(0019)" \
2711 -s "Verifying peer X.509 certificate... ok" \
2712 -c "HTTP/1.0 200 OK" \
2713 -C "received HelloRetryRequest message"
2714
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2715requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2716requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2717requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2718requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2719requires_gnutls_tls1_3
2720requires_gnutls_next_no_ticket
2721requires_gnutls_next_disable_tls13_compat
2722run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
2723 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2724 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2725 0 \
2726 -s "Protocol is TLSv1.3" \
2727 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2728 -s "received signature algorithm: 0x603" \
2729 -s "got named group: secp521r1(0019)" \
2730 -s "Verifying peer X.509 certificate... ok" \
2731 -c "HTTP/1.0 200 OK" \
2732 -C "received HelloRetryRequest message"
2733
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2734requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2735requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2736requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2737requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2738requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2739requires_gnutls_tls1_3
2740requires_gnutls_next_no_ticket
2741requires_gnutls_next_disable_tls13_compat
2742run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
2743 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2744 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2745 0 \
2746 -s "Protocol is TLSv1.3" \
2747 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2748 -s "received signature algorithm: 0x804" \
2749 -s "got named group: secp521r1(0019)" \
2750 -s "Verifying peer X.509 certificate... ok" \
2751 -c "HTTP/1.0 200 OK" \
2752 -C "received HelloRetryRequest message"
2753
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2754requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2755requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2756requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2757requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2758requires_gnutls_tls1_3
2759requires_gnutls_next_no_ticket
2760requires_gnutls_next_disable_tls13_compat
2761run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
2762 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2763 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2764 0 \
2765 -s "Protocol is TLSv1.3" \
2766 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2767 -s "received signature algorithm: 0x403" \
2768 -s "got named group: x25519(001d)" \
2769 -s "Verifying peer X.509 certificate... ok" \
2770 -c "HTTP/1.0 200 OK" \
2771 -C "received HelloRetryRequest message"
2772
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2773requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2774requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2775requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2776requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2777requires_gnutls_tls1_3
2778requires_gnutls_next_no_ticket
2779requires_gnutls_next_disable_tls13_compat
2780run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
2781 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2782 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2783 0 \
2784 -s "Protocol is TLSv1.3" \
2785 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2786 -s "received signature algorithm: 0x503" \
2787 -s "got named group: x25519(001d)" \
2788 -s "Verifying peer X.509 certificate... ok" \
2789 -c "HTTP/1.0 200 OK" \
2790 -C "received HelloRetryRequest message"
2791
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2792requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2793requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2794requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2795requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2796requires_gnutls_tls1_3
2797requires_gnutls_next_no_ticket
2798requires_gnutls_next_disable_tls13_compat
2799run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
2800 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2801 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2802 0 \
2803 -s "Protocol is TLSv1.3" \
2804 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2805 -s "received signature algorithm: 0x603" \
2806 -s "got named group: x25519(001d)" \
2807 -s "Verifying peer X.509 certificate... ok" \
2808 -c "HTTP/1.0 200 OK" \
2809 -C "received HelloRetryRequest message"
2810
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2811requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2812requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2813requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2814requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2815requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2816requires_gnutls_tls1_3
2817requires_gnutls_next_no_ticket
2818requires_gnutls_next_disable_tls13_compat
2819run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
2820 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2821 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2822 0 \
2823 -s "Protocol is TLSv1.3" \
2824 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2825 -s "received signature algorithm: 0x804" \
2826 -s "got named group: x25519(001d)" \
2827 -s "Verifying peer X.509 certificate... ok" \
2828 -c "HTTP/1.0 200 OK" \
2829 -C "received HelloRetryRequest message"
2830
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2831requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2832requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2833requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2834requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2835requires_gnutls_tls1_3
2836requires_gnutls_next_no_ticket
2837requires_gnutls_next_disable_tls13_compat
2838run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
2839 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2840 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2841 0 \
2842 -s "Protocol is TLSv1.3" \
2843 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2844 -s "received signature algorithm: 0x403" \
2845 -s "got named group: x448(001e)" \
2846 -s "Verifying peer X.509 certificate... ok" \
2847 -c "HTTP/1.0 200 OK" \
2848 -C "received HelloRetryRequest message"
2849
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2850requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2851requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2852requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2853requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2854requires_gnutls_tls1_3
2855requires_gnutls_next_no_ticket
2856requires_gnutls_next_disable_tls13_compat
2857run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
2858 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2859 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2860 0 \
2861 -s "Protocol is TLSv1.3" \
2862 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2863 -s "received signature algorithm: 0x503" \
2864 -s "got named group: x448(001e)" \
2865 -s "Verifying peer X.509 certificate... ok" \
2866 -c "HTTP/1.0 200 OK" \
2867 -C "received HelloRetryRequest message"
2868
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2869requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2870requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2871requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2873requires_gnutls_tls1_3
2874requires_gnutls_next_no_ticket
2875requires_gnutls_next_disable_tls13_compat
2876run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
2877 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2878 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2879 0 \
2880 -s "Protocol is TLSv1.3" \
2881 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2882 -s "received signature algorithm: 0x603" \
2883 -s "got named group: x448(001e)" \
2884 -s "Verifying peer X.509 certificate... ok" \
2885 -c "HTTP/1.0 200 OK" \
2886 -C "received HelloRetryRequest message"
2887
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2888requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2889requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2890requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2891requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2892requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2893requires_gnutls_tls1_3
2894requires_gnutls_next_no_ticket
2895requires_gnutls_next_disable_tls13_compat
2896run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
2897 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2898 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2899 0 \
2900 -s "Protocol is TLSv1.3" \
2901 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
2902 -s "received signature algorithm: 0x804" \
2903 -s "got named group: x448(001e)" \
2904 -s "Verifying peer X.509 certificate... ok" \
2905 -c "HTTP/1.0 200 OK" \
2906 -C "received HelloRetryRequest message"
2907
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2908requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2909requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2910requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2912requires_gnutls_tls1_3
2913requires_gnutls_next_no_ticket
2914requires_gnutls_next_disable_tls13_compat
2915run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
2916 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2917 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2918 0 \
2919 -s "Protocol is TLSv1.3" \
2920 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2921 -s "received signature algorithm: 0x403" \
2922 -s "got named group: secp256r1(0017)" \
2923 -s "Verifying peer X.509 certificate... ok" \
2924 -c "HTTP/1.0 200 OK" \
2925 -C "received HelloRetryRequest message"
2926
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2927requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2928requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2929requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2930requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2931requires_gnutls_tls1_3
2932requires_gnutls_next_no_ticket
2933requires_gnutls_next_disable_tls13_compat
2934run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
2935 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2936 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2937 0 \
2938 -s "Protocol is TLSv1.3" \
2939 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2940 -s "received signature algorithm: 0x503" \
2941 -s "got named group: secp256r1(0017)" \
2942 -s "Verifying peer X.509 certificate... ok" \
2943 -c "HTTP/1.0 200 OK" \
2944 -C "received HelloRetryRequest message"
2945
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2946requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2947requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2948requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2949requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2950requires_gnutls_tls1_3
2951requires_gnutls_next_no_ticket
2952requires_gnutls_next_disable_tls13_compat
2953run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
2954 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2955 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2956 0 \
2957 -s "Protocol is TLSv1.3" \
2958 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2959 -s "received signature algorithm: 0x603" \
2960 -s "got named group: secp256r1(0017)" \
2961 -s "Verifying peer X.509 certificate... ok" \
2962 -c "HTTP/1.0 200 OK" \
2963 -C "received HelloRetryRequest message"
2964
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2965requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2966requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2967requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2968requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2969requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2970requires_gnutls_tls1_3
2971requires_gnutls_next_no_ticket
2972requires_gnutls_next_disable_tls13_compat
2973run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
2974 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2975 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2976 0 \
2977 -s "Protocol is TLSv1.3" \
2978 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2979 -s "received signature algorithm: 0x804" \
2980 -s "got named group: secp256r1(0017)" \
2981 -s "Verifying peer X.509 certificate... ok" \
2982 -c "HTTP/1.0 200 OK" \
2983 -C "received HelloRetryRequest message"
2984
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2985requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]2986requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2987requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2988requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2989requires_gnutls_tls1_3
2990requires_gnutls_next_no_ticket
2991requires_gnutls_next_disable_tls13_compat
2992run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
2993 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]2994 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]2995 0 \
2996 -s "Protocol is TLSv1.3" \
2997 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
2998 -s "received signature algorithm: 0x403" \
2999 -s "got named group: secp384r1(0018)" \
3000 -s "Verifying peer X.509 certificate... ok" \
3001 -c "HTTP/1.0 200 OK" \
3002 -C "received HelloRetryRequest message"
3003
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3004requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3005requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3006requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3007requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3008requires_gnutls_tls1_3
3009requires_gnutls_next_no_ticket
3010requires_gnutls_next_disable_tls13_compat
3011run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
3012 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3013 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3014 0 \
3015 -s "Protocol is TLSv1.3" \
3016 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3017 -s "received signature algorithm: 0x503" \
3018 -s "got named group: secp384r1(0018)" \
3019 -s "Verifying peer X.509 certificate... ok" \
3020 -c "HTTP/1.0 200 OK" \
3021 -C "received HelloRetryRequest message"
3022
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3023requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3024requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3025requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3026requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3027requires_gnutls_tls1_3
3028requires_gnutls_next_no_ticket
3029requires_gnutls_next_disable_tls13_compat
3030run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
3031 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3032 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3033 0 \
3034 -s "Protocol is TLSv1.3" \
3035 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3036 -s "received signature algorithm: 0x603" \
3037 -s "got named group: secp384r1(0018)" \
3038 -s "Verifying peer X.509 certificate... ok" \
3039 -c "HTTP/1.0 200 OK" \
3040 -C "received HelloRetryRequest message"
3041
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3042requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3043requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3044requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3045requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3046requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3047requires_gnutls_tls1_3
3048requires_gnutls_next_no_ticket
3049requires_gnutls_next_disable_tls13_compat
3050run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
3051 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3052 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3053 0 \
3054 -s "Protocol is TLSv1.3" \
3055 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3056 -s "received signature algorithm: 0x804" \
3057 -s "got named group: secp384r1(0018)" \
3058 -s "Verifying peer X.509 certificate... ok" \
3059 -c "HTTP/1.0 200 OK" \
3060 -C "received HelloRetryRequest message"
3061
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3062requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3063requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3064requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3065requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3066requires_gnutls_tls1_3
3067requires_gnutls_next_no_ticket
3068requires_gnutls_next_disable_tls13_compat
3069run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
3070 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3071 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3072 0 \
3073 -s "Protocol is TLSv1.3" \
3074 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3075 -s "received signature algorithm: 0x403" \
3076 -s "got named group: secp521r1(0019)" \
3077 -s "Verifying peer X.509 certificate... ok" \
3078 -c "HTTP/1.0 200 OK" \
3079 -C "received HelloRetryRequest message"
3080
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3081requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3082requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3083requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3084requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3085requires_gnutls_tls1_3
3086requires_gnutls_next_no_ticket
3087requires_gnutls_next_disable_tls13_compat
3088run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
3089 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3090 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3091 0 \
3092 -s "Protocol is TLSv1.3" \
3093 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3094 -s "received signature algorithm: 0x503" \
3095 -s "got named group: secp521r1(0019)" \
3096 -s "Verifying peer X.509 certificate... ok" \
3097 -c "HTTP/1.0 200 OK" \
3098 -C "received HelloRetryRequest message"
3099
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3100requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3101requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3102requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3103requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3104requires_gnutls_tls1_3
3105requires_gnutls_next_no_ticket
3106requires_gnutls_next_disable_tls13_compat
3107run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
3108 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3109 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3110 0 \
3111 -s "Protocol is TLSv1.3" \
3112 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3113 -s "received signature algorithm: 0x603" \
3114 -s "got named group: secp521r1(0019)" \
3115 -s "Verifying peer X.509 certificate... ok" \
3116 -c "HTTP/1.0 200 OK" \
3117 -C "received HelloRetryRequest message"
3118
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3119requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3120requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3121requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3122requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3123requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3124requires_gnutls_tls1_3
3125requires_gnutls_next_no_ticket
3126requires_gnutls_next_disable_tls13_compat
3127run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
3128 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3129 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3130 0 \
3131 -s "Protocol is TLSv1.3" \
3132 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3133 -s "received signature algorithm: 0x804" \
3134 -s "got named group: secp521r1(0019)" \
3135 -s "Verifying peer X.509 certificate... ok" \
3136 -c "HTTP/1.0 200 OK" \
3137 -C "received HelloRetryRequest message"
3138
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3139requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3140requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3141requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3142requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3143requires_gnutls_tls1_3
3144requires_gnutls_next_no_ticket
3145requires_gnutls_next_disable_tls13_compat
3146run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
3147 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3148 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3149 0 \
3150 -s "Protocol is TLSv1.3" \
3151 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3152 -s "received signature algorithm: 0x403" \
3153 -s "got named group: x25519(001d)" \
3154 -s "Verifying peer X.509 certificate... ok" \
3155 -c "HTTP/1.0 200 OK" \
3156 -C "received HelloRetryRequest message"
3157
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3158requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3159requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3160requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3161requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3162requires_gnutls_tls1_3
3163requires_gnutls_next_no_ticket
3164requires_gnutls_next_disable_tls13_compat
3165run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
3166 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3167 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3168 0 \
3169 -s "Protocol is TLSv1.3" \
3170 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3171 -s "received signature algorithm: 0x503" \
3172 -s "got named group: x25519(001d)" \
3173 -s "Verifying peer X.509 certificate... ok" \
3174 -c "HTTP/1.0 200 OK" \
3175 -C "received HelloRetryRequest message"
3176
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3177requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3178requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3179requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3180requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3181requires_gnutls_tls1_3
3182requires_gnutls_next_no_ticket
3183requires_gnutls_next_disable_tls13_compat
3184run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
3185 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3186 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3187 0 \
3188 -s "Protocol is TLSv1.3" \
3189 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3190 -s "received signature algorithm: 0x603" \
3191 -s "got named group: x25519(001d)" \
3192 -s "Verifying peer X.509 certificate... ok" \
3193 -c "HTTP/1.0 200 OK" \
3194 -C "received HelloRetryRequest message"
3195
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3196requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3197requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3198requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3199requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3200requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3201requires_gnutls_tls1_3
3202requires_gnutls_next_no_ticket
3203requires_gnutls_next_disable_tls13_compat
3204run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
3205 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3206 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3207 0 \
3208 -s "Protocol is TLSv1.3" \
3209 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3210 -s "received signature algorithm: 0x804" \
3211 -s "got named group: x25519(001d)" \
3212 -s "Verifying peer X.509 certificate... ok" \
3213 -c "HTTP/1.0 200 OK" \
3214 -C "received HelloRetryRequest message"
3215
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3216requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3217requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3218requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3219requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3220requires_gnutls_tls1_3
3221requires_gnutls_next_no_ticket
3222requires_gnutls_next_disable_tls13_compat
3223run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
3224 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3225 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3226 0 \
3227 -s "Protocol is TLSv1.3" \
3228 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3229 -s "received signature algorithm: 0x403" \
3230 -s "got named group: x448(001e)" \
3231 -s "Verifying peer X.509 certificate... ok" \
3232 -c "HTTP/1.0 200 OK" \
3233 -C "received HelloRetryRequest message"
3234
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3235requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3236requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3238requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3239requires_gnutls_tls1_3
3240requires_gnutls_next_no_ticket
3241requires_gnutls_next_disable_tls13_compat
3242run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
3243 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3244 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3245 0 \
3246 -s "Protocol is TLSv1.3" \
3247 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3248 -s "received signature algorithm: 0x503" \
3249 -s "got named group: x448(001e)" \
3250 -s "Verifying peer X.509 certificate... ok" \
3251 -c "HTTP/1.0 200 OK" \
3252 -C "received HelloRetryRequest message"
3253
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3254requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3255requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3256requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3258requires_gnutls_tls1_3
3259requires_gnutls_next_no_ticket
3260requires_gnutls_next_disable_tls13_compat
3261run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
3262 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3263 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3264 0 \
3265 -s "Protocol is TLSv1.3" \
3266 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3267 -s "received signature algorithm: 0x603" \
3268 -s "got named group: x448(001e)" \
3269 -s "Verifying peer X.509 certificate... ok" \
3270 -c "HTTP/1.0 200 OK" \
3271 -C "received HelloRetryRequest message"
3272
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3273requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3274requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3275requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3276requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3277requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3278requires_gnutls_tls1_3
3279requires_gnutls_next_no_ticket
3280requires_gnutls_next_disable_tls13_compat
3281run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
3282 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3283 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3284 0 \
3285 -s "Protocol is TLSv1.3" \
3286 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
3287 -s "received signature algorithm: 0x804" \
3288 -s "got named group: x448(001e)" \
3289 -s "Verifying peer X.509 certificate... ok" \
3290 -c "HTTP/1.0 200 OK" \
3291 -C "received HelloRetryRequest message"
3292
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3293requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3294requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3295requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3296requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3297requires_gnutls_tls1_3
3298requires_gnutls_next_no_ticket
3299requires_gnutls_next_disable_tls13_compat
3300run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
3301 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3302 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3303 0 \
3304 -s "Protocol is TLSv1.3" \
3305 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3306 -s "received signature algorithm: 0x403" \
3307 -s "got named group: secp256r1(0017)" \
3308 -s "Verifying peer X.509 certificate... ok" \
3309 -c "HTTP/1.0 200 OK" \
3310 -C "received HelloRetryRequest message"
3311
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3312requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3313requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3314requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3315requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3316requires_gnutls_tls1_3
3317requires_gnutls_next_no_ticket
3318requires_gnutls_next_disable_tls13_compat
3319run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
3320 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3321 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3322 0 \
3323 -s "Protocol is TLSv1.3" \
3324 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3325 -s "received signature algorithm: 0x503" \
3326 -s "got named group: secp256r1(0017)" \
3327 -s "Verifying peer X.509 certificate... ok" \
3328 -c "HTTP/1.0 200 OK" \
3329 -C "received HelloRetryRequest message"
3330
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3331requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3332requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3333requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3334requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3335requires_gnutls_tls1_3
3336requires_gnutls_next_no_ticket
3337requires_gnutls_next_disable_tls13_compat
3338run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
3339 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3340 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3341 0 \
3342 -s "Protocol is TLSv1.3" \
3343 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3344 -s "received signature algorithm: 0x603" \
3345 -s "got named group: secp256r1(0017)" \
3346 -s "Verifying peer X.509 certificate... ok" \
3347 -c "HTTP/1.0 200 OK" \
3348 -C "received HelloRetryRequest message"
3349
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3350requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3351requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3352requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3353requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3354requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3355requires_gnutls_tls1_3
3356requires_gnutls_next_no_ticket
3357requires_gnutls_next_disable_tls13_compat
3358run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
3359 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3360 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3361 0 \
3362 -s "Protocol is TLSv1.3" \
3363 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3364 -s "received signature algorithm: 0x804" \
3365 -s "got named group: secp256r1(0017)" \
3366 -s "Verifying peer X.509 certificate... ok" \
3367 -c "HTTP/1.0 200 OK" \
3368 -C "received HelloRetryRequest message"
3369
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3370requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3371requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3372requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3373requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3374requires_gnutls_tls1_3
3375requires_gnutls_next_no_ticket
3376requires_gnutls_next_disable_tls13_compat
3377run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
3378 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3379 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3380 0 \
3381 -s "Protocol is TLSv1.3" \
3382 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3383 -s "received signature algorithm: 0x403" \
3384 -s "got named group: secp384r1(0018)" \
3385 -s "Verifying peer X.509 certificate... ok" \
3386 -c "HTTP/1.0 200 OK" \
3387 -C "received HelloRetryRequest message"
3388
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3389requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3390requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3391requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3392requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3393requires_gnutls_tls1_3
3394requires_gnutls_next_no_ticket
3395requires_gnutls_next_disable_tls13_compat
3396run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
3397 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3398 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3399 0 \
3400 -s "Protocol is TLSv1.3" \
3401 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3402 -s "received signature algorithm: 0x503" \
3403 -s "got named group: secp384r1(0018)" \
3404 -s "Verifying peer X.509 certificate... ok" \
3405 -c "HTTP/1.0 200 OK" \
3406 -C "received HelloRetryRequest message"
3407
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3408requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3409requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3410requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3412requires_gnutls_tls1_3
3413requires_gnutls_next_no_ticket
3414requires_gnutls_next_disable_tls13_compat
3415run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
3416 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3417 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3418 0 \
3419 -s "Protocol is TLSv1.3" \
3420 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3421 -s "received signature algorithm: 0x603" \
3422 -s "got named group: secp384r1(0018)" \
3423 -s "Verifying peer X.509 certificate... ok" \
3424 -c "HTTP/1.0 200 OK" \
3425 -C "received HelloRetryRequest message"
3426
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3427requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3428requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3429requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3430requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3431requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3432requires_gnutls_tls1_3
3433requires_gnutls_next_no_ticket
3434requires_gnutls_next_disable_tls13_compat
3435run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
3436 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3437 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3438 0 \
3439 -s "Protocol is TLSv1.3" \
3440 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3441 -s "received signature algorithm: 0x804" \
3442 -s "got named group: secp384r1(0018)" \
3443 -s "Verifying peer X.509 certificate... ok" \
3444 -c "HTTP/1.0 200 OK" \
3445 -C "received HelloRetryRequest message"
3446
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3447requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3448requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3449requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3450requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3451requires_gnutls_tls1_3
3452requires_gnutls_next_no_ticket
3453requires_gnutls_next_disable_tls13_compat
3454run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
3455 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3456 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3457 0 \
3458 -s "Protocol is TLSv1.3" \
3459 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3460 -s "received signature algorithm: 0x403" \
3461 -s "got named group: secp521r1(0019)" \
3462 -s "Verifying peer X.509 certificate... ok" \
3463 -c "HTTP/1.0 200 OK" \
3464 -C "received HelloRetryRequest message"
3465
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3466requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3467requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3468requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3469requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3470requires_gnutls_tls1_3
3471requires_gnutls_next_no_ticket
3472requires_gnutls_next_disable_tls13_compat
3473run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
3474 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3475 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3476 0 \
3477 -s "Protocol is TLSv1.3" \
3478 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3479 -s "received signature algorithm: 0x503" \
3480 -s "got named group: secp521r1(0019)" \
3481 -s "Verifying peer X.509 certificate... ok" \
3482 -c "HTTP/1.0 200 OK" \
3483 -C "received HelloRetryRequest message"
3484
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3485requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3486requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3487requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3488requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3489requires_gnutls_tls1_3
3490requires_gnutls_next_no_ticket
3491requires_gnutls_next_disable_tls13_compat
3492run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
3493 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3494 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3495 0 \
3496 -s "Protocol is TLSv1.3" \
3497 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3498 -s "received signature algorithm: 0x603" \
3499 -s "got named group: secp521r1(0019)" \
3500 -s "Verifying peer X.509 certificate... ok" \
3501 -c "HTTP/1.0 200 OK" \
3502 -C "received HelloRetryRequest message"
3503
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3504requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3505requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3506requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3507requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3508requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3509requires_gnutls_tls1_3
3510requires_gnutls_next_no_ticket
3511requires_gnutls_next_disable_tls13_compat
3512run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
3513 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3514 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3515 0 \
3516 -s "Protocol is TLSv1.3" \
3517 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3518 -s "received signature algorithm: 0x804" \
3519 -s "got named group: secp521r1(0019)" \
3520 -s "Verifying peer X.509 certificate... ok" \
3521 -c "HTTP/1.0 200 OK" \
3522 -C "received HelloRetryRequest message"
3523
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3524requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3525requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3526requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3527requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3528requires_gnutls_tls1_3
3529requires_gnutls_next_no_ticket
3530requires_gnutls_next_disable_tls13_compat
3531run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
3532 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3533 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3534 0 \
3535 -s "Protocol is TLSv1.3" \
3536 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3537 -s "received signature algorithm: 0x403" \
3538 -s "got named group: x25519(001d)" \
3539 -s "Verifying peer X.509 certificate... ok" \
3540 -c "HTTP/1.0 200 OK" \
3541 -C "received HelloRetryRequest message"
3542
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3543requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3544requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3545requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3546requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3547requires_gnutls_tls1_3
3548requires_gnutls_next_no_ticket
3549requires_gnutls_next_disable_tls13_compat
3550run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
3551 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3552 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3553 0 \
3554 -s "Protocol is TLSv1.3" \
3555 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3556 -s "received signature algorithm: 0x503" \
3557 -s "got named group: x25519(001d)" \
3558 -s "Verifying peer X.509 certificate... ok" \
3559 -c "HTTP/1.0 200 OK" \
3560 -C "received HelloRetryRequest message"
3561
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3562requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3563requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3564requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3565requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3566requires_gnutls_tls1_3
3567requires_gnutls_next_no_ticket
3568requires_gnutls_next_disable_tls13_compat
3569run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
3570 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3571 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3572 0 \
3573 -s "Protocol is TLSv1.3" \
3574 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3575 -s "received signature algorithm: 0x603" \
3576 -s "got named group: x25519(001d)" \
3577 -s "Verifying peer X.509 certificate... ok" \
3578 -c "HTTP/1.0 200 OK" \
3579 -C "received HelloRetryRequest message"
3580
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3581requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3582requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3583requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3584requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3585requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3586requires_gnutls_tls1_3
3587requires_gnutls_next_no_ticket
3588requires_gnutls_next_disable_tls13_compat
3589run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
3590 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3591 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3592 0 \
3593 -s "Protocol is TLSv1.3" \
3594 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3595 -s "received signature algorithm: 0x804" \
3596 -s "got named group: x25519(001d)" \
3597 -s "Verifying peer X.509 certificate... ok" \
3598 -c "HTTP/1.0 200 OK" \
3599 -C "received HelloRetryRequest message"
3600
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3601requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3602requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3603requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3604requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3605requires_gnutls_tls1_3
3606requires_gnutls_next_no_ticket
3607requires_gnutls_next_disable_tls13_compat
3608run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
3609 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3610 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3611 0 \
3612 -s "Protocol is TLSv1.3" \
3613 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3614 -s "received signature algorithm: 0x403" \
3615 -s "got named group: x448(001e)" \
3616 -s "Verifying peer X.509 certificate... ok" \
3617 -c "HTTP/1.0 200 OK" \
3618 -C "received HelloRetryRequest message"
3619
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3620requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3621requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3622requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3623requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3624requires_gnutls_tls1_3
3625requires_gnutls_next_no_ticket
3626requires_gnutls_next_disable_tls13_compat
3627run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
3628 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3629 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3630 0 \
3631 -s "Protocol is TLSv1.3" \
3632 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3633 -s "received signature algorithm: 0x503" \
3634 -s "got named group: x448(001e)" \
3635 -s "Verifying peer X.509 certificate... ok" \
3636 -c "HTTP/1.0 200 OK" \
3637 -C "received HelloRetryRequest message"
3638
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3639requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3640requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3641requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3642requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3643requires_gnutls_tls1_3
3644requires_gnutls_next_no_ticket
3645requires_gnutls_next_disable_tls13_compat
3646run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
3647 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3648 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3649 0 \
3650 -s "Protocol is TLSv1.3" \
3651 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3652 -s "received signature algorithm: 0x603" \
3653 -s "got named group: x448(001e)" \
3654 -s "Verifying peer X.509 certificate... ok" \
3655 -c "HTTP/1.0 200 OK" \
3656 -C "received HelloRetryRequest message"
3657
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3658requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3659requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3660requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3661requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3662requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3663requires_gnutls_tls1_3
3664requires_gnutls_next_no_ticket
3665requires_gnutls_next_disable_tls13_compat
3666run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
3667 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]3668 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca_cat12.crt" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3669 0 \
3670 -s "Protocol is TLSv1.3" \
3671 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
3672 -s "received signature algorithm: 0x804" \
3673 -s "got named group: x448(001e)" \
3674 -s "Verifying peer X.509 certificate... ok" \
3675 -c "HTTP/1.0 200 OK" \
3676 -C "received HelloRetryRequest message"
3677
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3678requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3679requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3680requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3681requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3682requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3683run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3684 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3685 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3686 0 \
3687 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3688 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3689 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3690 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3691 -c "NamedGroup: secp256r1 ( 17 )" \
3692 -c "Verifying peer X.509 certificate... ok" \
3693 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3694
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3695requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3696requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3697requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3698requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3700run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3701 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3702 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3703 0 \
3704 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3705 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3706 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3707 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3708 -c "NamedGroup: secp256r1 ( 17 )" \
3709 -c "Verifying peer X.509 certificate... ok" \
3710 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3711
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3712requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3713requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3714requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3715requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3716requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3717run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3718 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3719 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3720 0 \
3721 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3722 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3723 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3724 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3725 -c "NamedGroup: secp256r1 ( 17 )" \
3726 -c "Verifying peer X.509 certificate... ok" \
3727 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3728
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3729requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3730requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3731requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3732requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3733requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3734requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3735run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3736 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3737 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3738 0 \
3739 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3740 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3741 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3742 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3743 -c "NamedGroup: secp256r1 ( 17 )" \
3744 -c "Verifying peer X.509 certificate... ok" \
3745 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3746
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3747requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3748requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3749requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3750requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3751requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3752run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3753 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3754 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3755 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3756 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3757 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3758 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3759 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3760 -c "NamedGroup: secp384r1 ( 18 )" \
3761 -c "Verifying peer X.509 certificate... ok" \
3762 -C "received HelloRetryRequest message"
3763
3764requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3765requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3766requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3767requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3768requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3769run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3770 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3771 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
3772 0 \
3773 -c "HTTP/1.0 200 ok" \
3774 -c "Protocol is TLSv1.3" \
3775 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3776 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3777 -c "NamedGroup: secp384r1 ( 18 )" \
3778 -c "Verifying peer X.509 certificate... ok" \
3779 -C "received HelloRetryRequest message"
3780
3781requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3782requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3783requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3784requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3785requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3786run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3787 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3788 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
3789 0 \
3790 -c "HTTP/1.0 200 ok" \
3791 -c "Protocol is TLSv1.3" \
3792 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3793 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3794 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3795 -c "Verifying peer X.509 certificate... ok" \
3796 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3797
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3798requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3799requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3800requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3801requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3802requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3803requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3804run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3805 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3806 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3807 0 \
3808 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3809 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3810 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3811 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3812 -c "NamedGroup: secp384r1 ( 18 )" \
3813 -c "Verifying peer X.509 certificate... ok" \
3814 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3815
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3816requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3817requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3818requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3819requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3820requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3821run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3822 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3823 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3824 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3825 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3826 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3827 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3828 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3829 -c "NamedGroup: secp521r1 ( 19 )" \
3830 -c "Verifying peer X.509 certificate... ok" \
3831 -C "received HelloRetryRequest message"
3832
3833requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3834requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3835requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3836requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3837requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3838run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3839 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3840 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
3841 0 \
3842 -c "HTTP/1.0 200 ok" \
3843 -c "Protocol is TLSv1.3" \
3844 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3845 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3846 -c "NamedGroup: secp521r1 ( 19 )" \
3847 -c "Verifying peer X.509 certificate... ok" \
3848 -C "received HelloRetryRequest message"
3849
3850requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3851requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3852requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3853requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3854requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3855run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3856 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3857 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
3858 0 \
3859 -c "HTTP/1.0 200 ok" \
3860 -c "Protocol is TLSv1.3" \
3861 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3862 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3863 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3864 -c "Verifying peer X.509 certificate... ok" \
3865 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3866
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3867requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3868requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3869requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3870requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3871requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3872requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3873run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3874 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3875 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3876 0 \
3877 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3878 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3879 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3880 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3881 -c "NamedGroup: secp521r1 ( 19 )" \
3882 -c "Verifying peer X.509 certificate... ok" \
3883 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3884
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3885requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3886requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3887requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3888requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3889requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3890run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3891 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3892 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3893 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3894 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3895 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3896 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3897 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3898 -c "NamedGroup: x25519 ( 1d )" \
3899 -c "Verifying peer X.509 certificate... ok" \
3900 -C "received HelloRetryRequest message"
3901
3902requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3903requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3904requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3905requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3906requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3907run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3908 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3909 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
3910 0 \
3911 -c "HTTP/1.0 200 ok" \
3912 -c "Protocol is TLSv1.3" \
3913 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3914 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3915 -c "NamedGroup: x25519 ( 1d )" \
3916 -c "Verifying peer X.509 certificate... ok" \
3917 -C "received HelloRetryRequest message"
3918
3919requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3920requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3921requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3922requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3923requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3924run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3925 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3926 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
3927 0 \
3928 -c "HTTP/1.0 200 ok" \
3929 -c "Protocol is TLSv1.3" \
3930 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3931 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3932 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3933 -c "Verifying peer X.509 certificate... ok" \
3934 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3935
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3936requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3937requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3938requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3939requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3940requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3941requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3942run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3943 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3944 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3945 0 \
3946 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3947 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3948 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3949 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3950 -c "NamedGroup: x25519 ( 1d )" \
3951 -c "Verifying peer X.509 certificate... ok" \
3952 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3953
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3954requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3955requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3956requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3957requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3958requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3959run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3960 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3961 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3962 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3963 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3964 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3965 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3966 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3967 -c "NamedGroup: x448 ( 1e )" \
3968 -c "Verifying peer X.509 certificate... ok" \
3969 -C "received HelloRetryRequest message"
3970
3971requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3972requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3973requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3974requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3975requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3976run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3977 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3978 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
3979 0 \
3980 -c "HTTP/1.0 200 ok" \
3981 -c "Protocol is TLSv1.3" \
3982 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
3983 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3984 -c "NamedGroup: x448 ( 1e )" \
3985 -c "Verifying peer X.509 certificate... ok" \
3986 -C "received HelloRetryRequest message"
3987
3988requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3989requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]3990requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3991requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3992requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3993run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]3994 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3995 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
3996 0 \
3997 -c "HTTP/1.0 200 ok" \
3998 -c "Protocol is TLSv1.3" \
3999 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4000 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4001 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4002 -c "Verifying peer X.509 certificate... ok" \
4003 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4004
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4005requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4006requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4007requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4008requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4009requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4010requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4011run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4012 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4013 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4014 0 \
4015 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4016 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4017 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
4018 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4019 -c "NamedGroup: x448 ( 1e )" \
4020 -c "Verifying peer X.509 certificate... ok" \
4021 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4022
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4023requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4024requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4025requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4026requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4027requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4028run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4029 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4030 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4031 0 \
4032 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4033 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4034 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4035 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4036 -c "NamedGroup: secp256r1 ( 17 )" \
4037 -c "Verifying peer X.509 certificate... ok" \
4038 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4039
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4040requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4041requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4042requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4043requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4044requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4045run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4046 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4047 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4048 0 \
4049 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4050 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4051 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4052 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4053 -c "NamedGroup: secp256r1 ( 17 )" \
4054 -c "Verifying peer X.509 certificate... ok" \
4055 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4056
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4057requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4058requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4059requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4060requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4061requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4062run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4063 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4064 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4065 0 \
4066 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4067 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4068 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4069 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4070 -c "NamedGroup: secp256r1 ( 17 )" \
4071 -c "Verifying peer X.509 certificate... ok" \
4072 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4073
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4074requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4075requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4076requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4077requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4078requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4079requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4080run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4081 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4082 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4083 0 \
4084 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4085 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4086 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4087 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4088 -c "NamedGroup: secp256r1 ( 17 )" \
4089 -c "Verifying peer X.509 certificate... ok" \
4090 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4091
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4092requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4093requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4094requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4095requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4096requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4097run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4098 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4099 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4100 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4101 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4102 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4103 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4104 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4105 -c "NamedGroup: secp384r1 ( 18 )" \
4106 -c "Verifying peer X.509 certificate... ok" \
4107 -C "received HelloRetryRequest message"
4108
4109requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4110requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4111requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4112requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4113requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4114run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4115 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4116 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
4117 0 \
4118 -c "HTTP/1.0 200 ok" \
4119 -c "Protocol is TLSv1.3" \
4120 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4121 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4122 -c "NamedGroup: secp384r1 ( 18 )" \
4123 -c "Verifying peer X.509 certificate... ok" \
4124 -C "received HelloRetryRequest message"
4125
4126requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4127requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4128requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4129requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4130requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4131run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4132 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4133 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
4134 0 \
4135 -c "HTTP/1.0 200 ok" \
4136 -c "Protocol is TLSv1.3" \
4137 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4138 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4139 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4140 -c "Verifying peer X.509 certificate... ok" \
4141 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4142
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4143requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4144requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4145requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4146requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4147requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4148requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4149run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4150 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4151 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4152 0 \
4153 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4154 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4155 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4156 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4157 -c "NamedGroup: secp384r1 ( 18 )" \
4158 -c "Verifying peer X.509 certificate... ok" \
4159 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4160
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4161requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4162requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4163requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4164requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4165requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4166run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4167 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4168 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4169 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4170 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4171 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4172 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4173 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4174 -c "NamedGroup: secp521r1 ( 19 )" \
4175 -c "Verifying peer X.509 certificate... ok" \
4176 -C "received HelloRetryRequest message"
4177
4178requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4179requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4180requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4181requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4182requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4183run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4184 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4185 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
4186 0 \
4187 -c "HTTP/1.0 200 ok" \
4188 -c "Protocol is TLSv1.3" \
4189 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4190 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4191 -c "NamedGroup: secp521r1 ( 19 )" \
4192 -c "Verifying peer X.509 certificate... ok" \
4193 -C "received HelloRetryRequest message"
4194
4195requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4196requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4197requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4198requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4199requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4200run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4201 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4202 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
4203 0 \
4204 -c "HTTP/1.0 200 ok" \
4205 -c "Protocol is TLSv1.3" \
4206 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4207 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4208 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4209 -c "Verifying peer X.509 certificate... ok" \
4210 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4211
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4212requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4213requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4214requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4215requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4216requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4217requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4218run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4219 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4220 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4221 0 \
4222 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4223 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4224 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4225 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4226 -c "NamedGroup: secp521r1 ( 19 )" \
4227 -c "Verifying peer X.509 certificate... ok" \
4228 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4229
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4230requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4231requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4232requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4233requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4234requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4235run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4236 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4237 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4238 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4239 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4240 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4241 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4242 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4243 -c "NamedGroup: x25519 ( 1d )" \
4244 -c "Verifying peer X.509 certificate... ok" \
4245 -C "received HelloRetryRequest message"
4246
4247requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4248requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4249requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4250requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4251requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4252run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4253 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4254 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
4255 0 \
4256 -c "HTTP/1.0 200 ok" \
4257 -c "Protocol is TLSv1.3" \
4258 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4259 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4260 -c "NamedGroup: x25519 ( 1d )" \
4261 -c "Verifying peer X.509 certificate... ok" \
4262 -C "received HelloRetryRequest message"
4263
4264requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4265requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4266requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4267requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4268requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4269run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4270 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4271 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
4272 0 \
4273 -c "HTTP/1.0 200 ok" \
4274 -c "Protocol is TLSv1.3" \
4275 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4276 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4277 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4278 -c "Verifying peer X.509 certificate... ok" \
4279 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4280
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4281requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4282requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4283requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4284requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4286requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4287run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4288 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4289 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4290 0 \
4291 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4292 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4293 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4294 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4295 -c "NamedGroup: x25519 ( 1d )" \
4296 -c "Verifying peer X.509 certificate... ok" \
4297 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4298
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4299requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4300requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4301requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4302requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4303requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4304run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4305 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4306 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4307 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4308 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4309 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4310 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4311 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4312 -c "NamedGroup: x448 ( 1e )" \
4313 -c "Verifying peer X.509 certificate... ok" \
4314 -C "received HelloRetryRequest message"
4315
4316requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4317requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4318requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4319requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4320requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4321run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4322 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4323 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
4324 0 \
4325 -c "HTTP/1.0 200 ok" \
4326 -c "Protocol is TLSv1.3" \
4327 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4328 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4329 -c "NamedGroup: x448 ( 1e )" \
4330 -c "Verifying peer X.509 certificate... ok" \
4331 -C "received HelloRetryRequest message"
4332
4333requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4334requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4335requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4336requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4337requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4338run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4339 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4340 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
4341 0 \
4342 -c "HTTP/1.0 200 ok" \
4343 -c "Protocol is TLSv1.3" \
4344 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4345 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4346 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4347 -c "Verifying peer X.509 certificate... ok" \
4348 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4349
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4350requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4351requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4352requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4353requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4354requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4355requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4356run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4357 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4358 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4359 0 \
4360 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4361 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4362 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
4363 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4364 -c "NamedGroup: x448 ( 1e )" \
4365 -c "Verifying peer X.509 certificate... ok" \
4366 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4367
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4368requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4369requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4370requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4371requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4372requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4373run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4374 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4375 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4376 0 \
4377 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4378 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4379 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4380 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4381 -c "NamedGroup: secp256r1 ( 17 )" \
4382 -c "Verifying peer X.509 certificate... ok" \
4383 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4384
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4385requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4386requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4387requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4388requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4389requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4390run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4391 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4392 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4393 0 \
4394 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4395 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4396 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4397 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4398 -c "NamedGroup: secp256r1 ( 17 )" \
4399 -c "Verifying peer X.509 certificate... ok" \
4400 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4401
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4402requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4403requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4404requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4405requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4406requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4407run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4408 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4409 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4410 0 \
4411 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4412 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4413 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4414 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4415 -c "NamedGroup: secp256r1 ( 17 )" \
4416 -c "Verifying peer X.509 certificate... ok" \
4417 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4418
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4419requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4420requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4421requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4422requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4423requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4424requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4425run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4426 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4427 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4428 0 \
4429 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4430 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4431 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4432 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4433 -c "NamedGroup: secp256r1 ( 17 )" \
4434 -c "Verifying peer X.509 certificate... ok" \
4435 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4436
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4437requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4438requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4439requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4440requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4441requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4442run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4443 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4444 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4445 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4446 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4447 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4448 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4449 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4450 -c "NamedGroup: secp384r1 ( 18 )" \
4451 -c "Verifying peer X.509 certificate... ok" \
4452 -C "received HelloRetryRequest message"
4453
4454requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4455requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4456requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4457requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4458requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4459run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4460 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4461 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
4462 0 \
4463 -c "HTTP/1.0 200 ok" \
4464 -c "Protocol is TLSv1.3" \
4465 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4466 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4467 -c "NamedGroup: secp384r1 ( 18 )" \
4468 -c "Verifying peer X.509 certificate... ok" \
4469 -C "received HelloRetryRequest message"
4470
4471requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4472requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4473requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4474requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4475requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4476run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4477 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4478 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
4479 0 \
4480 -c "HTTP/1.0 200 ok" \
4481 -c "Protocol is TLSv1.3" \
4482 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4483 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4484 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4485 -c "Verifying peer X.509 certificate... ok" \
4486 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4487
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4488requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4489requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4490requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4491requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4492requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4493requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4494run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4495 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4496 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4497 0 \
4498 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4499 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4500 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4501 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4502 -c "NamedGroup: secp384r1 ( 18 )" \
4503 -c "Verifying peer X.509 certificate... ok" \
4504 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4505
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4506requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4507requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4508requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4509requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4510requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4511run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4512 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4513 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4514 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4515 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4516 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4517 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4518 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4519 -c "NamedGroup: secp521r1 ( 19 )" \
4520 -c "Verifying peer X.509 certificate... ok" \
4521 -C "received HelloRetryRequest message"
4522
4523requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4524requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4525requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4526requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4527requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4528run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4529 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4530 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
4531 0 \
4532 -c "HTTP/1.0 200 ok" \
4533 -c "Protocol is TLSv1.3" \
4534 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4535 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4536 -c "NamedGroup: secp521r1 ( 19 )" \
4537 -c "Verifying peer X.509 certificate... ok" \
4538 -C "received HelloRetryRequest message"
4539
4540requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4541requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4542requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4543requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4544requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4545run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4546 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4547 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
4548 0 \
4549 -c "HTTP/1.0 200 ok" \
4550 -c "Protocol is TLSv1.3" \
4551 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4552 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4553 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4554 -c "Verifying peer X.509 certificate... ok" \
4555 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4556
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4557requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4558requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4559requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4560requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4561requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4562requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4563run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4564 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4565 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4566 0 \
4567 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4568 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4569 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4570 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4571 -c "NamedGroup: secp521r1 ( 19 )" \
4572 -c "Verifying peer X.509 certificate... ok" \
4573 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4574
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4575requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4576requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4577requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4578requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4579requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4580run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4581 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4582 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4583 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4584 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4585 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4586 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4587 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4588 -c "NamedGroup: x25519 ( 1d )" \
4589 -c "Verifying peer X.509 certificate... ok" \
4590 -C "received HelloRetryRequest message"
4591
4592requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4593requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4594requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4595requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4596requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4597run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4598 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4599 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
4600 0 \
4601 -c "HTTP/1.0 200 ok" \
4602 -c "Protocol is TLSv1.3" \
4603 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4604 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4605 -c "NamedGroup: x25519 ( 1d )" \
4606 -c "Verifying peer X.509 certificate... ok" \
4607 -C "received HelloRetryRequest message"
4608
4609requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4610requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4611requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4612requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4613requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4614run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4615 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4616 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
4617 0 \
4618 -c "HTTP/1.0 200 ok" \
4619 -c "Protocol is TLSv1.3" \
4620 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4621 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4622 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4623 -c "Verifying peer X.509 certificate... ok" \
4624 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4625
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4626requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4627requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4628requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4629requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4630requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4631requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4632run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4633 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4634 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4635 0 \
4636 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4637 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4638 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4639 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4640 -c "NamedGroup: x25519 ( 1d )" \
4641 -c "Verifying peer X.509 certificate... ok" \
4642 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4643
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4644requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4645requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4646requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4647requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4648requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4649run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4650 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4651 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4652 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4653 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4654 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4655 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4656 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4657 -c "NamedGroup: x448 ( 1e )" \
4658 -c "Verifying peer X.509 certificate... ok" \
4659 -C "received HelloRetryRequest message"
4660
4661requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4662requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4663requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4664requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4665requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4666run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4667 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4668 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
4669 0 \
4670 -c "HTTP/1.0 200 ok" \
4671 -c "Protocol is TLSv1.3" \
4672 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4673 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4674 -c "NamedGroup: x448 ( 1e )" \
4675 -c "Verifying peer X.509 certificate... ok" \
4676 -C "received HelloRetryRequest message"
4677
4678requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4679requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4680requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4681requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4682requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4683run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4684 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4685 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
4686 0 \
4687 -c "HTTP/1.0 200 ok" \
4688 -c "Protocol is TLSv1.3" \
4689 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4690 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4691 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4692 -c "Verifying peer X.509 certificate... ok" \
4693 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4694
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4695requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4696requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4697requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4698requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4700requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4701run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4702 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4703 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4704 0 \
4705 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4706 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4707 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
4708 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4709 -c "NamedGroup: x448 ( 1e )" \
4710 -c "Verifying peer X.509 certificate... ok" \
4711 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4712
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4713requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4714requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4715requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4716requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4718run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4719 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4720 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4721 0 \
4722 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4723 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4724 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4725 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4726 -c "NamedGroup: secp256r1 ( 17 )" \
4727 -c "Verifying peer X.509 certificate... ok" \
4728 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4729
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4730requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4731requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4732requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4733requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4734requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4735run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4736 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4737 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4738 0 \
4739 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4740 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4741 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4742 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4743 -c "NamedGroup: secp256r1 ( 17 )" \
4744 -c "Verifying peer X.509 certificate... ok" \
4745 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4746
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4747requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4748requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4749requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4750requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4751requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4752run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4753 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4754 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4755 0 \
4756 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4757 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4758 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4759 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4760 -c "NamedGroup: secp256r1 ( 17 )" \
4761 -c "Verifying peer X.509 certificate... ok" \
4762 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4763
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4764requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4765requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4766requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4767requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4768requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4769requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4770run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4771 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4772 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4773 0 \
4774 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4775 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4776 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4777 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4778 -c "NamedGroup: secp256r1 ( 17 )" \
4779 -c "Verifying peer X.509 certificate... ok" \
4780 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4781
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4782requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4783requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4784requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4785requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4786requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4787run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4788 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4789 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4790 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4791 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4792 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4793 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4794 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4795 -c "NamedGroup: secp384r1 ( 18 )" \
4796 -c "Verifying peer X.509 certificate... ok" \
4797 -C "received HelloRetryRequest message"
4798
4799requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4800requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4801requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4802requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4803requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4804run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4805 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4806 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
4807 0 \
4808 -c "HTTP/1.0 200 ok" \
4809 -c "Protocol is TLSv1.3" \
4810 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4811 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4812 -c "NamedGroup: secp384r1 ( 18 )" \
4813 -c "Verifying peer X.509 certificate... ok" \
4814 -C "received HelloRetryRequest message"
4815
4816requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4817requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4818requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4819requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4820requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4821run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4822 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4823 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
4824 0 \
4825 -c "HTTP/1.0 200 ok" \
4826 -c "Protocol is TLSv1.3" \
4827 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4828 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4829 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4830 -c "Verifying peer X.509 certificate... ok" \
4831 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4832
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4833requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4834requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4835requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4836requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4837requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4838requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4839run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4840 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4841 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4842 0 \
4843 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4844 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4845 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4846 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4847 -c "NamedGroup: secp384r1 ( 18 )" \
4848 -c "Verifying peer X.509 certificate... ok" \
4849 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4850
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4851requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4852requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4853requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4854requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4856run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4857 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4858 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4859 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4860 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4861 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4862 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4863 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4864 -c "NamedGroup: secp521r1 ( 19 )" \
4865 -c "Verifying peer X.509 certificate... ok" \
4866 -C "received HelloRetryRequest message"
4867
4868requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4869requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4870requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4871requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4873run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4874 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4875 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
4876 0 \
4877 -c "HTTP/1.0 200 ok" \
4878 -c "Protocol is TLSv1.3" \
4879 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4880 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4881 -c "NamedGroup: secp521r1 ( 19 )" \
4882 -c "Verifying peer X.509 certificate... ok" \
4883 -C "received HelloRetryRequest message"
4884
4885requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4886requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4887requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4888requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4889requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4890run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4891 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4892 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
4893 0 \
4894 -c "HTTP/1.0 200 ok" \
4895 -c "Protocol is TLSv1.3" \
4896 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4897 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4898 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4899 -c "Verifying peer X.509 certificate... ok" \
4900 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4901
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4902requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4903requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4904requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4905requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4906requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4907requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4908run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4909 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4910 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4911 0 \
4912 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4913 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4914 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4915 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4916 -c "NamedGroup: secp521r1 ( 19 )" \
4917 -c "Verifying peer X.509 certificate... ok" \
4918 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4919
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4920requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4921requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4922requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4923requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4924requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4925run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4926 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4927 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4928 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4929 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4930 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4931 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4932 -c "Certificate Verify: Signature algorithm ( 0403 )" \
4933 -c "NamedGroup: x25519 ( 1d )" \
4934 -c "Verifying peer X.509 certificate... ok" \
4935 -C "received HelloRetryRequest message"
4936
4937requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4938requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4939requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4940requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4941requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4942run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4943 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4944 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
4945 0 \
4946 -c "HTTP/1.0 200 ok" \
4947 -c "Protocol is TLSv1.3" \
4948 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4949 -c "Certificate Verify: Signature algorithm ( 0503 )" \
4950 -c "NamedGroup: x25519 ( 1d )" \
4951 -c "Verifying peer X.509 certificate... ok" \
4952 -C "received HelloRetryRequest message"
4953
4954requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4955requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4956requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4957requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4958requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4959run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4960 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4961 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
4962 0 \
4963 -c "HTTP/1.0 200 ok" \
4964 -c "Protocol is TLSv1.3" \
4965 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4966 -c "Certificate Verify: Signature algorithm ( 0603 )" \
4967 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4968 -c "Verifying peer X.509 certificate... ok" \
4969 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4970
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4971requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4972requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4973requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4974requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4975requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4976requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4977run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4978 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4979 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4980 0 \
4981 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4982 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4983 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
4984 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]4985 -c "NamedGroup: x25519 ( 1d )" \
4986 -c "Verifying peer X.509 certificate... ok" \
4987 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]4988
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4989requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4990requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]4991requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]4992requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]4993requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4994run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]4995 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4996 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]4997 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]4998 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]4999 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5000 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5001 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5002 -c "NamedGroup: x448 ( 1e )" \
5003 -c "Verifying peer X.509 certificate... ok" \
5004 -C "received HelloRetryRequest message"
5005
5006requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5007requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5008requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5009requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5010requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5011run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5012 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5013 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
5014 0 \
5015 -c "HTTP/1.0 200 ok" \
5016 -c "Protocol is TLSv1.3" \
5017 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5018 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5019 -c "NamedGroup: x448 ( 1e )" \
5020 -c "Verifying peer X.509 certificate... ok" \
5021 -C "received HelloRetryRequest message"
5022
5023requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5024requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5025requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5026requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5027requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5028run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5029 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5030 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
5031 0 \
5032 -c "HTTP/1.0 200 ok" \
5033 -c "Protocol is TLSv1.3" \
5034 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5035 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5036 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5037 -c "Verifying peer X.509 certificate... ok" \
5038 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5039
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5040requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5041requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5042requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5043requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5044requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5045requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5046run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5047 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5048 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5049 0 \
5050 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5051 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5052 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
5053 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5054 -c "NamedGroup: x448 ( 1e )" \
5055 -c "Verifying peer X.509 certificate... ok" \
5056 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5057
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5058requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5059requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5060requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5061requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5062requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5063run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5064 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5065 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5066 0 \
5067 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5068 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5069 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5070 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5071 -c "NamedGroup: secp256r1 ( 17 )" \
5072 -c "Verifying peer X.509 certificate... ok" \
5073 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5074
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5075requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5076requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5077requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5078requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5079requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5080run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5081 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5082 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5083 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5084 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5085 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5086 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5087 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5088 -c "NamedGroup: secp256r1 ( 17 )" \
5089 -c "Verifying peer X.509 certificate... ok" \
5090 -C "received HelloRetryRequest message"
5091
5092requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5093requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5094requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5095requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5096requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5097run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5098 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5099 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
5100 0 \
5101 -c "HTTP/1.0 200 ok" \
5102 -c "Protocol is TLSv1.3" \
5103 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5104 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5105 -c "NamedGroup: secp256r1 ( 17 )" \
5106 -c "Verifying peer X.509 certificate... ok" \
5107 -C "received HelloRetryRequest message"
5108
5109requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5110requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5111requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5112requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5113requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5114requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5115run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5116 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5117 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
5118 0 \
5119 -c "HTTP/1.0 200 ok" \
5120 -c "Protocol is TLSv1.3" \
5121 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5122 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5123 -c "NamedGroup: secp256r1 ( 17 )" \
5124 -c "Verifying peer X.509 certificate... ok" \
5125 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5126
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5127requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5128requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5129requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5130requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5131requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5132run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5133 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5134 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5135 0 \
5136 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5137 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5138 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5139 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5140 -c "NamedGroup: secp384r1 ( 18 )" \
5141 -c "Verifying peer X.509 certificate... ok" \
5142 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5143
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5144requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5145requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5146requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5147requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5148requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5149run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5150 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5151 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5152 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5153 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5154 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5155 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5156 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5157 -c "NamedGroup: secp384r1 ( 18 )" \
5158 -c "Verifying peer X.509 certificate... ok" \
5159 -C "received HelloRetryRequest message"
5160
5161requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5162requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5163requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5164requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5165requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5166run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5167 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5168 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
5169 0 \
5170 -c "HTTP/1.0 200 ok" \
5171 -c "Protocol is TLSv1.3" \
5172 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5173 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5174 -c "NamedGroup: secp384r1 ( 18 )" \
5175 -c "Verifying peer X.509 certificate... ok" \
5176 -C "received HelloRetryRequest message"
5177
5178requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5179requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5180requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5181requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5182requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5183requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5184run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5185 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5186 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
5187 0 \
5188 -c "HTTP/1.0 200 ok" \
5189 -c "Protocol is TLSv1.3" \
5190 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5191 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5192 -c "NamedGroup: secp384r1 ( 18 )" \
5193 -c "Verifying peer X.509 certificate... ok" \
5194 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5195
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5196requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5197requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5198requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5199requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5200requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5201run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5202 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5203 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5204 0 \
5205 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5206 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5207 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5208 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5209 -c "NamedGroup: secp521r1 ( 19 )" \
5210 -c "Verifying peer X.509 certificate... ok" \
5211 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5212
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5213requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5214requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5215requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5216requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5217requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5218run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5219 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5220 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5221 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5222 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5223 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5224 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5225 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5226 -c "NamedGroup: secp521r1 ( 19 )" \
5227 -c "Verifying peer X.509 certificate... ok" \
5228 -C "received HelloRetryRequest message"
5229
5230requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5231requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5232requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5233requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5234requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5235run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5236 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5237 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
5238 0 \
5239 -c "HTTP/1.0 200 ok" \
5240 -c "Protocol is TLSv1.3" \
5241 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5242 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5243 -c "NamedGroup: secp521r1 ( 19 )" \
5244 -c "Verifying peer X.509 certificate... ok" \
5245 -C "received HelloRetryRequest message"
5246
5247requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5248requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5249requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5250requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5251requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5252requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5253run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5254 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5255 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
5256 0 \
5257 -c "HTTP/1.0 200 ok" \
5258 -c "Protocol is TLSv1.3" \
5259 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5260 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5261 -c "NamedGroup: secp521r1 ( 19 )" \
5262 -c "Verifying peer X.509 certificate... ok" \
5263 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5264
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5265requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5266requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5267requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5268requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5269requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5270run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5271 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5272 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5273 0 \
5274 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5275 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5276 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5277 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5278 -c "NamedGroup: x25519 ( 1d )" \
5279 -c "Verifying peer X.509 certificate... ok" \
5280 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5281
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5282requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5283requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5284requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5285requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5286requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5287run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5288 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5289 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5290 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5291 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5292 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5293 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5294 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5295 -c "NamedGroup: x25519 ( 1d )" \
5296 -c "Verifying peer X.509 certificate... ok" \
5297 -C "received HelloRetryRequest message"
5298
5299requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5300requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5301requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5302requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5303requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5304run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5305 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5306 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
5307 0 \
5308 -c "HTTP/1.0 200 ok" \
5309 -c "Protocol is TLSv1.3" \
5310 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5311 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5312 -c "NamedGroup: x25519 ( 1d )" \
5313 -c "Verifying peer X.509 certificate... ok" \
5314 -C "received HelloRetryRequest message"
5315
5316requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5317requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5318requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5319requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5320requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5321requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5322run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5323 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5324 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
5325 0 \
5326 -c "HTTP/1.0 200 ok" \
5327 -c "Protocol is TLSv1.3" \
5328 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5329 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5330 -c "NamedGroup: x25519 ( 1d )" \
5331 -c "Verifying peer X.509 certificate... ok" \
5332 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5333
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5334requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5335requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5336requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5337requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5338requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]5339run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5340 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5341 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5342 0 \
5343 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5344 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5345 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5346 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5347 -c "NamedGroup: x448 ( 1e )" \
5348 -c "Verifying peer X.509 certificate... ok" \
5349 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5350
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5351requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5352requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5353requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5354requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5355requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5356run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5357 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5358 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5359 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5360 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5361 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5362 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5363 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5364 -c "NamedGroup: x448 ( 1e )" \
5365 -c "Verifying peer X.509 certificate... ok" \
5366 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5367
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5368requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5369requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5370requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5371requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5372requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5373run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5374 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5375 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5376 0 \
5377 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]5378 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5379 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5380 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5381 -c "NamedGroup: x448 ( 1e )" \
5382 -c "Verifying peer X.509 certificate... ok" \
5383 -C "received HelloRetryRequest message"
5384
5385requires_openssl_tls1_3
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5386requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5387requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5388requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5389requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5390requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5391run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]5392 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5393 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
5394 0 \
5395 -c "HTTP/1.0 200 ok" \
5396 -c "Protocol is TLSv1.3" \
5397 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
5398 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5399 -c "NamedGroup: x448 ( 1e )" \
5400 -c "Verifying peer X.509 certificate... ok" \
5401 -C "received HelloRetryRequest message"
5402
5403requires_gnutls_tls1_3
5404requires_gnutls_next_no_ticket
5405requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5406requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5407requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5408requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5409requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5410run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5411 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5412 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
5413 0 \
5414 -c "HTTP/1.0 200 OK" \
5415 -c "Protocol is TLSv1.3" \
5416 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5417 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5418 -c "NamedGroup: secp256r1 ( 17 )" \
5419 -c "Verifying peer X.509 certificate... ok" \
5420 -C "received HelloRetryRequest message"
5421
5422requires_gnutls_tls1_3
5423requires_gnutls_next_no_ticket
5424requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5425requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5426requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5427requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5428requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5429run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5430 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5431 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
5432 0 \
5433 -c "HTTP/1.0 200 OK" \
5434 -c "Protocol is TLSv1.3" \
5435 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]5436 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]5437 -c "NamedGroup: secp256r1 ( 17 )" \
5438 -c "Verifying peer X.509 certificate... ok" \
5439 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]5440
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5441requires_gnutls_tls1_3
5442requires_gnutls_next_no_ticket
5443requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]5444requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5445requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]5446requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]5447requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5448run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5449 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5450 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
5451 0 \
5452 -c "HTTP/1.0 200 OK" \
5453 -c "Protocol is TLSv1.3" \
5454 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5455 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5456 -c "NamedGroup: secp256r1 ( 17 )" \
5457 -c "Verifying peer X.509 certificate... ok" \
5458 -C "received HelloRetryRequest message"
5459
5460requires_gnutls_tls1_3
5461requires_gnutls_next_no_ticket
5462requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5463requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5464requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5465requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5466requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5467requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5468run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5469 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5470 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
5471 0 \
5472 -c "HTTP/1.0 200 OK" \
5473 -c "Protocol is TLSv1.3" \
5474 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5475 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5476 -c "NamedGroup: secp256r1 ( 17 )" \
5477 -c "Verifying peer X.509 certificate... ok" \
5478 -C "received HelloRetryRequest message"
5479
5480requires_gnutls_tls1_3
5481requires_gnutls_next_no_ticket
5482requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5483requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5484requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5485requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5486requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5487run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5488 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5489 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
5490 0 \
5491 -c "HTTP/1.0 200 OK" \
5492 -c "Protocol is TLSv1.3" \
5493 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5494 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5495 -c "NamedGroup: secp384r1 ( 18 )" \
5496 -c "Verifying peer X.509 certificate... ok" \
5497 -C "received HelloRetryRequest message"
5498
5499requires_gnutls_tls1_3
5500requires_gnutls_next_no_ticket
5501requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5502requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5503requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5504requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5505requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5506run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5507 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5508 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
5509 0 \
5510 -c "HTTP/1.0 200 OK" \
5511 -c "Protocol is TLSv1.3" \
5512 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5513 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5514 -c "NamedGroup: secp384r1 ( 18 )" \
5515 -c "Verifying peer X.509 certificate... ok" \
5516 -C "received HelloRetryRequest message"
5517
5518requires_gnutls_tls1_3
5519requires_gnutls_next_no_ticket
5520requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5521requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5522requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5523requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5524requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5525run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5526 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5527 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
5528 0 \
5529 -c "HTTP/1.0 200 OK" \
5530 -c "Protocol is TLSv1.3" \
5531 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5532 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5533 -c "NamedGroup: secp384r1 ( 18 )" \
5534 -c "Verifying peer X.509 certificate... ok" \
5535 -C "received HelloRetryRequest message"
5536
5537requires_gnutls_tls1_3
5538requires_gnutls_next_no_ticket
5539requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5540requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5541requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5542requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5543requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5544requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5545run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5546 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5547 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
5548 0 \
5549 -c "HTTP/1.0 200 OK" \
5550 -c "Protocol is TLSv1.3" \
5551 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5552 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5553 -c "NamedGroup: secp384r1 ( 18 )" \
5554 -c "Verifying peer X.509 certificate... ok" \
5555 -C "received HelloRetryRequest message"
5556
5557requires_gnutls_tls1_3
5558requires_gnutls_next_no_ticket
5559requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5560requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5561requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5562requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5563requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5564run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5565 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5566 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
5567 0 \
5568 -c "HTTP/1.0 200 OK" \
5569 -c "Protocol is TLSv1.3" \
5570 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5571 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5572 -c "NamedGroup: secp521r1 ( 19 )" \
5573 -c "Verifying peer X.509 certificate... ok" \
5574 -C "received HelloRetryRequest message"
5575
5576requires_gnutls_tls1_3
5577requires_gnutls_next_no_ticket
5578requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5579requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5580requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5581requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5582requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5583run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5584 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5585 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
5586 0 \
5587 -c "HTTP/1.0 200 OK" \
5588 -c "Protocol is TLSv1.3" \
5589 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5590 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5591 -c "NamedGroup: secp521r1 ( 19 )" \
5592 -c "Verifying peer X.509 certificate... ok" \
5593 -C "received HelloRetryRequest message"
5594
5595requires_gnutls_tls1_3
5596requires_gnutls_next_no_ticket
5597requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5598requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5599requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5600requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5601requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5602run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5603 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5604 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
5605 0 \
5606 -c "HTTP/1.0 200 OK" \
5607 -c "Protocol is TLSv1.3" \
5608 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5609 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5610 -c "NamedGroup: secp521r1 ( 19 )" \
5611 -c "Verifying peer X.509 certificate... ok" \
5612 -C "received HelloRetryRequest message"
5613
5614requires_gnutls_tls1_3
5615requires_gnutls_next_no_ticket
5616requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5617requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5618requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5619requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5620requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5621requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5622run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5623 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5624 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
5625 0 \
5626 -c "HTTP/1.0 200 OK" \
5627 -c "Protocol is TLSv1.3" \
5628 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5629 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5630 -c "NamedGroup: secp521r1 ( 19 )" \
5631 -c "Verifying peer X.509 certificate... ok" \
5632 -C "received HelloRetryRequest message"
5633
5634requires_gnutls_tls1_3
5635requires_gnutls_next_no_ticket
5636requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5637requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5638requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5639requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5640requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5641run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5642 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5643 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
5644 0 \
5645 -c "HTTP/1.0 200 OK" \
5646 -c "Protocol is TLSv1.3" \
5647 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5648 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5649 -c "NamedGroup: x25519 ( 1d )" \
5650 -c "Verifying peer X.509 certificate... ok" \
5651 -C "received HelloRetryRequest message"
5652
5653requires_gnutls_tls1_3
5654requires_gnutls_next_no_ticket
5655requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5656requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5657requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5658requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5659requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5660run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5661 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5662 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
5663 0 \
5664 -c "HTTP/1.0 200 OK" \
5665 -c "Protocol is TLSv1.3" \
5666 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5667 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5668 -c "NamedGroup: x25519 ( 1d )" \
5669 -c "Verifying peer X.509 certificate... ok" \
5670 -C "received HelloRetryRequest message"
5671
5672requires_gnutls_tls1_3
5673requires_gnutls_next_no_ticket
5674requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5675requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5676requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5677requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5678requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5679run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5680 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5681 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
5682 0 \
5683 -c "HTTP/1.0 200 OK" \
5684 -c "Protocol is TLSv1.3" \
5685 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5686 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5687 -c "NamedGroup: x25519 ( 1d )" \
5688 -c "Verifying peer X.509 certificate... ok" \
5689 -C "received HelloRetryRequest message"
5690
5691requires_gnutls_tls1_3
5692requires_gnutls_next_no_ticket
5693requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5694requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5695requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5696requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5697requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5698requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5699run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5700 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5701 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
5702 0 \
5703 -c "HTTP/1.0 200 OK" \
5704 -c "Protocol is TLSv1.3" \
5705 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5706 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5707 -c "NamedGroup: x25519 ( 1d )" \
5708 -c "Verifying peer X.509 certificate... ok" \
5709 -C "received HelloRetryRequest message"
5710
5711requires_gnutls_tls1_3
5712requires_gnutls_next_no_ticket
5713requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5714requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5715requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5716requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5717requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5718run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5719 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5720 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
5721 0 \
5722 -c "HTTP/1.0 200 OK" \
5723 -c "Protocol is TLSv1.3" \
5724 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5725 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5726 -c "NamedGroup: x448 ( 1e )" \
5727 -c "Verifying peer X.509 certificate... ok" \
5728 -C "received HelloRetryRequest message"
5729
5730requires_gnutls_tls1_3
5731requires_gnutls_next_no_ticket
5732requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5733requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5734requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5735requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5736requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5737run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5738 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5739 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
5740 0 \
5741 -c "HTTP/1.0 200 OK" \
5742 -c "Protocol is TLSv1.3" \
5743 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5744 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5745 -c "NamedGroup: x448 ( 1e )" \
5746 -c "Verifying peer X.509 certificate... ok" \
5747 -C "received HelloRetryRequest message"
5748
5749requires_gnutls_tls1_3
5750requires_gnutls_next_no_ticket
5751requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5752requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5753requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5754requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5756run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5757 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5758 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
5759 0 \
5760 -c "HTTP/1.0 200 OK" \
5761 -c "Protocol is TLSv1.3" \
5762 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5763 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5764 -c "NamedGroup: x448 ( 1e )" \
5765 -c "Verifying peer X.509 certificate... ok" \
5766 -C "received HelloRetryRequest message"
5767
5768requires_gnutls_tls1_3
5769requires_gnutls_next_no_ticket
5770requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5771requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5772requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5773requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5774requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5775requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5776run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5777 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5778 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
5779 0 \
5780 -c "HTTP/1.0 200 OK" \
5781 -c "Protocol is TLSv1.3" \
5782 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
5783 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5784 -c "NamedGroup: x448 ( 1e )" \
5785 -c "Verifying peer X.509 certificate... ok" \
5786 -C "received HelloRetryRequest message"
5787
5788requires_gnutls_tls1_3
5789requires_gnutls_next_no_ticket
5790requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5791requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5792requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5793requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5794requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5795run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5796 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5797 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
5798 0 \
5799 -c "HTTP/1.0 200 OK" \
5800 -c "Protocol is TLSv1.3" \
5801 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5802 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5803 -c "NamedGroup: secp256r1 ( 17 )" \
5804 -c "Verifying peer X.509 certificate... ok" \
5805 -C "received HelloRetryRequest message"
5806
5807requires_gnutls_tls1_3
5808requires_gnutls_next_no_ticket
5809requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5810requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5811requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5812requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5813requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5814run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5815 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5816 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
5817 0 \
5818 -c "HTTP/1.0 200 OK" \
5819 -c "Protocol is TLSv1.3" \
5820 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5821 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5822 -c "NamedGroup: secp256r1 ( 17 )" \
5823 -c "Verifying peer X.509 certificate... ok" \
5824 -C "received HelloRetryRequest message"
5825
5826requires_gnutls_tls1_3
5827requires_gnutls_next_no_ticket
5828requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5829requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5830requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5831requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5832requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5833run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5834 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5835 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
5836 0 \
5837 -c "HTTP/1.0 200 OK" \
5838 -c "Protocol is TLSv1.3" \
5839 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5840 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5841 -c "NamedGroup: secp256r1 ( 17 )" \
5842 -c "Verifying peer X.509 certificate... ok" \
5843 -C "received HelloRetryRequest message"
5844
5845requires_gnutls_tls1_3
5846requires_gnutls_next_no_ticket
5847requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5848requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5849requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5850requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5851requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5852requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5853run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5854 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5855 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
5856 0 \
5857 -c "HTTP/1.0 200 OK" \
5858 -c "Protocol is TLSv1.3" \
5859 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5860 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5861 -c "NamedGroup: secp256r1 ( 17 )" \
5862 -c "Verifying peer X.509 certificate... ok" \
5863 -C "received HelloRetryRequest message"
5864
5865requires_gnutls_tls1_3
5866requires_gnutls_next_no_ticket
5867requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5868requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5869requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5870requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5871requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5872run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5873 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5874 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
5875 0 \
5876 -c "HTTP/1.0 200 OK" \
5877 -c "Protocol is TLSv1.3" \
5878 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5879 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5880 -c "NamedGroup: secp384r1 ( 18 )" \
5881 -c "Verifying peer X.509 certificate... ok" \
5882 -C "received HelloRetryRequest message"
5883
5884requires_gnutls_tls1_3
5885requires_gnutls_next_no_ticket
5886requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5887requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5888requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5889requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5890requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5891run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5892 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5893 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
5894 0 \
5895 -c "HTTP/1.0 200 OK" \
5896 -c "Protocol is TLSv1.3" \
5897 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5898 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5899 -c "NamedGroup: secp384r1 ( 18 )" \
5900 -c "Verifying peer X.509 certificate... ok" \
5901 -C "received HelloRetryRequest message"
5902
5903requires_gnutls_tls1_3
5904requires_gnutls_next_no_ticket
5905requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5906requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5907requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5908requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5909requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5910run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5911 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5912 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
5913 0 \
5914 -c "HTTP/1.0 200 OK" \
5915 -c "Protocol is TLSv1.3" \
5916 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5917 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5918 -c "NamedGroup: secp384r1 ( 18 )" \
5919 -c "Verifying peer X.509 certificate... ok" \
5920 -C "received HelloRetryRequest message"
5921
5922requires_gnutls_tls1_3
5923requires_gnutls_next_no_ticket
5924requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5925requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5926requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5927requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5928requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5929requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
5930run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5931 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5932 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
5933 0 \
5934 -c "HTTP/1.0 200 OK" \
5935 -c "Protocol is TLSv1.3" \
5936 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5937 -c "Certificate Verify: Signature algorithm ( 0804 )" \
5938 -c "NamedGroup: secp384r1 ( 18 )" \
5939 -c "Verifying peer X.509 certificate... ok" \
5940 -C "received HelloRetryRequest message"
5941
5942requires_gnutls_tls1_3
5943requires_gnutls_next_no_ticket
5944requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5945requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5946requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5947requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5948requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5949run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5950 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5951 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
5952 0 \
5953 -c "HTTP/1.0 200 OK" \
5954 -c "Protocol is TLSv1.3" \
5955 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5956 -c "Certificate Verify: Signature algorithm ( 0403 )" \
5957 -c "NamedGroup: secp521r1 ( 19 )" \
5958 -c "Verifying peer X.509 certificate... ok" \
5959 -C "received HelloRetryRequest message"
5960
5961requires_gnutls_tls1_3
5962requires_gnutls_next_no_ticket
5963requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5964requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5965requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5966requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5967requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5968run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5969 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5970 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
5971 0 \
5972 -c "HTTP/1.0 200 OK" \
5973 -c "Protocol is TLSv1.3" \
5974 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5975 -c "Certificate Verify: Signature algorithm ( 0503 )" \
5976 -c "NamedGroup: secp521r1 ( 19 )" \
5977 -c "Verifying peer X.509 certificate... ok" \
5978 -C "received HelloRetryRequest message"
5979
5980requires_gnutls_tls1_3
5981requires_gnutls_next_no_ticket
5982requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5983requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]5984requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5985requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
5986requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
5987run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]5988 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]5989 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
5990 0 \
5991 -c "HTTP/1.0 200 OK" \
5992 -c "Protocol is TLSv1.3" \
5993 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
5994 -c "Certificate Verify: Signature algorithm ( 0603 )" \
5995 -c "NamedGroup: secp521r1 ( 19 )" \
5996 -c "Verifying peer X.509 certificate... ok" \
5997 -C "received HelloRetryRequest message"
5998
5999requires_gnutls_tls1_3
6000requires_gnutls_next_no_ticket
6001requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6002requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6003requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6004requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6005requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6006requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6007run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6008 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6009 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
6010 0 \
6011 -c "HTTP/1.0 200 OK" \
6012 -c "Protocol is TLSv1.3" \
6013 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6014 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6015 -c "NamedGroup: secp521r1 ( 19 )" \
6016 -c "Verifying peer X.509 certificate... ok" \
6017 -C "received HelloRetryRequest message"
6018
6019requires_gnutls_tls1_3
6020requires_gnutls_next_no_ticket
6021requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6022requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6023requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6024requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6025requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6026run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6027 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6028 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
6029 0 \
6030 -c "HTTP/1.0 200 OK" \
6031 -c "Protocol is TLSv1.3" \
6032 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6033 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6034 -c "NamedGroup: x25519 ( 1d )" \
6035 -c "Verifying peer X.509 certificate... ok" \
6036 -C "received HelloRetryRequest message"
6037
6038requires_gnutls_tls1_3
6039requires_gnutls_next_no_ticket
6040requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6041requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6042requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6043requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6044requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6045run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6046 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6047 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
6048 0 \
6049 -c "HTTP/1.0 200 OK" \
6050 -c "Protocol is TLSv1.3" \
6051 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6052 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6053 -c "NamedGroup: x25519 ( 1d )" \
6054 -c "Verifying peer X.509 certificate... ok" \
6055 -C "received HelloRetryRequest message"
6056
6057requires_gnutls_tls1_3
6058requires_gnutls_next_no_ticket
6059requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6060requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6061requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6062requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6063requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6064run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6065 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6066 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
6067 0 \
6068 -c "HTTP/1.0 200 OK" \
6069 -c "Protocol is TLSv1.3" \
6070 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6071 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6072 -c "NamedGroup: x25519 ( 1d )" \
6073 -c "Verifying peer X.509 certificate... ok" \
6074 -C "received HelloRetryRequest message"
6075
6076requires_gnutls_tls1_3
6077requires_gnutls_next_no_ticket
6078requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6079requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6080requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6081requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6082requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6083requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6084run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6085 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6086 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
6087 0 \
6088 -c "HTTP/1.0 200 OK" \
6089 -c "Protocol is TLSv1.3" \
6090 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6091 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6092 -c "NamedGroup: x25519 ( 1d )" \
6093 -c "Verifying peer X.509 certificate... ok" \
6094 -C "received HelloRetryRequest message"
6095
6096requires_gnutls_tls1_3
6097requires_gnutls_next_no_ticket
6098requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6099requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6100requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6101requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6102requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6103run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6104 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6105 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
6106 0 \
6107 -c "HTTP/1.0 200 OK" \
6108 -c "Protocol is TLSv1.3" \
6109 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6110 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6111 -c "NamedGroup: x448 ( 1e )" \
6112 -c "Verifying peer X.509 certificate... ok" \
6113 -C "received HelloRetryRequest message"
6114
6115requires_gnutls_tls1_3
6116requires_gnutls_next_no_ticket
6117requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6118requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6119requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6120requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6121requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6122run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6123 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6124 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
6125 0 \
6126 -c "HTTP/1.0 200 OK" \
6127 -c "Protocol is TLSv1.3" \
6128 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6129 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6130 -c "NamedGroup: x448 ( 1e )" \
6131 -c "Verifying peer X.509 certificate... ok" \
6132 -C "received HelloRetryRequest message"
6133
6134requires_gnutls_tls1_3
6135requires_gnutls_next_no_ticket
6136requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6137requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6138requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6139requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6140requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6141run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6142 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6143 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
6144 0 \
6145 -c "HTTP/1.0 200 OK" \
6146 -c "Protocol is TLSv1.3" \
6147 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6148 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6149 -c "NamedGroup: x448 ( 1e )" \
6150 -c "Verifying peer X.509 certificate... ok" \
6151 -C "received HelloRetryRequest message"
6152
6153requires_gnutls_tls1_3
6154requires_gnutls_next_no_ticket
6155requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6156requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6157requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6158requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6159requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6160requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6161run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6162 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6163 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
6164 0 \
6165 -c "HTTP/1.0 200 OK" \
6166 -c "Protocol is TLSv1.3" \
6167 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
6168 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6169 -c "NamedGroup: x448 ( 1e )" \
6170 -c "Verifying peer X.509 certificate... ok" \
6171 -C "received HelloRetryRequest message"
6172
6173requires_gnutls_tls1_3
6174requires_gnutls_next_no_ticket
6175requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6176requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6177requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6178requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6179requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6180run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6181 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6182 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
6183 0 \
6184 -c "HTTP/1.0 200 OK" \
6185 -c "Protocol is TLSv1.3" \
6186 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6187 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6188 -c "NamedGroup: secp256r1 ( 17 )" \
6189 -c "Verifying peer X.509 certificate... ok" \
6190 -C "received HelloRetryRequest message"
6191
6192requires_gnutls_tls1_3
6193requires_gnutls_next_no_ticket
6194requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6195requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6196requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6197requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6198requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6199run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6200 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6201 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
6202 0 \
6203 -c "HTTP/1.0 200 OK" \
6204 -c "Protocol is TLSv1.3" \
6205 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6206 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6207 -c "NamedGroup: secp256r1 ( 17 )" \
6208 -c "Verifying peer X.509 certificate... ok" \
6209 -C "received HelloRetryRequest message"
6210
6211requires_gnutls_tls1_3
6212requires_gnutls_next_no_ticket
6213requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6214requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6215requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6216requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6217requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6218run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6219 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6220 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
6221 0 \
6222 -c "HTTP/1.0 200 OK" \
6223 -c "Protocol is TLSv1.3" \
6224 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6225 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6226 -c "NamedGroup: secp256r1 ( 17 )" \
6227 -c "Verifying peer X.509 certificate... ok" \
6228 -C "received HelloRetryRequest message"
6229
6230requires_gnutls_tls1_3
6231requires_gnutls_next_no_ticket
6232requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6233requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6234requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6235requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6236requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6237requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6238run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6239 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6240 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
6241 0 \
6242 -c "HTTP/1.0 200 OK" \
6243 -c "Protocol is TLSv1.3" \
6244 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6245 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6246 -c "NamedGroup: secp256r1 ( 17 )" \
6247 -c "Verifying peer X.509 certificate... ok" \
6248 -C "received HelloRetryRequest message"
6249
6250requires_gnutls_tls1_3
6251requires_gnutls_next_no_ticket
6252requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6253requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6254requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6255requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6257run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6258 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6259 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
6260 0 \
6261 -c "HTTP/1.0 200 OK" \
6262 -c "Protocol is TLSv1.3" \
6263 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6264 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6265 -c "NamedGroup: secp384r1 ( 18 )" \
6266 -c "Verifying peer X.509 certificate... ok" \
6267 -C "received HelloRetryRequest message"
6268
6269requires_gnutls_tls1_3
6270requires_gnutls_next_no_ticket
6271requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6272requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6273requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6274requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6275requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6276run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6277 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6278 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
6279 0 \
6280 -c "HTTP/1.0 200 OK" \
6281 -c "Protocol is TLSv1.3" \
6282 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6283 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6284 -c "NamedGroup: secp384r1 ( 18 )" \
6285 -c "Verifying peer X.509 certificate... ok" \
6286 -C "received HelloRetryRequest message"
6287
6288requires_gnutls_tls1_3
6289requires_gnutls_next_no_ticket
6290requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6291requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6292requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6293requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6294requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6295run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6296 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6297 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
6298 0 \
6299 -c "HTTP/1.0 200 OK" \
6300 -c "Protocol is TLSv1.3" \
6301 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6302 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6303 -c "NamedGroup: secp384r1 ( 18 )" \
6304 -c "Verifying peer X.509 certificate... ok" \
6305 -C "received HelloRetryRequest message"
6306
6307requires_gnutls_tls1_3
6308requires_gnutls_next_no_ticket
6309requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6310requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6311requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6312requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6313requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6314requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6315run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6316 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6317 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
6318 0 \
6319 -c "HTTP/1.0 200 OK" \
6320 -c "Protocol is TLSv1.3" \
6321 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6322 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6323 -c "NamedGroup: secp384r1 ( 18 )" \
6324 -c "Verifying peer X.509 certificate... ok" \
6325 -C "received HelloRetryRequest message"
6326
6327requires_gnutls_tls1_3
6328requires_gnutls_next_no_ticket
6329requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6330requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6331requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6332requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6333requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6334run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6335 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6336 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
6337 0 \
6338 -c "HTTP/1.0 200 OK" \
6339 -c "Protocol is TLSv1.3" \
6340 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6341 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6342 -c "NamedGroup: secp521r1 ( 19 )" \
6343 -c "Verifying peer X.509 certificate... ok" \
6344 -C "received HelloRetryRequest message"
6345
6346requires_gnutls_tls1_3
6347requires_gnutls_next_no_ticket
6348requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6349requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6350requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6351requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6352requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6353run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6354 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6355 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
6356 0 \
6357 -c "HTTP/1.0 200 OK" \
6358 -c "Protocol is TLSv1.3" \
6359 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6360 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6361 -c "NamedGroup: secp521r1 ( 19 )" \
6362 -c "Verifying peer X.509 certificate... ok" \
6363 -C "received HelloRetryRequest message"
6364
6365requires_gnutls_tls1_3
6366requires_gnutls_next_no_ticket
6367requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6368requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6369requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6370requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6371requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6372run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6373 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6374 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
6375 0 \
6376 -c "HTTP/1.0 200 OK" \
6377 -c "Protocol is TLSv1.3" \
6378 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6379 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6380 -c "NamedGroup: secp521r1 ( 19 )" \
6381 -c "Verifying peer X.509 certificate... ok" \
6382 -C "received HelloRetryRequest message"
6383
6384requires_gnutls_tls1_3
6385requires_gnutls_next_no_ticket
6386requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6387requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6388requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6389requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6390requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6391requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6392run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6393 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6394 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
6395 0 \
6396 -c "HTTP/1.0 200 OK" \
6397 -c "Protocol is TLSv1.3" \
6398 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6399 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6400 -c "NamedGroup: secp521r1 ( 19 )" \
6401 -c "Verifying peer X.509 certificate... ok" \
6402 -C "received HelloRetryRequest message"
6403
6404requires_gnutls_tls1_3
6405requires_gnutls_next_no_ticket
6406requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6407requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6408requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6409requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6410requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6411run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6412 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6413 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
6414 0 \
6415 -c "HTTP/1.0 200 OK" \
6416 -c "Protocol is TLSv1.3" \
6417 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6418 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6419 -c "NamedGroup: x25519 ( 1d )" \
6420 -c "Verifying peer X.509 certificate... ok" \
6421 -C "received HelloRetryRequest message"
6422
6423requires_gnutls_tls1_3
6424requires_gnutls_next_no_ticket
6425requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6426requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6427requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6428requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6429requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6430run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6431 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6432 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
6433 0 \
6434 -c "HTTP/1.0 200 OK" \
6435 -c "Protocol is TLSv1.3" \
6436 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6437 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6438 -c "NamedGroup: x25519 ( 1d )" \
6439 -c "Verifying peer X.509 certificate... ok" \
6440 -C "received HelloRetryRequest message"
6441
6442requires_gnutls_tls1_3
6443requires_gnutls_next_no_ticket
6444requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6445requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6446requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6447requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6448requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6449run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6450 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6451 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
6452 0 \
6453 -c "HTTP/1.0 200 OK" \
6454 -c "Protocol is TLSv1.3" \
6455 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6456 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6457 -c "NamedGroup: x25519 ( 1d )" \
6458 -c "Verifying peer X.509 certificate... ok" \
6459 -C "received HelloRetryRequest message"
6460
6461requires_gnutls_tls1_3
6462requires_gnutls_next_no_ticket
6463requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6464requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6465requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6466requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6467requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6468requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6469run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6470 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6471 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
6472 0 \
6473 -c "HTTP/1.0 200 OK" \
6474 -c "Protocol is TLSv1.3" \
6475 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6476 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6477 -c "NamedGroup: x25519 ( 1d )" \
6478 -c "Verifying peer X.509 certificate... ok" \
6479 -C "received HelloRetryRequest message"
6480
6481requires_gnutls_tls1_3
6482requires_gnutls_next_no_ticket
6483requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6484requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6485requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6486requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6487requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6488run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6489 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6490 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
6491 0 \
6492 -c "HTTP/1.0 200 OK" \
6493 -c "Protocol is TLSv1.3" \
6494 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6495 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6496 -c "NamedGroup: x448 ( 1e )" \
6497 -c "Verifying peer X.509 certificate... ok" \
6498 -C "received HelloRetryRequest message"
6499
6500requires_gnutls_tls1_3
6501requires_gnutls_next_no_ticket
6502requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6503requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6504requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6505requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6506requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6507run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6508 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6509 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
6510 0 \
6511 -c "HTTP/1.0 200 OK" \
6512 -c "Protocol is TLSv1.3" \
6513 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6514 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6515 -c "NamedGroup: x448 ( 1e )" \
6516 -c "Verifying peer X.509 certificate... ok" \
6517 -C "received HelloRetryRequest message"
6518
6519requires_gnutls_tls1_3
6520requires_gnutls_next_no_ticket
6521requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6522requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6523requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6524requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6525requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6526run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6527 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6528 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
6529 0 \
6530 -c "HTTP/1.0 200 OK" \
6531 -c "Protocol is TLSv1.3" \
6532 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6533 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6534 -c "NamedGroup: x448 ( 1e )" \
6535 -c "Verifying peer X.509 certificate... ok" \
6536 -C "received HelloRetryRequest message"
6537
6538requires_gnutls_tls1_3
6539requires_gnutls_next_no_ticket
6540requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6541requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6542requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6543requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6544requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6545requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6546run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6547 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6548 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
6549 0 \
6550 -c "HTTP/1.0 200 OK" \
6551 -c "Protocol is TLSv1.3" \
6552 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
6553 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6554 -c "NamedGroup: x448 ( 1e )" \
6555 -c "Verifying peer X.509 certificate... ok" \
6556 -C "received HelloRetryRequest message"
6557
6558requires_gnutls_tls1_3
6559requires_gnutls_next_no_ticket
6560requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6561requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6562requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6563requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6564requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6565run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6566 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6567 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
6568 0 \
6569 -c "HTTP/1.0 200 OK" \
6570 -c "Protocol is TLSv1.3" \
6571 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6572 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6573 -c "NamedGroup: secp256r1 ( 17 )" \
6574 -c "Verifying peer X.509 certificate... ok" \
6575 -C "received HelloRetryRequest message"
6576
6577requires_gnutls_tls1_3
6578requires_gnutls_next_no_ticket
6579requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6580requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6581requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6582requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6583requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6584run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6585 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6586 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
6587 0 \
6588 -c "HTTP/1.0 200 OK" \
6589 -c "Protocol is TLSv1.3" \
6590 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6591 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6592 -c "NamedGroup: secp256r1 ( 17 )" \
6593 -c "Verifying peer X.509 certificate... ok" \
6594 -C "received HelloRetryRequest message"
6595
6596requires_gnutls_tls1_3
6597requires_gnutls_next_no_ticket
6598requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6599requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6600requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6601requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6602requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6603run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6604 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6605 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
6606 0 \
6607 -c "HTTP/1.0 200 OK" \
6608 -c "Protocol is TLSv1.3" \
6609 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6610 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6611 -c "NamedGroup: secp256r1 ( 17 )" \
6612 -c "Verifying peer X.509 certificate... ok" \
6613 -C "received HelloRetryRequest message"
6614
6615requires_gnutls_tls1_3
6616requires_gnutls_next_no_ticket
6617requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6618requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6619requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6620requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6621requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6622requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6623run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6624 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6625 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
6626 0 \
6627 -c "HTTP/1.0 200 OK" \
6628 -c "Protocol is TLSv1.3" \
6629 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6630 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6631 -c "NamedGroup: secp256r1 ( 17 )" \
6632 -c "Verifying peer X.509 certificate... ok" \
6633 -C "received HelloRetryRequest message"
6634
6635requires_gnutls_tls1_3
6636requires_gnutls_next_no_ticket
6637requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6638requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6639requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6640requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6641requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6642run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6643 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6644 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
6645 0 \
6646 -c "HTTP/1.0 200 OK" \
6647 -c "Protocol is TLSv1.3" \
6648 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6649 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6650 -c "NamedGroup: secp384r1 ( 18 )" \
6651 -c "Verifying peer X.509 certificate... ok" \
6652 -C "received HelloRetryRequest message"
6653
6654requires_gnutls_tls1_3
6655requires_gnutls_next_no_ticket
6656requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6657requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6658requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6659requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6660requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6661run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6662 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6663 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
6664 0 \
6665 -c "HTTP/1.0 200 OK" \
6666 -c "Protocol is TLSv1.3" \
6667 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6668 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6669 -c "NamedGroup: secp384r1 ( 18 )" \
6670 -c "Verifying peer X.509 certificate... ok" \
6671 -C "received HelloRetryRequest message"
6672
6673requires_gnutls_tls1_3
6674requires_gnutls_next_no_ticket
6675requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6676requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6677requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6678requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6679requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6680run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6681 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6682 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
6683 0 \
6684 -c "HTTP/1.0 200 OK" \
6685 -c "Protocol is TLSv1.3" \
6686 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6687 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6688 -c "NamedGroup: secp384r1 ( 18 )" \
6689 -c "Verifying peer X.509 certificate... ok" \
6690 -C "received HelloRetryRequest message"
6691
6692requires_gnutls_tls1_3
6693requires_gnutls_next_no_ticket
6694requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6695requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6696requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6697requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6698requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6699requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6700run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6701 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6702 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
6703 0 \
6704 -c "HTTP/1.0 200 OK" \
6705 -c "Protocol is TLSv1.3" \
6706 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6707 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6708 -c "NamedGroup: secp384r1 ( 18 )" \
6709 -c "Verifying peer X.509 certificate... ok" \
6710 -C "received HelloRetryRequest message"
6711
6712requires_gnutls_tls1_3
6713requires_gnutls_next_no_ticket
6714requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6715requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6716requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6717requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6718requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6719run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6720 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6721 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
6722 0 \
6723 -c "HTTP/1.0 200 OK" \
6724 -c "Protocol is TLSv1.3" \
6725 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6726 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6727 -c "NamedGroup: secp521r1 ( 19 )" \
6728 -c "Verifying peer X.509 certificate... ok" \
6729 -C "received HelloRetryRequest message"
6730
6731requires_gnutls_tls1_3
6732requires_gnutls_next_no_ticket
6733requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6734requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6735requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6736requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6737requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6738run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6739 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6740 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
6741 0 \
6742 -c "HTTP/1.0 200 OK" \
6743 -c "Protocol is TLSv1.3" \
6744 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6745 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6746 -c "NamedGroup: secp521r1 ( 19 )" \
6747 -c "Verifying peer X.509 certificate... ok" \
6748 -C "received HelloRetryRequest message"
6749
6750requires_gnutls_tls1_3
6751requires_gnutls_next_no_ticket
6752requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6753requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6754requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6755requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6756requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6757run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6758 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6759 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
6760 0 \
6761 -c "HTTP/1.0 200 OK" \
6762 -c "Protocol is TLSv1.3" \
6763 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6764 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6765 -c "NamedGroup: secp521r1 ( 19 )" \
6766 -c "Verifying peer X.509 certificate... ok" \
6767 -C "received HelloRetryRequest message"
6768
6769requires_gnutls_tls1_3
6770requires_gnutls_next_no_ticket
6771requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6772requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6773requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6774requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6775requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6776requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6777run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6778 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6779 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
6780 0 \
6781 -c "HTTP/1.0 200 OK" \
6782 -c "Protocol is TLSv1.3" \
6783 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6784 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6785 -c "NamedGroup: secp521r1 ( 19 )" \
6786 -c "Verifying peer X.509 certificate... ok" \
6787 -C "received HelloRetryRequest message"
6788
6789requires_gnutls_tls1_3
6790requires_gnutls_next_no_ticket
6791requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6792requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6793requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6794requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6795requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6796run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6797 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6798 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
6799 0 \
6800 -c "HTTP/1.0 200 OK" \
6801 -c "Protocol is TLSv1.3" \
6802 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6803 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6804 -c "NamedGroup: x25519 ( 1d )" \
6805 -c "Verifying peer X.509 certificate... ok" \
6806 -C "received HelloRetryRequest message"
6807
6808requires_gnutls_tls1_3
6809requires_gnutls_next_no_ticket
6810requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6811requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6812requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6813requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6814requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6815run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6816 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6817 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
6818 0 \
6819 -c "HTTP/1.0 200 OK" \
6820 -c "Protocol is TLSv1.3" \
6821 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6822 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6823 -c "NamedGroup: x25519 ( 1d )" \
6824 -c "Verifying peer X.509 certificate... ok" \
6825 -C "received HelloRetryRequest message"
6826
6827requires_gnutls_tls1_3
6828requires_gnutls_next_no_ticket
6829requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6830requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6831requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6832requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6833requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6834run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6835 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6836 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
6837 0 \
6838 -c "HTTP/1.0 200 OK" \
6839 -c "Protocol is TLSv1.3" \
6840 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6841 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6842 -c "NamedGroup: x25519 ( 1d )" \
6843 -c "Verifying peer X.509 certificate... ok" \
6844 -C "received HelloRetryRequest message"
6845
6846requires_gnutls_tls1_3
6847requires_gnutls_next_no_ticket
6848requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6849requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6850requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6851requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6852requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6853requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6854run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6855 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6856 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
6857 0 \
6858 -c "HTTP/1.0 200 OK" \
6859 -c "Protocol is TLSv1.3" \
6860 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6861 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6862 -c "NamedGroup: x25519 ( 1d )" \
6863 -c "Verifying peer X.509 certificate... ok" \
6864 -C "received HelloRetryRequest message"
6865
6866requires_gnutls_tls1_3
6867requires_gnutls_next_no_ticket
6868requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6869requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6870requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6871requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6872requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6873run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6874 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6875 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
6876 0 \
6877 -c "HTTP/1.0 200 OK" \
6878 -c "Protocol is TLSv1.3" \
6879 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6880 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6881 -c "NamedGroup: x448 ( 1e )" \
6882 -c "Verifying peer X.509 certificate... ok" \
6883 -C "received HelloRetryRequest message"
6884
6885requires_gnutls_tls1_3
6886requires_gnutls_next_no_ticket
6887requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6888requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6889requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6890requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6891requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6892run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6893 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6894 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
6895 0 \
6896 -c "HTTP/1.0 200 OK" \
6897 -c "Protocol is TLSv1.3" \
6898 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6899 -c "Certificate Verify: Signature algorithm ( 0503 )" \
6900 -c "NamedGroup: x448 ( 1e )" \
6901 -c "Verifying peer X.509 certificate... ok" \
6902 -C "received HelloRetryRequest message"
6903
6904requires_gnutls_tls1_3
6905requires_gnutls_next_no_ticket
6906requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6907requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6908requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6909requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6910requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6911run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6912 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6913 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
6914 0 \
6915 -c "HTTP/1.0 200 OK" \
6916 -c "Protocol is TLSv1.3" \
6917 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6918 -c "Certificate Verify: Signature algorithm ( 0603 )" \
6919 -c "NamedGroup: x448 ( 1e )" \
6920 -c "Verifying peer X.509 certificate... ok" \
6921 -C "received HelloRetryRequest message"
6922
6923requires_gnutls_tls1_3
6924requires_gnutls_next_no_ticket
6925requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6926requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6927requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6928requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6929requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6930requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
6931run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6932 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6933 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
6934 0 \
6935 -c "HTTP/1.0 200 OK" \
6936 -c "Protocol is TLSv1.3" \
6937 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
6938 -c "Certificate Verify: Signature algorithm ( 0804 )" \
6939 -c "NamedGroup: x448 ( 1e )" \
6940 -c "Verifying peer X.509 certificate... ok" \
6941 -C "received HelloRetryRequest message"
6942
6943requires_gnutls_tls1_3
6944requires_gnutls_next_no_ticket
6945requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6946requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6947requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6948requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6949requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
6950run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6951 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6952 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
6953 0 \
6954 -c "HTTP/1.0 200 OK" \
6955 -c "Protocol is TLSv1.3" \
6956 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6957 -c "Certificate Verify: Signature algorithm ( 0403 )" \
6958 -c "NamedGroup: secp256r1 ( 17 )" \
6959 -c "Verifying peer X.509 certificate... ok" \
6960 -C "received HelloRetryRequest message"
6961
6962requires_gnutls_tls1_3
6963requires_gnutls_next_no_ticket
6964requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6965requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6966requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]6967requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
6968requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6969run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6970 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6971 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6972 0 \
6973 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6974 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6975 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6976 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6977 -c "NamedGroup: secp256r1 ( 17 )" \
6978 -c "Verifying peer X.509 certificate... ok" \
6979 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6980
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6981requires_gnutls_tls1_3
6982requires_gnutls_next_no_ticket
6983requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]6984requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]6985requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]6986requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]6987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]6988run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]6989 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6990 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6991 0 \
6992 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]6993 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]6994 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
6995 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]6996 -c "NamedGroup: secp256r1 ( 17 )" \
6997 -c "Verifying peer X.509 certificate... ok" \
6998 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]6999
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7000requires_gnutls_tls1_3
7001requires_gnutls_next_no_ticket
7002requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7003requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7004requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7005requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7006requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7007requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7008run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7009 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7010 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7011 0 \
7012 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7013 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7014 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7015 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7016 -c "NamedGroup: secp256r1 ( 17 )" \
7017 -c "Verifying peer X.509 certificate... ok" \
7018 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7019
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7020requires_gnutls_tls1_3
7021requires_gnutls_next_no_ticket
7022requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7023requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7024requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7025requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7026requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7027run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7028 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7029 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7030 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7031 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7032 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7033 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7034 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7035 -c "NamedGroup: secp384r1 ( 18 )" \
7036 -c "Verifying peer X.509 certificate... ok" \
7037 -C "received HelloRetryRequest message"
7038
7039requires_gnutls_tls1_3
7040requires_gnutls_next_no_ticket
7041requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7042requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7043requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7044requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7045requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7046run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7047 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7048 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
7049 0 \
7050 -c "HTTP/1.0 200 OK" \
7051 -c "Protocol is TLSv1.3" \
7052 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7053 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7054 -c "NamedGroup: secp384r1 ( 18 )" \
7055 -c "Verifying peer X.509 certificate... ok" \
7056 -C "received HelloRetryRequest message"
7057
7058requires_gnutls_tls1_3
7059requires_gnutls_next_no_ticket
7060requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7061requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7062requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7063requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7064requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7065run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7066 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7067 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
7068 0 \
7069 -c "HTTP/1.0 200 OK" \
7070 -c "Protocol is TLSv1.3" \
7071 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7072 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7073 -c "NamedGroup: secp384r1 ( 18 )" \
7074 -c "Verifying peer X.509 certificate... ok" \
7075 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7076
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7077requires_gnutls_tls1_3
7078requires_gnutls_next_no_ticket
7079requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7080requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7081requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7082requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7083requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7084requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7085run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7086 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7087 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7088 0 \
7089 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7090 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7091 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7092 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7093 -c "NamedGroup: secp384r1 ( 18 )" \
7094 -c "Verifying peer X.509 certificate... ok" \
7095 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7096
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7097requires_gnutls_tls1_3
7098requires_gnutls_next_no_ticket
7099requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7100requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7101requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7102requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7103requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7104run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7105 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7106 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7107 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7108 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7109 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7110 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7111 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7112 -c "NamedGroup: secp521r1 ( 19 )" \
7113 -c "Verifying peer X.509 certificate... ok" \
7114 -C "received HelloRetryRequest message"
7115
7116requires_gnutls_tls1_3
7117requires_gnutls_next_no_ticket
7118requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7119requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7120requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7121requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7122requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7123run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7124 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7125 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
7126 0 \
7127 -c "HTTP/1.0 200 OK" \
7128 -c "Protocol is TLSv1.3" \
7129 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7130 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7131 -c "NamedGroup: secp521r1 ( 19 )" \
7132 -c "Verifying peer X.509 certificate... ok" \
7133 -C "received HelloRetryRequest message"
7134
7135requires_gnutls_tls1_3
7136requires_gnutls_next_no_ticket
7137requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7138requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7139requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7140requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7142run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7143 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7144 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
7145 0 \
7146 -c "HTTP/1.0 200 OK" \
7147 -c "Protocol is TLSv1.3" \
7148 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7149 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7150 -c "NamedGroup: secp521r1 ( 19 )" \
7151 -c "Verifying peer X.509 certificate... ok" \
7152 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7153
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7154requires_gnutls_tls1_3
7155requires_gnutls_next_no_ticket
7156requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7157requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7158requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7159requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7160requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7161requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7162run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7163 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7164 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7165 0 \
7166 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7167 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7168 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7169 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7170 -c "NamedGroup: secp521r1 ( 19 )" \
7171 -c "Verifying peer X.509 certificate... ok" \
7172 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7173
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7174requires_gnutls_tls1_3
7175requires_gnutls_next_no_ticket
7176requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7177requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7178requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7179requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7180requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7181run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7182 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7183 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7184 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7185 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7186 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7187 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7188 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7189 -c "NamedGroup: x25519 ( 1d )" \
7190 -c "Verifying peer X.509 certificate... ok" \
7191 -C "received HelloRetryRequest message"
7192
7193requires_gnutls_tls1_3
7194requires_gnutls_next_no_ticket
7195requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7196requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7197requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7198requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7199requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7200run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7201 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7202 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
7203 0 \
7204 -c "HTTP/1.0 200 OK" \
7205 -c "Protocol is TLSv1.3" \
7206 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7207 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7208 -c "NamedGroup: x25519 ( 1d )" \
7209 -c "Verifying peer X.509 certificate... ok" \
7210 -C "received HelloRetryRequest message"
7211
7212requires_gnutls_tls1_3
7213requires_gnutls_next_no_ticket
7214requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7215requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7216requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7217requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7218requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7219run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7220 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7221 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
7222 0 \
7223 -c "HTTP/1.0 200 OK" \
7224 -c "Protocol is TLSv1.3" \
7225 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7226 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7227 -c "NamedGroup: x25519 ( 1d )" \
7228 -c "Verifying peer X.509 certificate... ok" \
7229 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7230
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7231requires_gnutls_tls1_3
7232requires_gnutls_next_no_ticket
7233requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7234requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7235requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7236requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7237requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7238requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7239run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7240 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7241 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7242 0 \
7243 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7244 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7245 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7246 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7247 -c "NamedGroup: x25519 ( 1d )" \
7248 -c "Verifying peer X.509 certificate... ok" \
7249 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7250
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7251requires_gnutls_tls1_3
7252requires_gnutls_next_no_ticket
7253requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7254requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7255requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7256requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7257requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7258run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7259 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7260 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7261 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7262 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7263 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7264 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7265 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7266 -c "NamedGroup: x448 ( 1e )" \
7267 -c "Verifying peer X.509 certificate... ok" \
7268 -C "received HelloRetryRequest message"
7269
7270requires_gnutls_tls1_3
7271requires_gnutls_next_no_ticket
7272requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7273requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7274requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7275requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7276requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7277run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7278 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7279 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
7280 0 \
7281 -c "HTTP/1.0 200 OK" \
7282 -c "Protocol is TLSv1.3" \
7283 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7284 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7285 -c "NamedGroup: x448 ( 1e )" \
7286 -c "Verifying peer X.509 certificate... ok" \
7287 -C "received HelloRetryRequest message"
7288
7289requires_gnutls_tls1_3
7290requires_gnutls_next_no_ticket
7291requires_gnutls_next_disable_tls13_compat
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7292requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7293requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7294requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7295requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7296run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7297 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]7298 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
7299 0 \
7300 -c "HTTP/1.0 200 OK" \
7301 -c "Protocol is TLSv1.3" \
7302 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
7303 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7304 -c "NamedGroup: x448 ( 1e )" \
7305 -c "Verifying peer X.509 certificate... ok" \
7306 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]7307
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7308requires_gnutls_tls1_3
7309requires_gnutls_next_no_ticket
7310requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7311requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7312requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]7313requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]7314requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]7315requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]7316run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7317 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7318 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7319 0 \
7320 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]7321 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]7322 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]7323 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]7324 -c "NamedGroup: x448 ( 1e )" \
7325 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]7326 -C "received HelloRetryRequest message"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]7327
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7328requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7329requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7330requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7331requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7332requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7333requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7334requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7335requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7336run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
7337 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7338 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
7339 0 \
7340 -s "Protocol is TLSv1.3" \
7341 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7342 -s "received signature algorithm: 0x403" \
7343 -s "got named group: secp256r1(0017)" \
7344 -s "Verifying peer X.509 certificate... ok" \
7345 -c "Protocol is TLSv1.3" \
7346 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7347 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7348 -c "NamedGroup: secp256r1 ( 17 )" \
7349 -c "Verifying peer X.509 certificate... ok" \
7350 -C "received HelloRetryRequest message"
7351
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7352requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7353requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7354requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7355requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7356requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7357requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7358requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7360run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
7361 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7362 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
7363 0 \
7364 -s "Protocol is TLSv1.3" \
7365 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7366 -s "received signature algorithm: 0x503" \
7367 -s "got named group: secp256r1(0017)" \
7368 -s "Verifying peer X.509 certificate... ok" \
7369 -c "Protocol is TLSv1.3" \
7370 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7371 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7372 -c "NamedGroup: secp256r1 ( 17 )" \
7373 -c "Verifying peer X.509 certificate... ok" \
7374 -C "received HelloRetryRequest message"
7375
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7376requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7377requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7378requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7379requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7380requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7381requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7382requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7383requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7384run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
7385 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7386 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
7387 0 \
7388 -s "Protocol is TLSv1.3" \
7389 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7390 -s "received signature algorithm: 0x603" \
7391 -s "got named group: secp256r1(0017)" \
7392 -s "Verifying peer X.509 certificate... ok" \
7393 -c "Protocol is TLSv1.3" \
7394 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7395 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7396 -c "NamedGroup: secp256r1 ( 17 )" \
7397 -c "Verifying peer X.509 certificate... ok" \
7398 -C "received HelloRetryRequest message"
7399
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7400requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7401requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7402requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7403requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7404requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7405requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7406requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7407requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7408requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7409requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7410run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
7411 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7412 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
7413 0 \
7414 -s "Protocol is TLSv1.3" \
7415 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7416 -s "received signature algorithm: 0x804" \
7417 -s "got named group: secp256r1(0017)" \
7418 -s "Verifying peer X.509 certificate... ok" \
7419 -c "Protocol is TLSv1.3" \
7420 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7421 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7422 -c "NamedGroup: secp256r1 ( 17 )" \
7423 -c "Verifying peer X.509 certificate... ok" \
7424 -C "received HelloRetryRequest message"
7425
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7426requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7427requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7428requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7429requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7430requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7431requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7432requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7433requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7434run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
7435 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7436 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
7437 0 \
7438 -s "Protocol is TLSv1.3" \
7439 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7440 -s "received signature algorithm: 0x403" \
7441 -s "got named group: secp384r1(0018)" \
7442 -s "Verifying peer X.509 certificate... ok" \
7443 -c "Protocol is TLSv1.3" \
7444 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7445 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7446 -c "NamedGroup: secp384r1 ( 18 )" \
7447 -c "Verifying peer X.509 certificate... ok" \
7448 -C "received HelloRetryRequest message"
7449
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7450requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7451requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7452requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7453requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7454requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7455requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7456requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7457requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7458run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
7459 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7460 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
7461 0 \
7462 -s "Protocol is TLSv1.3" \
7463 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7464 -s "received signature algorithm: 0x503" \
7465 -s "got named group: secp384r1(0018)" \
7466 -s "Verifying peer X.509 certificate... ok" \
7467 -c "Protocol is TLSv1.3" \
7468 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7469 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7470 -c "NamedGroup: secp384r1 ( 18 )" \
7471 -c "Verifying peer X.509 certificate... ok" \
7472 -C "received HelloRetryRequest message"
7473
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7474requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7475requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7476requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7477requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7478requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7479requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7480requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7481requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7482run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
7483 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7484 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
7485 0 \
7486 -s "Protocol is TLSv1.3" \
7487 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7488 -s "received signature algorithm: 0x603" \
7489 -s "got named group: secp384r1(0018)" \
7490 -s "Verifying peer X.509 certificate... ok" \
7491 -c "Protocol is TLSv1.3" \
7492 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7493 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7494 -c "NamedGroup: secp384r1 ( 18 )" \
7495 -c "Verifying peer X.509 certificate... ok" \
7496 -C "received HelloRetryRequest message"
7497
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7498requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7499requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7500requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7501requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7502requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7503requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7504requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7505requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7506requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7507requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7508run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
7509 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7510 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
7511 0 \
7512 -s "Protocol is TLSv1.3" \
7513 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7514 -s "received signature algorithm: 0x804" \
7515 -s "got named group: secp384r1(0018)" \
7516 -s "Verifying peer X.509 certificate... ok" \
7517 -c "Protocol is TLSv1.3" \
7518 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7519 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7520 -c "NamedGroup: secp384r1 ( 18 )" \
7521 -c "Verifying peer X.509 certificate... ok" \
7522 -C "received HelloRetryRequest message"
7523
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7524requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7525requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7526requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7527requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7528requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7529requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7530requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7531requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7532run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
7533 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7534 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
7535 0 \
7536 -s "Protocol is TLSv1.3" \
7537 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7538 -s "received signature algorithm: 0x403" \
7539 -s "got named group: secp521r1(0019)" \
7540 -s "Verifying peer X.509 certificate... ok" \
7541 -c "Protocol is TLSv1.3" \
7542 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7543 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7544 -c "NamedGroup: secp521r1 ( 19 )" \
7545 -c "Verifying peer X.509 certificate... ok" \
7546 -C "received HelloRetryRequest message"
7547
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7548requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7549requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7550requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7551requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7552requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7553requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7554requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7555requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7556run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
7557 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7558 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
7559 0 \
7560 -s "Protocol is TLSv1.3" \
7561 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7562 -s "received signature algorithm: 0x503" \
7563 -s "got named group: secp521r1(0019)" \
7564 -s "Verifying peer X.509 certificate... ok" \
7565 -c "Protocol is TLSv1.3" \
7566 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7567 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7568 -c "NamedGroup: secp521r1 ( 19 )" \
7569 -c "Verifying peer X.509 certificate... ok" \
7570 -C "received HelloRetryRequest message"
7571
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7572requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7573requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7574requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7575requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7576requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7577requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7578requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7579requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7580run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
7581 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7582 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
7583 0 \
7584 -s "Protocol is TLSv1.3" \
7585 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7586 -s "received signature algorithm: 0x603" \
7587 -s "got named group: secp521r1(0019)" \
7588 -s "Verifying peer X.509 certificate... ok" \
7589 -c "Protocol is TLSv1.3" \
7590 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7591 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7592 -c "NamedGroup: secp521r1 ( 19 )" \
7593 -c "Verifying peer X.509 certificate... ok" \
7594 -C "received HelloRetryRequest message"
7595
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7596requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7597requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7598requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7599requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7600requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7601requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7602requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7603requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7604requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7605requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7606run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
7607 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7608 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
7609 0 \
7610 -s "Protocol is TLSv1.3" \
7611 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7612 -s "received signature algorithm: 0x804" \
7613 -s "got named group: secp521r1(0019)" \
7614 -s "Verifying peer X.509 certificate... ok" \
7615 -c "Protocol is TLSv1.3" \
7616 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7617 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7618 -c "NamedGroup: secp521r1 ( 19 )" \
7619 -c "Verifying peer X.509 certificate... ok" \
7620 -C "received HelloRetryRequest message"
7621
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7622requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7623requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7624requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7625requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7626requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7627requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7628requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7629requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7630run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
7631 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7632 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
7633 0 \
7634 -s "Protocol is TLSv1.3" \
7635 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7636 -s "received signature algorithm: 0x403" \
7637 -s "got named group: x25519(001d)" \
7638 -s "Verifying peer X.509 certificate... ok" \
7639 -c "Protocol is TLSv1.3" \
7640 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7641 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7642 -c "NamedGroup: x25519 ( 1d )" \
7643 -c "Verifying peer X.509 certificate... ok" \
7644 -C "received HelloRetryRequest message"
7645
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7646requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7647requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7648requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7649requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7650requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7651requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7652requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7653requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7654run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
7655 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7656 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
7657 0 \
7658 -s "Protocol is TLSv1.3" \
7659 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7660 -s "received signature algorithm: 0x503" \
7661 -s "got named group: x25519(001d)" \
7662 -s "Verifying peer X.509 certificate... ok" \
7663 -c "Protocol is TLSv1.3" \
7664 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7665 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7666 -c "NamedGroup: x25519 ( 1d )" \
7667 -c "Verifying peer X.509 certificate... ok" \
7668 -C "received HelloRetryRequest message"
7669
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7670requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7671requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7672requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7673requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7674requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7675requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7676requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7677requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7678run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
7679 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7680 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
7681 0 \
7682 -s "Protocol is TLSv1.3" \
7683 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7684 -s "received signature algorithm: 0x603" \
7685 -s "got named group: x25519(001d)" \
7686 -s "Verifying peer X.509 certificate... ok" \
7687 -c "Protocol is TLSv1.3" \
7688 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7689 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7690 -c "NamedGroup: x25519 ( 1d )" \
7691 -c "Verifying peer X.509 certificate... ok" \
7692 -C "received HelloRetryRequest message"
7693
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7694requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7695requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7696requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7697requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7698requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7699requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7700requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7701requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7702requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7703requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7704run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
7705 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7706 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
7707 0 \
7708 -s "Protocol is TLSv1.3" \
7709 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7710 -s "received signature algorithm: 0x804" \
7711 -s "got named group: x25519(001d)" \
7712 -s "Verifying peer X.509 certificate... ok" \
7713 -c "Protocol is TLSv1.3" \
7714 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7715 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7716 -c "NamedGroup: x25519 ( 1d )" \
7717 -c "Verifying peer X.509 certificate... ok" \
7718 -C "received HelloRetryRequest message"
7719
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7720requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7721requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7722requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7723requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7724requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7725requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7726requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7727requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7728run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
7729 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7730 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
7731 0 \
7732 -s "Protocol is TLSv1.3" \
7733 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7734 -s "received signature algorithm: 0x403" \
7735 -s "got named group: x448(001e)" \
7736 -s "Verifying peer X.509 certificate... ok" \
7737 -c "Protocol is TLSv1.3" \
7738 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7739 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7740 -c "NamedGroup: x448 ( 1e )" \
7741 -c "Verifying peer X.509 certificate... ok" \
7742 -C "received HelloRetryRequest message"
7743
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7744requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7745requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7746requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7747requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7748requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7749requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7750requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7751requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7752run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
7753 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7754 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
7755 0 \
7756 -s "Protocol is TLSv1.3" \
7757 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7758 -s "received signature algorithm: 0x503" \
7759 -s "got named group: x448(001e)" \
7760 -s "Verifying peer X.509 certificate... ok" \
7761 -c "Protocol is TLSv1.3" \
7762 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7763 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7764 -c "NamedGroup: x448 ( 1e )" \
7765 -c "Verifying peer X.509 certificate... ok" \
7766 -C "received HelloRetryRequest message"
7767
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7768requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7769requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7770requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7771requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7772requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7773requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7774requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7775requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7776run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
7777 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7778 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
7779 0 \
7780 -s "Protocol is TLSv1.3" \
7781 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7782 -s "received signature algorithm: 0x603" \
7783 -s "got named group: x448(001e)" \
7784 -s "Verifying peer X.509 certificate... ok" \
7785 -c "Protocol is TLSv1.3" \
7786 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7787 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7788 -c "NamedGroup: x448 ( 1e )" \
7789 -c "Verifying peer X.509 certificate... ok" \
7790 -C "received HelloRetryRequest message"
7791
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7792requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7793requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7794requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7795requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7796requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7797requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7798requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7799requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7800requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7801requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7802run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
7803 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7804 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
7805 0 \
7806 -s "Protocol is TLSv1.3" \
7807 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
7808 -s "received signature algorithm: 0x804" \
7809 -s "got named group: x448(001e)" \
7810 -s "Verifying peer X.509 certificate... ok" \
7811 -c "Protocol is TLSv1.3" \
7812 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
7813 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7814 -c "NamedGroup: x448 ( 1e )" \
7815 -c "Verifying peer X.509 certificate... ok" \
7816 -C "received HelloRetryRequest message"
7817
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7818requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7819requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7820requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7822requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7823requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7824requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7825requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7826run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
7827 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7828 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
7829 0 \
7830 -s "Protocol is TLSv1.3" \
7831 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
7832 -s "received signature algorithm: 0x403" \
7833 -s "got named group: secp256r1(0017)" \
7834 -s "Verifying peer X.509 certificate... ok" \
7835 -c "Protocol is TLSv1.3" \
7836 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7837 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7838 -c "NamedGroup: secp256r1 ( 17 )" \
7839 -c "Verifying peer X.509 certificate... ok" \
7840 -C "received HelloRetryRequest message"
7841
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7842requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7843requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7844requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7845requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7846requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7847requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7848requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7849requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7850run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
7851 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7852 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
7853 0 \
7854 -s "Protocol is TLSv1.3" \
7855 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
7856 -s "received signature algorithm: 0x503" \
7857 -s "got named group: secp256r1(0017)" \
7858 -s "Verifying peer X.509 certificate... ok" \
7859 -c "Protocol is TLSv1.3" \
7860 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7861 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7862 -c "NamedGroup: secp256r1 ( 17 )" \
7863 -c "Verifying peer X.509 certificate... ok" \
7864 -C "received HelloRetryRequest message"
7865
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7866requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7867requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7868requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7869requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7870requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7871requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7872requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7873requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7874run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
7875 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7876 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
7877 0 \
7878 -s "Protocol is TLSv1.3" \
7879 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
7880 -s "received signature algorithm: 0x603" \
7881 -s "got named group: secp256r1(0017)" \
7882 -s "Verifying peer X.509 certificate... ok" \
7883 -c "Protocol is TLSv1.3" \
7884 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7885 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7886 -c "NamedGroup: secp256r1 ( 17 )" \
7887 -c "Verifying peer X.509 certificate... ok" \
7888 -C "received HelloRetryRequest message"
7889
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7890requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7891requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7892requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7893requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7894requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7895requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7896requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7897requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7898requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7899requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7900run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
7901 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7902 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
7903 0 \
7904 -s "Protocol is TLSv1.3" \
7905 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
7906 -s "received signature algorithm: 0x804" \
7907 -s "got named group: secp256r1(0017)" \
7908 -s "Verifying peer X.509 certificate... ok" \
7909 -c "Protocol is TLSv1.3" \
7910 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7911 -c "Certificate Verify: Signature algorithm ( 0804 )" \
7912 -c "NamedGroup: secp256r1 ( 17 )" \
7913 -c "Verifying peer X.509 certificate... ok" \
7914 -C "received HelloRetryRequest message"
7915
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7916requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7917requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7918requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7919requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7920requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7921requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7922requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7923requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7924run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
7925 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7926 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
7927 0 \
7928 -s "Protocol is TLSv1.3" \
7929 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
7930 -s "received signature algorithm: 0x403" \
7931 -s "got named group: secp384r1(0018)" \
7932 -s "Verifying peer X.509 certificate... ok" \
7933 -c "Protocol is TLSv1.3" \
7934 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7935 -c "Certificate Verify: Signature algorithm ( 0403 )" \
7936 -c "NamedGroup: secp384r1 ( 18 )" \
7937 -c "Verifying peer X.509 certificate... ok" \
7938 -C "received HelloRetryRequest message"
7939
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7940requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7941requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7942requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7943requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7944requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7945requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7946requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7947requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7948run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
7949 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7950 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
7951 0 \
7952 -s "Protocol is TLSv1.3" \
7953 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
7954 -s "received signature algorithm: 0x503" \
7955 -s "got named group: secp384r1(0018)" \
7956 -s "Verifying peer X.509 certificate... ok" \
7957 -c "Protocol is TLSv1.3" \
7958 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7959 -c "Certificate Verify: Signature algorithm ( 0503 )" \
7960 -c "NamedGroup: secp384r1 ( 18 )" \
7961 -c "Verifying peer X.509 certificate... ok" \
7962 -C "received HelloRetryRequest message"
7963
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7964requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7965requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7966requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7967requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7968requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7969requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7970requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7971requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7972run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
7973 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
7974 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
7975 0 \
7976 -s "Protocol is TLSv1.3" \
7977 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
7978 -s "received signature algorithm: 0x603" \
7979 -s "got named group: secp384r1(0018)" \
7980 -s "Verifying peer X.509 certificate... ok" \
7981 -c "Protocol is TLSv1.3" \
7982 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
7983 -c "Certificate Verify: Signature algorithm ( 0603 )" \
7984 -c "NamedGroup: secp384r1 ( 18 )" \
7985 -c "Verifying peer X.509 certificate... ok" \
7986 -C "received HelloRetryRequest message"
7987
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]7988requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7989requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7990requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7991requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7992requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7993requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]7994requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]7995requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7996requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
7997requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
7998run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
7999 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8000 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
8001 0 \
8002 -s "Protocol is TLSv1.3" \
8003 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8004 -s "received signature algorithm: 0x804" \
8005 -s "got named group: secp384r1(0018)" \
8006 -s "Verifying peer X.509 certificate... ok" \
8007 -c "Protocol is TLSv1.3" \
8008 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8009 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8010 -c "NamedGroup: secp384r1 ( 18 )" \
8011 -c "Verifying peer X.509 certificate... ok" \
8012 -C "received HelloRetryRequest message"
8013
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8014requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8015requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8016requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8017requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8018requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8019requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8020requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8021requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8022run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
8023 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8024 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
8025 0 \
8026 -s "Protocol is TLSv1.3" \
8027 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8028 -s "received signature algorithm: 0x403" \
8029 -s "got named group: secp521r1(0019)" \
8030 -s "Verifying peer X.509 certificate... ok" \
8031 -c "Protocol is TLSv1.3" \
8032 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8033 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8034 -c "NamedGroup: secp521r1 ( 19 )" \
8035 -c "Verifying peer X.509 certificate... ok" \
8036 -C "received HelloRetryRequest message"
8037
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8038requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8039requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8040requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8041requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8042requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8043requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8044requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8045requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8046run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
8047 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8048 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
8049 0 \
8050 -s "Protocol is TLSv1.3" \
8051 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8052 -s "received signature algorithm: 0x503" \
8053 -s "got named group: secp521r1(0019)" \
8054 -s "Verifying peer X.509 certificate... ok" \
8055 -c "Protocol is TLSv1.3" \
8056 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8057 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8058 -c "NamedGroup: secp521r1 ( 19 )" \
8059 -c "Verifying peer X.509 certificate... ok" \
8060 -C "received HelloRetryRequest message"
8061
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8062requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8063requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8064requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8065requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8066requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8067requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8068requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8069requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8070run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
8071 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8072 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
8073 0 \
8074 -s "Protocol is TLSv1.3" \
8075 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8076 -s "received signature algorithm: 0x603" \
8077 -s "got named group: secp521r1(0019)" \
8078 -s "Verifying peer X.509 certificate... ok" \
8079 -c "Protocol is TLSv1.3" \
8080 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8081 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8082 -c "NamedGroup: secp521r1 ( 19 )" \
8083 -c "Verifying peer X.509 certificate... ok" \
8084 -C "received HelloRetryRequest message"
8085
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8086requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8087requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8088requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8089requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8090requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8091requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8092requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8093requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8094requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8095requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8096run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
8097 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8098 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
8099 0 \
8100 -s "Protocol is TLSv1.3" \
8101 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8102 -s "received signature algorithm: 0x804" \
8103 -s "got named group: secp521r1(0019)" \
8104 -s "Verifying peer X.509 certificate... ok" \
8105 -c "Protocol is TLSv1.3" \
8106 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8107 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8108 -c "NamedGroup: secp521r1 ( 19 )" \
8109 -c "Verifying peer X.509 certificate... ok" \
8110 -C "received HelloRetryRequest message"
8111
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8112requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8113requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8114requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8115requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8116requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8117requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8118requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8119requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8120run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
8121 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8122 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
8123 0 \
8124 -s "Protocol is TLSv1.3" \
8125 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8126 -s "received signature algorithm: 0x403" \
8127 -s "got named group: x25519(001d)" \
8128 -s "Verifying peer X.509 certificate... ok" \
8129 -c "Protocol is TLSv1.3" \
8130 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8131 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8132 -c "NamedGroup: x25519 ( 1d )" \
8133 -c "Verifying peer X.509 certificate... ok" \
8134 -C "received HelloRetryRequest message"
8135
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8136requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8137requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8138requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8139requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8140requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8141requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8142requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8143requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8144run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
8145 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8146 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
8147 0 \
8148 -s "Protocol is TLSv1.3" \
8149 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8150 -s "received signature algorithm: 0x503" \
8151 -s "got named group: x25519(001d)" \
8152 -s "Verifying peer X.509 certificate... ok" \
8153 -c "Protocol is TLSv1.3" \
8154 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8155 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8156 -c "NamedGroup: x25519 ( 1d )" \
8157 -c "Verifying peer X.509 certificate... ok" \
8158 -C "received HelloRetryRequest message"
8159
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8160requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8161requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8162requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8163requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8164requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8165requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8166requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8167requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8168run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
8169 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8170 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
8171 0 \
8172 -s "Protocol is TLSv1.3" \
8173 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8174 -s "received signature algorithm: 0x603" \
8175 -s "got named group: x25519(001d)" \
8176 -s "Verifying peer X.509 certificate... ok" \
8177 -c "Protocol is TLSv1.3" \
8178 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8179 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8180 -c "NamedGroup: x25519 ( 1d )" \
8181 -c "Verifying peer X.509 certificate... ok" \
8182 -C "received HelloRetryRequest message"
8183
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8184requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8185requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8186requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8188requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8189requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8190requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8191requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8192requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8193requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8194run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
8195 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8196 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
8197 0 \
8198 -s "Protocol is TLSv1.3" \
8199 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8200 -s "received signature algorithm: 0x804" \
8201 -s "got named group: x25519(001d)" \
8202 -s "Verifying peer X.509 certificate... ok" \
8203 -c "Protocol is TLSv1.3" \
8204 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8205 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8206 -c "NamedGroup: x25519 ( 1d )" \
8207 -c "Verifying peer X.509 certificate... ok" \
8208 -C "received HelloRetryRequest message"
8209
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8210requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8211requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8212requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8213requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8214requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8215requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8216requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8217requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8218run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
8219 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8220 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
8221 0 \
8222 -s "Protocol is TLSv1.3" \
8223 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8224 -s "received signature algorithm: 0x403" \
8225 -s "got named group: x448(001e)" \
8226 -s "Verifying peer X.509 certificate... ok" \
8227 -c "Protocol is TLSv1.3" \
8228 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8229 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8230 -c "NamedGroup: x448 ( 1e )" \
8231 -c "Verifying peer X.509 certificate... ok" \
8232 -C "received HelloRetryRequest message"
8233
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8234requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8235requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8236requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8237requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8238requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8239requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8240requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8241requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8242run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
8243 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8244 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
8245 0 \
8246 -s "Protocol is TLSv1.3" \
8247 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8248 -s "received signature algorithm: 0x503" \
8249 -s "got named group: x448(001e)" \
8250 -s "Verifying peer X.509 certificate... ok" \
8251 -c "Protocol is TLSv1.3" \
8252 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8253 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8254 -c "NamedGroup: x448 ( 1e )" \
8255 -c "Verifying peer X.509 certificate... ok" \
8256 -C "received HelloRetryRequest message"
8257
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8258requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8259requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8260requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8261requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8262requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8263requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8264requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8265requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8266run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
8267 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8268 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
8269 0 \
8270 -s "Protocol is TLSv1.3" \
8271 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8272 -s "received signature algorithm: 0x603" \
8273 -s "got named group: x448(001e)" \
8274 -s "Verifying peer X.509 certificate... ok" \
8275 -c "Protocol is TLSv1.3" \
8276 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8277 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8278 -c "NamedGroup: x448 ( 1e )" \
8279 -c "Verifying peer X.509 certificate... ok" \
8280 -C "received HelloRetryRequest message"
8281
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8282requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8283requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8284requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8286requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8287requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8288requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8289requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8290requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8291requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8292run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
8293 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8294 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
8295 0 \
8296 -s "Protocol is TLSv1.3" \
8297 -s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
8298 -s "received signature algorithm: 0x804" \
8299 -s "got named group: x448(001e)" \
8300 -s "Verifying peer X.509 certificate... ok" \
8301 -c "Protocol is TLSv1.3" \
8302 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
8303 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8304 -c "NamedGroup: x448 ( 1e )" \
8305 -c "Verifying peer X.509 certificate... ok" \
8306 -C "received HelloRetryRequest message"
8307
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8308requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8309requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8310requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8311requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8312requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8313requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8314requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8315requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8316run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
8317 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8318 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
8319 0 \
8320 -s "Protocol is TLSv1.3" \
8321 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8322 -s "received signature algorithm: 0x403" \
8323 -s "got named group: secp256r1(0017)" \
8324 -s "Verifying peer X.509 certificate... ok" \
8325 -c "Protocol is TLSv1.3" \
8326 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8327 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8328 -c "NamedGroup: secp256r1 ( 17 )" \
8329 -c "Verifying peer X.509 certificate... ok" \
8330 -C "received HelloRetryRequest message"
8331
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8332requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8333requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8334requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8335requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8336requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8337requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8338requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8340run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
8341 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8342 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
8343 0 \
8344 -s "Protocol is TLSv1.3" \
8345 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8346 -s "received signature algorithm: 0x503" \
8347 -s "got named group: secp256r1(0017)" \
8348 -s "Verifying peer X.509 certificate... ok" \
8349 -c "Protocol is TLSv1.3" \
8350 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8351 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8352 -c "NamedGroup: secp256r1 ( 17 )" \
8353 -c "Verifying peer X.509 certificate... ok" \
8354 -C "received HelloRetryRequest message"
8355
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8356requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8357requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8358requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8360requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8361requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8362requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8363requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8364run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
8365 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8366 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
8367 0 \
8368 -s "Protocol is TLSv1.3" \
8369 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8370 -s "received signature algorithm: 0x603" \
8371 -s "got named group: secp256r1(0017)" \
8372 -s "Verifying peer X.509 certificate... ok" \
8373 -c "Protocol is TLSv1.3" \
8374 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8375 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8376 -c "NamedGroup: secp256r1 ( 17 )" \
8377 -c "Verifying peer X.509 certificate... ok" \
8378 -C "received HelloRetryRequest message"
8379
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8380requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8381requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8382requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8383requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8384requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8385requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8386requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8387requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8388requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8389requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8390run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
8391 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8392 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
8393 0 \
8394 -s "Protocol is TLSv1.3" \
8395 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8396 -s "received signature algorithm: 0x804" \
8397 -s "got named group: secp256r1(0017)" \
8398 -s "Verifying peer X.509 certificate... ok" \
8399 -c "Protocol is TLSv1.3" \
8400 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8401 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8402 -c "NamedGroup: secp256r1 ( 17 )" \
8403 -c "Verifying peer X.509 certificate... ok" \
8404 -C "received HelloRetryRequest message"
8405
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8406requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8407requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8408requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8409requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8410requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8411requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8412requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8413requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8414run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
8415 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8416 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
8417 0 \
8418 -s "Protocol is TLSv1.3" \
8419 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8420 -s "received signature algorithm: 0x403" \
8421 -s "got named group: secp384r1(0018)" \
8422 -s "Verifying peer X.509 certificate... ok" \
8423 -c "Protocol is TLSv1.3" \
8424 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8425 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8426 -c "NamedGroup: secp384r1 ( 18 )" \
8427 -c "Verifying peer X.509 certificate... ok" \
8428 -C "received HelloRetryRequest message"
8429
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8430requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8431requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8432requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8433requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8434requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8435requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8436requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8437requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8438run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
8439 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8440 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
8441 0 \
8442 -s "Protocol is TLSv1.3" \
8443 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8444 -s "received signature algorithm: 0x503" \
8445 -s "got named group: secp384r1(0018)" \
8446 -s "Verifying peer X.509 certificate... ok" \
8447 -c "Protocol is TLSv1.3" \
8448 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8449 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8450 -c "NamedGroup: secp384r1 ( 18 )" \
8451 -c "Verifying peer X.509 certificate... ok" \
8452 -C "received HelloRetryRequest message"
8453
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8454requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8455requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8456requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8457requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8458requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8459requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8460requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8461requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8462run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
8463 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8464 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
8465 0 \
8466 -s "Protocol is TLSv1.3" \
8467 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8468 -s "received signature algorithm: 0x603" \
8469 -s "got named group: secp384r1(0018)" \
8470 -s "Verifying peer X.509 certificate... ok" \
8471 -c "Protocol is TLSv1.3" \
8472 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8473 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8474 -c "NamedGroup: secp384r1 ( 18 )" \
8475 -c "Verifying peer X.509 certificate... ok" \
8476 -C "received HelloRetryRequest message"
8477
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8478requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8479requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8480requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8481requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8482requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8483requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8484requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8485requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8486requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8487requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8488run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
8489 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8490 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
8491 0 \
8492 -s "Protocol is TLSv1.3" \
8493 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8494 -s "received signature algorithm: 0x804" \
8495 -s "got named group: secp384r1(0018)" \
8496 -s "Verifying peer X.509 certificate... ok" \
8497 -c "Protocol is TLSv1.3" \
8498 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8499 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8500 -c "NamedGroup: secp384r1 ( 18 )" \
8501 -c "Verifying peer X.509 certificate... ok" \
8502 -C "received HelloRetryRequest message"
8503
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8504requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8505requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8506requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8507requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8508requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8509requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8510requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8511requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8512run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
8513 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8514 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
8515 0 \
8516 -s "Protocol is TLSv1.3" \
8517 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8518 -s "received signature algorithm: 0x403" \
8519 -s "got named group: secp521r1(0019)" \
8520 -s "Verifying peer X.509 certificate... ok" \
8521 -c "Protocol is TLSv1.3" \
8522 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8523 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8524 -c "NamedGroup: secp521r1 ( 19 )" \
8525 -c "Verifying peer X.509 certificate... ok" \
8526 -C "received HelloRetryRequest message"
8527
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8528requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8529requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8530requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8531requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8532requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8533requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8534requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8535requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8536run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
8537 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8538 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
8539 0 \
8540 -s "Protocol is TLSv1.3" \
8541 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8542 -s "received signature algorithm: 0x503" \
8543 -s "got named group: secp521r1(0019)" \
8544 -s "Verifying peer X.509 certificate... ok" \
8545 -c "Protocol is TLSv1.3" \
8546 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8547 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8548 -c "NamedGroup: secp521r1 ( 19 )" \
8549 -c "Verifying peer X.509 certificate... ok" \
8550 -C "received HelloRetryRequest message"
8551
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8552requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8553requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8554requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8555requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8556requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8557requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8558requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8559requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8560run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
8561 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8562 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
8563 0 \
8564 -s "Protocol is TLSv1.3" \
8565 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8566 -s "received signature algorithm: 0x603" \
8567 -s "got named group: secp521r1(0019)" \
8568 -s "Verifying peer X.509 certificate... ok" \
8569 -c "Protocol is TLSv1.3" \
8570 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8571 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8572 -c "NamedGroup: secp521r1 ( 19 )" \
8573 -c "Verifying peer X.509 certificate... ok" \
8574 -C "received HelloRetryRequest message"
8575
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8576requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8577requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8578requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8579requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8580requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8581requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8582requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8583requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8584requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8585requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8586run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
8587 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8588 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
8589 0 \
8590 -s "Protocol is TLSv1.3" \
8591 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8592 -s "received signature algorithm: 0x804" \
8593 -s "got named group: secp521r1(0019)" \
8594 -s "Verifying peer X.509 certificate... ok" \
8595 -c "Protocol is TLSv1.3" \
8596 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8597 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8598 -c "NamedGroup: secp521r1 ( 19 )" \
8599 -c "Verifying peer X.509 certificate... ok" \
8600 -C "received HelloRetryRequest message"
8601
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8602requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8603requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8604requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8605requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8606requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8607requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8608requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8609requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8610run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
8611 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8612 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
8613 0 \
8614 -s "Protocol is TLSv1.3" \
8615 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8616 -s "received signature algorithm: 0x403" \
8617 -s "got named group: x25519(001d)" \
8618 -s "Verifying peer X.509 certificate... ok" \
8619 -c "Protocol is TLSv1.3" \
8620 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8621 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8622 -c "NamedGroup: x25519 ( 1d )" \
8623 -c "Verifying peer X.509 certificate... ok" \
8624 -C "received HelloRetryRequest message"
8625
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8626requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8627requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8628requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8629requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8630requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8631requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8632requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8633requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8634run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
8635 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8636 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
8637 0 \
8638 -s "Protocol is TLSv1.3" \
8639 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8640 -s "received signature algorithm: 0x503" \
8641 -s "got named group: x25519(001d)" \
8642 -s "Verifying peer X.509 certificate... ok" \
8643 -c "Protocol is TLSv1.3" \
8644 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8645 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8646 -c "NamedGroup: x25519 ( 1d )" \
8647 -c "Verifying peer X.509 certificate... ok" \
8648 -C "received HelloRetryRequest message"
8649
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8650requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8651requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8652requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8653requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8654requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8655requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8656requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8657requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8658run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
8659 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8660 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
8661 0 \
8662 -s "Protocol is TLSv1.3" \
8663 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8664 -s "received signature algorithm: 0x603" \
8665 -s "got named group: x25519(001d)" \
8666 -s "Verifying peer X.509 certificate... ok" \
8667 -c "Protocol is TLSv1.3" \
8668 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8669 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8670 -c "NamedGroup: x25519 ( 1d )" \
8671 -c "Verifying peer X.509 certificate... ok" \
8672 -C "received HelloRetryRequest message"
8673
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8674requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8675requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8676requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8677requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8678requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8679requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8680requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8681requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8682requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8683requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8684run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
8685 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8686 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
8687 0 \
8688 -s "Protocol is TLSv1.3" \
8689 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8690 -s "received signature algorithm: 0x804" \
8691 -s "got named group: x25519(001d)" \
8692 -s "Verifying peer X.509 certificate... ok" \
8693 -c "Protocol is TLSv1.3" \
8694 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8695 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8696 -c "NamedGroup: x25519 ( 1d )" \
8697 -c "Verifying peer X.509 certificate... ok" \
8698 -C "received HelloRetryRequest message"
8699
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8700requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8701requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8702requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8703requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8704requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8705requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8706requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8707requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8708run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
8709 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8710 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
8711 0 \
8712 -s "Protocol is TLSv1.3" \
8713 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8714 -s "received signature algorithm: 0x403" \
8715 -s "got named group: x448(001e)" \
8716 -s "Verifying peer X.509 certificate... ok" \
8717 -c "Protocol is TLSv1.3" \
8718 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8719 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8720 -c "NamedGroup: x448 ( 1e )" \
8721 -c "Verifying peer X.509 certificate... ok" \
8722 -C "received HelloRetryRequest message"
8723
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8724requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8725requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8726requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8727requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8728requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8729requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8730requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8731requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8732run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
8733 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8734 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
8735 0 \
8736 -s "Protocol is TLSv1.3" \
8737 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8738 -s "received signature algorithm: 0x503" \
8739 -s "got named group: x448(001e)" \
8740 -s "Verifying peer X.509 certificate... ok" \
8741 -c "Protocol is TLSv1.3" \
8742 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8743 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8744 -c "NamedGroup: x448 ( 1e )" \
8745 -c "Verifying peer X.509 certificate... ok" \
8746 -C "received HelloRetryRequest message"
8747
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8748requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8749requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8750requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8751requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8752requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8753requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8754requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8756run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
8757 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8758 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
8759 0 \
8760 -s "Protocol is TLSv1.3" \
8761 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8762 -s "received signature algorithm: 0x603" \
8763 -s "got named group: x448(001e)" \
8764 -s "Verifying peer X.509 certificate... ok" \
8765 -c "Protocol is TLSv1.3" \
8766 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8767 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8768 -c "NamedGroup: x448 ( 1e )" \
8769 -c "Verifying peer X.509 certificate... ok" \
8770 -C "received HelloRetryRequest message"
8771
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8772requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8773requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8774requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8775requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8776requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8777requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8778requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8779requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8780requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8781requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8782run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
8783 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8784 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
8785 0 \
8786 -s "Protocol is TLSv1.3" \
8787 -s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
8788 -s "received signature algorithm: 0x804" \
8789 -s "got named group: x448(001e)" \
8790 -s "Verifying peer X.509 certificate... ok" \
8791 -c "Protocol is TLSv1.3" \
8792 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
8793 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8794 -c "NamedGroup: x448 ( 1e )" \
8795 -c "Verifying peer X.509 certificate... ok" \
8796 -C "received HelloRetryRequest message"
8797
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8798requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8799requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8800requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8801requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8802requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8803requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8804requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8805requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8806run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
8807 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8808 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
8809 0 \
8810 -s "Protocol is TLSv1.3" \
8811 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
8812 -s "received signature algorithm: 0x403" \
8813 -s "got named group: secp256r1(0017)" \
8814 -s "Verifying peer X.509 certificate... ok" \
8815 -c "Protocol is TLSv1.3" \
8816 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8817 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8818 -c "NamedGroup: secp256r1 ( 17 )" \
8819 -c "Verifying peer X.509 certificate... ok" \
8820 -C "received HelloRetryRequest message"
8821
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8822requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8823requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8824requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8825requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8826requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8827requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8828requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8829requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8830run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
8831 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8832 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
8833 0 \
8834 -s "Protocol is TLSv1.3" \
8835 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
8836 -s "received signature algorithm: 0x503" \
8837 -s "got named group: secp256r1(0017)" \
8838 -s "Verifying peer X.509 certificate... ok" \
8839 -c "Protocol is TLSv1.3" \
8840 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8841 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8842 -c "NamedGroup: secp256r1 ( 17 )" \
8843 -c "Verifying peer X.509 certificate... ok" \
8844 -C "received HelloRetryRequest message"
8845
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8846requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8847requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8848requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8849requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8850requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8851requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8852requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8853requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8854run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
8855 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8856 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
8857 0 \
8858 -s "Protocol is TLSv1.3" \
8859 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
8860 -s "received signature algorithm: 0x603" \
8861 -s "got named group: secp256r1(0017)" \
8862 -s "Verifying peer X.509 certificate... ok" \
8863 -c "Protocol is TLSv1.3" \
8864 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8865 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8866 -c "NamedGroup: secp256r1 ( 17 )" \
8867 -c "Verifying peer X.509 certificate... ok" \
8868 -C "received HelloRetryRequest message"
8869
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8870requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8871requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8872requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8873requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8874requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8875requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8876requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8877requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8878requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8879requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8880run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
8881 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8882 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
8883 0 \
8884 -s "Protocol is TLSv1.3" \
8885 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
8886 -s "received signature algorithm: 0x804" \
8887 -s "got named group: secp256r1(0017)" \
8888 -s "Verifying peer X.509 certificate... ok" \
8889 -c "Protocol is TLSv1.3" \
8890 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8891 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8892 -c "NamedGroup: secp256r1 ( 17 )" \
8893 -c "Verifying peer X.509 certificate... ok" \
8894 -C "received HelloRetryRequest message"
8895
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8896requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8897requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8898requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8899requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8900requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8901requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8902requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8903requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8904run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
8905 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8906 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
8907 0 \
8908 -s "Protocol is TLSv1.3" \
8909 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
8910 -s "received signature algorithm: 0x403" \
8911 -s "got named group: secp384r1(0018)" \
8912 -s "Verifying peer X.509 certificate... ok" \
8913 -c "Protocol is TLSv1.3" \
8914 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8915 -c "Certificate Verify: Signature algorithm ( 0403 )" \
8916 -c "NamedGroup: secp384r1 ( 18 )" \
8917 -c "Verifying peer X.509 certificate... ok" \
8918 -C "received HelloRetryRequest message"
8919
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8920requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8921requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8922requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8923requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8924requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8925requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8926requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8927requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8928run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
8929 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8930 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
8931 0 \
8932 -s "Protocol is TLSv1.3" \
8933 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
8934 -s "received signature algorithm: 0x503" \
8935 -s "got named group: secp384r1(0018)" \
8936 -s "Verifying peer X.509 certificate... ok" \
8937 -c "Protocol is TLSv1.3" \
8938 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8939 -c "Certificate Verify: Signature algorithm ( 0503 )" \
8940 -c "NamedGroup: secp384r1 ( 18 )" \
8941 -c "Verifying peer X.509 certificate... ok" \
8942 -C "received HelloRetryRequest message"
8943
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8944requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8945requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8946requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8947requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8948requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8949requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8950requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8951requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8952run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
8953 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8954 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
8955 0 \
8956 -s "Protocol is TLSv1.3" \
8957 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
8958 -s "received signature algorithm: 0x603" \
8959 -s "got named group: secp384r1(0018)" \
8960 -s "Verifying peer X.509 certificate... ok" \
8961 -c "Protocol is TLSv1.3" \
8962 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8963 -c "Certificate Verify: Signature algorithm ( 0603 )" \
8964 -c "NamedGroup: secp384r1 ( 18 )" \
8965 -c "Verifying peer X.509 certificate... ok" \
8966 -C "received HelloRetryRequest message"
8967
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8968requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8969requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8970requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8971requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8972requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8973requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8974requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8975requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8976requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
8977requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
8978run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
8979 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
8980 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
8981 0 \
8982 -s "Protocol is TLSv1.3" \
8983 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
8984 -s "received signature algorithm: 0x804" \
8985 -s "got named group: secp384r1(0018)" \
8986 -s "Verifying peer X.509 certificate... ok" \
8987 -c "Protocol is TLSv1.3" \
8988 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
8989 -c "Certificate Verify: Signature algorithm ( 0804 )" \
8990 -c "NamedGroup: secp384r1 ( 18 )" \
8991 -c "Verifying peer X.509 certificate... ok" \
8992 -C "received HelloRetryRequest message"
8993
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]8994requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8995requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8996requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
8997requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]8998requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]8999requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9000requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9001requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9002run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
9003 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9004 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
9005 0 \
9006 -s "Protocol is TLSv1.3" \
9007 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9008 -s "received signature algorithm: 0x403" \
9009 -s "got named group: secp521r1(0019)" \
9010 -s "Verifying peer X.509 certificate... ok" \
9011 -c "Protocol is TLSv1.3" \
9012 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9013 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9014 -c "NamedGroup: secp521r1 ( 19 )" \
9015 -c "Verifying peer X.509 certificate... ok" \
9016 -C "received HelloRetryRequest message"
9017
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9018requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9019requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9020requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9021requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9022requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9023requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9024requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9025requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9026run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
9027 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9028 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
9029 0 \
9030 -s "Protocol is TLSv1.3" \
9031 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9032 -s "received signature algorithm: 0x503" \
9033 -s "got named group: secp521r1(0019)" \
9034 -s "Verifying peer X.509 certificate... ok" \
9035 -c "Protocol is TLSv1.3" \
9036 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9037 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9038 -c "NamedGroup: secp521r1 ( 19 )" \
9039 -c "Verifying peer X.509 certificate... ok" \
9040 -C "received HelloRetryRequest message"
9041
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9042requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9043requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9044requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9045requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9046requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9047requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9048requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9049requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9050run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
9051 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9052 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
9053 0 \
9054 -s "Protocol is TLSv1.3" \
9055 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9056 -s "received signature algorithm: 0x603" \
9057 -s "got named group: secp521r1(0019)" \
9058 -s "Verifying peer X.509 certificate... ok" \
9059 -c "Protocol is TLSv1.3" \
9060 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9061 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9062 -c "NamedGroup: secp521r1 ( 19 )" \
9063 -c "Verifying peer X.509 certificate... ok" \
9064 -C "received HelloRetryRequest message"
9065
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9066requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9067requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9068requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9069requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9070requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9071requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9072requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9073requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9074requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9075requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9076run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
9077 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9078 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
9079 0 \
9080 -s "Protocol is TLSv1.3" \
9081 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9082 -s "received signature algorithm: 0x804" \
9083 -s "got named group: secp521r1(0019)" \
9084 -s "Verifying peer X.509 certificate... ok" \
9085 -c "Protocol is TLSv1.3" \
9086 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9087 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9088 -c "NamedGroup: secp521r1 ( 19 )" \
9089 -c "Verifying peer X.509 certificate... ok" \
9090 -C "received HelloRetryRequest message"
9091
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9092requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9093requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9094requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9095requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9096requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9097requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9098requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9099requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9100run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
9101 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9102 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
9103 0 \
9104 -s "Protocol is TLSv1.3" \
9105 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9106 -s "received signature algorithm: 0x403" \
9107 -s "got named group: x25519(001d)" \
9108 -s "Verifying peer X.509 certificate... ok" \
9109 -c "Protocol is TLSv1.3" \
9110 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9111 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9112 -c "NamedGroup: x25519 ( 1d )" \
9113 -c "Verifying peer X.509 certificate... ok" \
9114 -C "received HelloRetryRequest message"
9115
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9116requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9117requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9118requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9119requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9120requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9121requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9122requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9123requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9124run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
9125 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9126 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
9127 0 \
9128 -s "Protocol is TLSv1.3" \
9129 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9130 -s "received signature algorithm: 0x503" \
9131 -s "got named group: x25519(001d)" \
9132 -s "Verifying peer X.509 certificate... ok" \
9133 -c "Protocol is TLSv1.3" \
9134 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9135 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9136 -c "NamedGroup: x25519 ( 1d )" \
9137 -c "Verifying peer X.509 certificate... ok" \
9138 -C "received HelloRetryRequest message"
9139
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9140requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9141requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9142requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9143requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9144requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9145requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9146requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9147requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9148run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
9149 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9150 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
9151 0 \
9152 -s "Protocol is TLSv1.3" \
9153 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9154 -s "received signature algorithm: 0x603" \
9155 -s "got named group: x25519(001d)" \
9156 -s "Verifying peer X.509 certificate... ok" \
9157 -c "Protocol is TLSv1.3" \
9158 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9159 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9160 -c "NamedGroup: x25519 ( 1d )" \
9161 -c "Verifying peer X.509 certificate... ok" \
9162 -C "received HelloRetryRequest message"
9163
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9164requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9165requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9166requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9167requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9168requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9169requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9170requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9171requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9172requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9173requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9174run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
9175 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9176 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
9177 0 \
9178 -s "Protocol is TLSv1.3" \
9179 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9180 -s "received signature algorithm: 0x804" \
9181 -s "got named group: x25519(001d)" \
9182 -s "Verifying peer X.509 certificate... ok" \
9183 -c "Protocol is TLSv1.3" \
9184 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9185 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9186 -c "NamedGroup: x25519 ( 1d )" \
9187 -c "Verifying peer X.509 certificate... ok" \
9188 -C "received HelloRetryRequest message"
9189
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9190requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9191requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9192requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9193requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9194requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9195requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9196requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9197requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9198run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
9199 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9200 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
9201 0 \
9202 -s "Protocol is TLSv1.3" \
9203 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9204 -s "received signature algorithm: 0x403" \
9205 -s "got named group: x448(001e)" \
9206 -s "Verifying peer X.509 certificate... ok" \
9207 -c "Protocol is TLSv1.3" \
9208 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9209 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9210 -c "NamedGroup: x448 ( 1e )" \
9211 -c "Verifying peer X.509 certificate... ok" \
9212 -C "received HelloRetryRequest message"
9213
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9214requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9215requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9216requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9217requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9218requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9219requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9220requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9222run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
9223 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9224 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
9225 0 \
9226 -s "Protocol is TLSv1.3" \
9227 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9228 -s "received signature algorithm: 0x503" \
9229 -s "got named group: x448(001e)" \
9230 -s "Verifying peer X.509 certificate... ok" \
9231 -c "Protocol is TLSv1.3" \
9232 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9233 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9234 -c "NamedGroup: x448 ( 1e )" \
9235 -c "Verifying peer X.509 certificate... ok" \
9236 -C "received HelloRetryRequest message"
9237
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9238requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9239requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9240requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9241requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9242requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9243requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9244requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9245requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9246run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
9247 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9248 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
9249 0 \
9250 -s "Protocol is TLSv1.3" \
9251 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9252 -s "received signature algorithm: 0x603" \
9253 -s "got named group: x448(001e)" \
9254 -s "Verifying peer X.509 certificate... ok" \
9255 -c "Protocol is TLSv1.3" \
9256 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9257 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9258 -c "NamedGroup: x448 ( 1e )" \
9259 -c "Verifying peer X.509 certificate... ok" \
9260 -C "received HelloRetryRequest message"
9261
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9262requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9263requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9264requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9265requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9266requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9267requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9268requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9269requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9270requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9271requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9272run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
9273 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9274 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
9275 0 \
9276 -s "Protocol is TLSv1.3" \
9277 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
9278 -s "received signature algorithm: 0x804" \
9279 -s "got named group: x448(001e)" \
9280 -s "Verifying peer X.509 certificate... ok" \
9281 -c "Protocol is TLSv1.3" \
9282 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
9283 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9284 -c "NamedGroup: x448 ( 1e )" \
9285 -c "Verifying peer X.509 certificate... ok" \
9286 -C "received HelloRetryRequest message"
9287
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9288requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9289requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9290requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9291requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9292requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9293requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9294requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9295requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9296run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
9297 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9298 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
9299 0 \
9300 -s "Protocol is TLSv1.3" \
9301 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9302 -s "received signature algorithm: 0x403" \
9303 -s "got named group: secp256r1(0017)" \
9304 -s "Verifying peer X.509 certificate... ok" \
9305 -c "Protocol is TLSv1.3" \
9306 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9307 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9308 -c "NamedGroup: secp256r1 ( 17 )" \
9309 -c "Verifying peer X.509 certificate... ok" \
9310 -C "received HelloRetryRequest message"
9311
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9312requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9313requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9314requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9315requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9316requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9317requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9318requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9319requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9320run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
9321 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9322 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
9323 0 \
9324 -s "Protocol is TLSv1.3" \
9325 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9326 -s "received signature algorithm: 0x503" \
9327 -s "got named group: secp256r1(0017)" \
9328 -s "Verifying peer X.509 certificate... ok" \
9329 -c "Protocol is TLSv1.3" \
9330 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9331 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9332 -c "NamedGroup: secp256r1 ( 17 )" \
9333 -c "Verifying peer X.509 certificate... ok" \
9334 -C "received HelloRetryRequest message"
9335
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9336requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9337requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9338requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9339requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9340requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9341requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9342requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9343requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9344run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
9345 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9346 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
9347 0 \
9348 -s "Protocol is TLSv1.3" \
9349 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9350 -s "received signature algorithm: 0x603" \
9351 -s "got named group: secp256r1(0017)" \
9352 -s "Verifying peer X.509 certificate... ok" \
9353 -c "Protocol is TLSv1.3" \
9354 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9355 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9356 -c "NamedGroup: secp256r1 ( 17 )" \
9357 -c "Verifying peer X.509 certificate... ok" \
9358 -C "received HelloRetryRequest message"
9359
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9360requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9361requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9362requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9363requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9364requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9365requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9366requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9367requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9368requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9369requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9370run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
9371 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9372 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
9373 0 \
9374 -s "Protocol is TLSv1.3" \
9375 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9376 -s "received signature algorithm: 0x804" \
9377 -s "got named group: secp256r1(0017)" \
9378 -s "Verifying peer X.509 certificate... ok" \
9379 -c "Protocol is TLSv1.3" \
9380 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9381 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9382 -c "NamedGroup: secp256r1 ( 17 )" \
9383 -c "Verifying peer X.509 certificate... ok" \
9384 -C "received HelloRetryRequest message"
9385
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9386requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9387requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9388requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9389requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9390requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9391requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9392requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9393requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9394run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
9395 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9396 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
9397 0 \
9398 -s "Protocol is TLSv1.3" \
9399 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9400 -s "received signature algorithm: 0x403" \
9401 -s "got named group: secp384r1(0018)" \
9402 -s "Verifying peer X.509 certificate... ok" \
9403 -c "Protocol is TLSv1.3" \
9404 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9405 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9406 -c "NamedGroup: secp384r1 ( 18 )" \
9407 -c "Verifying peer X.509 certificate... ok" \
9408 -C "received HelloRetryRequest message"
9409
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9410requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9411requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9412requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9413requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9414requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9415requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9416requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9417requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9418run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
9419 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9420 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
9421 0 \
9422 -s "Protocol is TLSv1.3" \
9423 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9424 -s "received signature algorithm: 0x503" \
9425 -s "got named group: secp384r1(0018)" \
9426 -s "Verifying peer X.509 certificate... ok" \
9427 -c "Protocol is TLSv1.3" \
9428 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9429 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9430 -c "NamedGroup: secp384r1 ( 18 )" \
9431 -c "Verifying peer X.509 certificate... ok" \
9432 -C "received HelloRetryRequest message"
9433
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9434requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9435requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9436requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9437requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9438requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9439requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9440requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9441requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9442run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
9443 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9444 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
9445 0 \
9446 -s "Protocol is TLSv1.3" \
9447 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9448 -s "received signature algorithm: 0x603" \
9449 -s "got named group: secp384r1(0018)" \
9450 -s "Verifying peer X.509 certificate... ok" \
9451 -c "Protocol is TLSv1.3" \
9452 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9453 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9454 -c "NamedGroup: secp384r1 ( 18 )" \
9455 -c "Verifying peer X.509 certificate... ok" \
9456 -C "received HelloRetryRequest message"
9457
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9458requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9459requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9460requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9461requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9462requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9463requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9464requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9465requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9466requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9467requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9468run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
9469 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9470 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
9471 0 \
9472 -s "Protocol is TLSv1.3" \
9473 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9474 -s "received signature algorithm: 0x804" \
9475 -s "got named group: secp384r1(0018)" \
9476 -s "Verifying peer X.509 certificate... ok" \
9477 -c "Protocol is TLSv1.3" \
9478 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9479 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9480 -c "NamedGroup: secp384r1 ( 18 )" \
9481 -c "Verifying peer X.509 certificate... ok" \
9482 -C "received HelloRetryRequest message"
9483
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9484requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9485requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9486requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9487requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9488requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9489requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9490requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9491requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9492run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
9493 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9494 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
9495 0 \
9496 -s "Protocol is TLSv1.3" \
9497 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9498 -s "received signature algorithm: 0x403" \
9499 -s "got named group: secp521r1(0019)" \
9500 -s "Verifying peer X.509 certificate... ok" \
9501 -c "Protocol is TLSv1.3" \
9502 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9503 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9504 -c "NamedGroup: secp521r1 ( 19 )" \
9505 -c "Verifying peer X.509 certificate... ok" \
9506 -C "received HelloRetryRequest message"
9507
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9508requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9509requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9510requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9511requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9512requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9513requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9514requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9515requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9516run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
9517 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9518 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
9519 0 \
9520 -s "Protocol is TLSv1.3" \
9521 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9522 -s "received signature algorithm: 0x503" \
9523 -s "got named group: secp521r1(0019)" \
9524 -s "Verifying peer X.509 certificate... ok" \
9525 -c "Protocol is TLSv1.3" \
9526 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9527 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9528 -c "NamedGroup: secp521r1 ( 19 )" \
9529 -c "Verifying peer X.509 certificate... ok" \
9530 -C "received HelloRetryRequest message"
9531
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9532requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9533requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9534requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9535requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9536requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9537requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9538requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9539requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9540run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
9541 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9542 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
9543 0 \
9544 -s "Protocol is TLSv1.3" \
9545 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9546 -s "received signature algorithm: 0x603" \
9547 -s "got named group: secp521r1(0019)" \
9548 -s "Verifying peer X.509 certificate... ok" \
9549 -c "Protocol is TLSv1.3" \
9550 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9551 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9552 -c "NamedGroup: secp521r1 ( 19 )" \
9553 -c "Verifying peer X.509 certificate... ok" \
9554 -C "received HelloRetryRequest message"
9555
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9556requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9557requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9558requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9559requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9560requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9561requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9562requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9563requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9564requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9565requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9566run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
9567 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9568 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
9569 0 \
9570 -s "Protocol is TLSv1.3" \
9571 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9572 -s "received signature algorithm: 0x804" \
9573 -s "got named group: secp521r1(0019)" \
9574 -s "Verifying peer X.509 certificate... ok" \
9575 -c "Protocol is TLSv1.3" \
9576 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9577 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9578 -c "NamedGroup: secp521r1 ( 19 )" \
9579 -c "Verifying peer X.509 certificate... ok" \
9580 -C "received HelloRetryRequest message"
9581
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9582requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9583requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9584requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9585requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9586requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9587requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9588requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9589requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9590run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
9591 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9592 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
9593 0 \
9594 -s "Protocol is TLSv1.3" \
9595 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9596 -s "received signature algorithm: 0x403" \
9597 -s "got named group: x25519(001d)" \
9598 -s "Verifying peer X.509 certificate... ok" \
9599 -c "Protocol is TLSv1.3" \
9600 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9601 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9602 -c "NamedGroup: x25519 ( 1d )" \
9603 -c "Verifying peer X.509 certificate... ok" \
9604 -C "received HelloRetryRequest message"
9605
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9606requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9607requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9608requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9609requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9610requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9611requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9612requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9613requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9614run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
9615 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9616 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
9617 0 \
9618 -s "Protocol is TLSv1.3" \
9619 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9620 -s "received signature algorithm: 0x503" \
9621 -s "got named group: x25519(001d)" \
9622 -s "Verifying peer X.509 certificate... ok" \
9623 -c "Protocol is TLSv1.3" \
9624 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9625 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9626 -c "NamedGroup: x25519 ( 1d )" \
9627 -c "Verifying peer X.509 certificate... ok" \
9628 -C "received HelloRetryRequest message"
9629
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9630requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9631requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9632requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9633requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9634requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9635requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9636requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9637requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9638run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
9639 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9640 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
9641 0 \
9642 -s "Protocol is TLSv1.3" \
9643 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9644 -s "received signature algorithm: 0x603" \
9645 -s "got named group: x25519(001d)" \
9646 -s "Verifying peer X.509 certificate... ok" \
9647 -c "Protocol is TLSv1.3" \
9648 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9649 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9650 -c "NamedGroup: x25519 ( 1d )" \
9651 -c "Verifying peer X.509 certificate... ok" \
9652 -C "received HelloRetryRequest message"
9653
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9654requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9655requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9656requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9657requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9658requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9659requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9660requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9661requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9662requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9663requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9664run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
9665 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9666 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
9667 0 \
9668 -s "Protocol is TLSv1.3" \
9669 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9670 -s "received signature algorithm: 0x804" \
9671 -s "got named group: x25519(001d)" \
9672 -s "Verifying peer X.509 certificate... ok" \
9673 -c "Protocol is TLSv1.3" \
9674 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9675 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9676 -c "NamedGroup: x25519 ( 1d )" \
9677 -c "Verifying peer X.509 certificate... ok" \
9678 -C "received HelloRetryRequest message"
9679
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9680requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9681requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9682requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9683requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9684requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9685requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9686requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9687requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9688run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
9689 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9690 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
9691 0 \
9692 -s "Protocol is TLSv1.3" \
9693 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9694 -s "received signature algorithm: 0x403" \
9695 -s "got named group: x448(001e)" \
9696 -s "Verifying peer X.509 certificate... ok" \
9697 -c "Protocol is TLSv1.3" \
9698 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9699 -c "Certificate Verify: Signature algorithm ( 0403 )" \
9700 -c "NamedGroup: x448 ( 1e )" \
9701 -c "Verifying peer X.509 certificate... ok" \
9702 -C "received HelloRetryRequest message"
9703
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9704requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9705requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9706requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9707requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9708requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9709requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9710requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9711requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9712run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
9713 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9714 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
9715 0 \
9716 -s "Protocol is TLSv1.3" \
9717 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9718 -s "received signature algorithm: 0x503" \
9719 -s "got named group: x448(001e)" \
9720 -s "Verifying peer X.509 certificate... ok" \
9721 -c "Protocol is TLSv1.3" \
9722 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9723 -c "Certificate Verify: Signature algorithm ( 0503 )" \
9724 -c "NamedGroup: x448 ( 1e )" \
9725 -c "Verifying peer X.509 certificate... ok" \
9726 -C "received HelloRetryRequest message"
9727
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9728requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9729requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9730requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9731requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9732requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9733requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9734requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9735requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9736run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
9737 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9738 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
9739 0 \
9740 -s "Protocol is TLSv1.3" \
9741 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9742 -s "received signature algorithm: 0x603" \
9743 -s "got named group: x448(001e)" \
9744 -s "Verifying peer X.509 certificate... ok" \
9745 -c "Protocol is TLSv1.3" \
9746 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9747 -c "Certificate Verify: Signature algorithm ( 0603 )" \
9748 -c "NamedGroup: x448 ( 1e )" \
9749 -c "Verifying peer X.509 certificate... ok" \
9750 -C "received HelloRetryRequest message"
9751
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]9752requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9753requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9754requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9755requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9756requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9757requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9758requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]9759requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9760requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9761requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
9762run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
9763 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 force_version=tls13 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9764 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
9765 0 \
9766 -s "Protocol is TLSv1.3" \
9767 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
9768 -s "received signature algorithm: 0x804" \
9769 -s "got named group: x448(001e)" \
9770 -s "Verifying peer X.509 certificate... ok" \
9771 -c "Protocol is TLSv1.3" \
9772 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
9773 -c "Certificate Verify: Signature algorithm ( 0804 )" \
9774 -c "NamedGroup: x448 ( 1e )" \
9775 -c "Verifying peer X.509 certificate... ok" \
9776 -C "received HelloRetryRequest message"
9777
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9778requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]9779requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]9780requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9781requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9782requires_openssl_tls1_3
9783run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \
9784 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9785 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9786 0 \
9787 -s "Protocol is TLSv1.3" \
9788 -s "got named group: secp384r1(0018)" \
9789 -s "Verifying peer X.509 certificate... ok" \
9790 -s "HTTP/1.0 200 OK" \
9791 -s "HRR selected_group: secp384r1"
9792
9793requires_config_enabled MBEDTLS_SSL_SRV_C
9794requires_config_enabled MBEDTLS_DEBUG_C
9795requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9796requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9797requires_openssl_tls1_3
9798run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \
9799 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9800 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9801 0 \
9802 -s "Protocol is TLSv1.3" \
9803 -s "got named group: secp521r1(0019)" \
9804 -s "Verifying peer X.509 certificate... ok" \
9805 -s "HTTP/1.0 200 OK" \
9806 -s "HRR selected_group: secp521r1"
9807
9808requires_config_enabled MBEDTLS_SSL_SRV_C
9809requires_config_enabled MBEDTLS_DEBUG_C
9810requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9811requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9812requires_openssl_tls1_3
9813run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \
9814 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9815 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9816 0 \
9817 -s "Protocol is TLSv1.3" \
9818 -s "got named group: x25519(001d)" \
9819 -s "Verifying peer X.509 certificate... ok" \
9820 -s "HTTP/1.0 200 OK" \
9821 -s "HRR selected_group: x25519"
9822
9823requires_config_enabled MBEDTLS_SSL_SRV_C
9824requires_config_enabled MBEDTLS_DEBUG_C
9825requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9826requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9827requires_openssl_tls1_3
9828run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \
9829 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9830 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9831 0 \
9832 -s "Protocol is TLSv1.3" \
9833 -s "got named group: x448(001e)" \
9834 -s "Verifying peer X.509 certificate... ok" \
9835 -s "HTTP/1.0 200 OK" \
9836 -s "HRR selected_group: x448"
9837
9838requires_config_enabled MBEDTLS_SSL_SRV_C
9839requires_config_enabled MBEDTLS_DEBUG_C
9840requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9841requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9842requires_openssl_tls1_3
9843run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \
9844 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9845 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9846 0 \
9847 -s "Protocol is TLSv1.3" \
9848 -s "got named group: secp256r1(0017)" \
9849 -s "Verifying peer X.509 certificate... ok" \
9850 -s "HTTP/1.0 200 OK" \
9851 -s "HRR selected_group: secp256r1"
9852
9853requires_config_enabled MBEDTLS_SSL_SRV_C
9854requires_config_enabled MBEDTLS_DEBUG_C
9855requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9856requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9857requires_openssl_tls1_3
9858run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \
9859 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9860 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9861 0 \
9862 -s "Protocol is TLSv1.3" \
9863 -s "got named group: secp521r1(0019)" \
9864 -s "Verifying peer X.509 certificate... ok" \
9865 -s "HTTP/1.0 200 OK" \
9866 -s "HRR selected_group: secp521r1"
9867
9868requires_config_enabled MBEDTLS_SSL_SRV_C
9869requires_config_enabled MBEDTLS_DEBUG_C
9870requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9871requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9872requires_openssl_tls1_3
9873run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \
9874 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9875 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9876 0 \
9877 -s "Protocol is TLSv1.3" \
9878 -s "got named group: x25519(001d)" \
9879 -s "Verifying peer X.509 certificate... ok" \
9880 -s "HTTP/1.0 200 OK" \
9881 -s "HRR selected_group: x25519"
9882
9883requires_config_enabled MBEDTLS_SSL_SRV_C
9884requires_config_enabled MBEDTLS_DEBUG_C
9885requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9886requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9887requires_openssl_tls1_3
9888run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \
9889 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9890 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9891 0 \
9892 -s "Protocol is TLSv1.3" \
9893 -s "got named group: x448(001e)" \
9894 -s "Verifying peer X.509 certificate... ok" \
9895 -s "HTTP/1.0 200 OK" \
9896 -s "HRR selected_group: x448"
9897
9898requires_config_enabled MBEDTLS_SSL_SRV_C
9899requires_config_enabled MBEDTLS_DEBUG_C
9900requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9901requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9902requires_openssl_tls1_3
9903run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \
9904 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9905 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9906 0 \
9907 -s "Protocol is TLSv1.3" \
9908 -s "got named group: secp256r1(0017)" \
9909 -s "Verifying peer X.509 certificate... ok" \
9910 -s "HTTP/1.0 200 OK" \
9911 -s "HRR selected_group: secp256r1"
9912
9913requires_config_enabled MBEDTLS_SSL_SRV_C
9914requires_config_enabled MBEDTLS_DEBUG_C
9915requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9916requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9917requires_openssl_tls1_3
9918run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \
9919 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9920 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9921 0 \
9922 -s "Protocol is TLSv1.3" \
9923 -s "got named group: secp384r1(0018)" \
9924 -s "Verifying peer X.509 certificate... ok" \
9925 -s "HTTP/1.0 200 OK" \
9926 -s "HRR selected_group: secp384r1"
9927
9928requires_config_enabled MBEDTLS_SSL_SRV_C
9929requires_config_enabled MBEDTLS_DEBUG_C
9930requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9931requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9932requires_openssl_tls1_3
9933run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \
9934 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9935 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9936 0 \
9937 -s "Protocol is TLSv1.3" \
9938 -s "got named group: x25519(001d)" \
9939 -s "Verifying peer X.509 certificate... ok" \
9940 -s "HTTP/1.0 200 OK" \
9941 -s "HRR selected_group: x25519"
9942
9943requires_config_enabled MBEDTLS_SSL_SRV_C
9944requires_config_enabled MBEDTLS_DEBUG_C
9945requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9946requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9947requires_openssl_tls1_3
9948run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \
9949 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9950 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9951 0 \
9952 -s "Protocol is TLSv1.3" \
9953 -s "got named group: x448(001e)" \
9954 -s "Verifying peer X.509 certificate... ok" \
9955 -s "HTTP/1.0 200 OK" \
9956 -s "HRR selected_group: x448"
9957
9958requires_config_enabled MBEDTLS_SSL_SRV_C
9959requires_config_enabled MBEDTLS_DEBUG_C
9960requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9961requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9962requires_openssl_tls1_3
9963run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \
9964 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9965 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9966 0 \
9967 -s "Protocol is TLSv1.3" \
9968 -s "got named group: secp256r1(0017)" \
9969 -s "Verifying peer X.509 certificate... ok" \
9970 -s "HTTP/1.0 200 OK" \
9971 -s "HRR selected_group: secp256r1"
9972
9973requires_config_enabled MBEDTLS_SSL_SRV_C
9974requires_config_enabled MBEDTLS_DEBUG_C
9975requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9976requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9977requires_openssl_tls1_3
9978run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \
9979 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9980 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9981 0 \
9982 -s "Protocol is TLSv1.3" \
9983 -s "got named group: secp384r1(0018)" \
9984 -s "Verifying peer X.509 certificate... ok" \
9985 -s "HTTP/1.0 200 OK" \
9986 -s "HRR selected_group: secp384r1"
9987
9988requires_config_enabled MBEDTLS_SSL_SRV_C
9989requires_config_enabled MBEDTLS_DEBUG_C
9990requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9991requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
9992requires_openssl_tls1_3
9993run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \
9994 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
9995 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
9996 0 \
9997 -s "Protocol is TLSv1.3" \
9998 -s "got named group: secp521r1(0019)" \
9999 -s "Verifying peer X.509 certificate... ok" \
10000 -s "HTTP/1.0 200 OK" \
10001 -s "HRR selected_group: secp521r1"
10002
10003requires_config_enabled MBEDTLS_SSL_SRV_C
10004requires_config_enabled MBEDTLS_DEBUG_C
10005requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10006requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10007requires_openssl_tls1_3
10008run_test "TLS 1.3 O->m: HRR x25519 -> x448" \
10009 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10010 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519:X448 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
10011 0 \
10012 -s "Protocol is TLSv1.3" \
10013 -s "got named group: x448(001e)" \
10014 -s "Verifying peer X.509 certificate... ok" \
10015 -s "HTTP/1.0 200 OK" \
10016 -s "HRR selected_group: x448"
10017
10018requires_config_enabled MBEDTLS_SSL_SRV_C
10019requires_config_enabled MBEDTLS_DEBUG_C
10020requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10021requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10022requires_openssl_tls1_3
10023run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \
10024 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10025 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-256 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
10026 0 \
10027 -s "Protocol is TLSv1.3" \
10028 -s "got named group: secp256r1(0017)" \
10029 -s "Verifying peer X.509 certificate... ok" \
10030 -s "HTTP/1.0 200 OK" \
10031 -s "HRR selected_group: secp256r1"
10032
10033requires_config_enabled MBEDTLS_SSL_SRV_C
10034requires_config_enabled MBEDTLS_DEBUG_C
10035requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10036requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10037requires_openssl_tls1_3
10038run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \
10039 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10040 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-384 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
10041 0 \
10042 -s "Protocol is TLSv1.3" \
10043 -s "got named group: secp384r1(0018)" \
10044 -s "Verifying peer X.509 certificate... ok" \
10045 -s "HTTP/1.0 200 OK" \
10046 -s "HRR selected_group: secp384r1"
10047
10048requires_config_enabled MBEDTLS_SSL_SRV_C
10049requires_config_enabled MBEDTLS_DEBUG_C
10050requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10051requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10052requires_openssl_tls1_3
10053run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \
10054 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10055 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:P-521 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
10056 0 \
10057 -s "Protocol is TLSv1.3" \
10058 -s "got named group: secp521r1(0019)" \
10059 -s "Verifying peer X.509 certificate... ok" \
10060 -s "HTTP/1.0 200 OK" \
10061 -s "HRR selected_group: secp521r1"
10062
10063requires_config_enabled MBEDTLS_SSL_SRV_C
10064requires_config_enabled MBEDTLS_DEBUG_C
10065requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10066requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10067requires_openssl_tls1_3
10068run_test "TLS 1.3 O->m: HRR x448 -> x25519" \
10069 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10070 "$O_NEXT_CLI_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448:X25519 -msg -tls1_3 -CAfile data_files/test-ca2.crt" \
10071 0 \
10072 -s "Protocol is TLSv1.3" \
10073 -s "got named group: x25519(001d)" \
10074 -s "Verifying peer X.509 certificate... ok" \
10075 -s "HTTP/1.0 200 OK" \
10076 -s "HRR selected_group: x25519"
10077
10078requires_config_enabled MBEDTLS_SSL_SRV_C
10079requires_config_enabled MBEDTLS_DEBUG_C
10080requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10081requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10082requires_gnutls_tls1_3
10083requires_gnutls_next_no_ticket
10084requires_gnutls_next_disable_tls13_compat
10085run_test "TLS 1.3 G->m: HRR secp256r1 -> secp384r1" \
10086 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10087 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10088 0 \
10089 -s "Protocol is TLSv1.3" \
10090 -s "got named group: secp384r1(0018)" \
10091 -s "Verifying peer X.509 certificate... ok" \
10092 -c "HTTP/1.0 200 OK" \
10093 -s "HRR selected_group: secp384r1"
10094
10095requires_config_enabled MBEDTLS_SSL_SRV_C
10096requires_config_enabled MBEDTLS_DEBUG_C
10097requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10098requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10099requires_gnutls_tls1_3
10100requires_gnutls_next_no_ticket
10101requires_gnutls_next_disable_tls13_compat
10102run_test "TLS 1.3 G->m: HRR secp256r1 -> secp521r1" \
10103 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10104 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10105 0 \
10106 -s "Protocol is TLSv1.3" \
10107 -s "got named group: secp521r1(0019)" \
10108 -s "Verifying peer X.509 certificate... ok" \
10109 -c "HTTP/1.0 200 OK" \
10110 -s "HRR selected_group: secp521r1"
10111
10112requires_config_enabled MBEDTLS_SSL_SRV_C
10113requires_config_enabled MBEDTLS_DEBUG_C
10114requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10115requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10116requires_gnutls_tls1_3
10117requires_gnutls_next_no_ticket
10118requires_gnutls_next_disable_tls13_compat
10119run_test "TLS 1.3 G->m: HRR secp256r1 -> x25519" \
10120 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10121 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10122 0 \
10123 -s "Protocol is TLSv1.3" \
10124 -s "got named group: x25519(001d)" \
10125 -s "Verifying peer X.509 certificate... ok" \
10126 -c "HTTP/1.0 200 OK" \
10127 -s "HRR selected_group: x25519"
10128
10129requires_config_enabled MBEDTLS_SSL_SRV_C
10130requires_config_enabled MBEDTLS_DEBUG_C
10131requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10132requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10133requires_gnutls_tls1_3
10134requires_gnutls_next_no_ticket
10135requires_gnutls_next_disable_tls13_compat
10136run_test "TLS 1.3 G->m: HRR secp256r1 -> x448" \
10137 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10138 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10139 0 \
10140 -s "Protocol is TLSv1.3" \
10141 -s "got named group: x448(001e)" \
10142 -s "Verifying peer X.509 certificate... ok" \
10143 -c "HTTP/1.0 200 OK" \
10144 -s "HRR selected_group: x448"
10145
10146requires_config_enabled MBEDTLS_SSL_SRV_C
10147requires_config_enabled MBEDTLS_DEBUG_C
10148requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10149requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10150requires_gnutls_tls1_3
10151requires_gnutls_next_no_ticket
10152requires_gnutls_next_disable_tls13_compat
10153run_test "TLS 1.3 G->m: HRR secp384r1 -> secp256r1" \
10154 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10155 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10156 0 \
10157 -s "Protocol is TLSv1.3" \
10158 -s "got named group: secp256r1(0017)" \
10159 -s "Verifying peer X.509 certificate... ok" \
10160 -c "HTTP/1.0 200 OK" \
10161 -s "HRR selected_group: secp256r1"
10162
10163requires_config_enabled MBEDTLS_SSL_SRV_C
10164requires_config_enabled MBEDTLS_DEBUG_C
10165requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10166requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10167requires_gnutls_tls1_3
10168requires_gnutls_next_no_ticket
10169requires_gnutls_next_disable_tls13_compat
10170run_test "TLS 1.3 G->m: HRR secp384r1 -> secp521r1" \
10171 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10172 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10173 0 \
10174 -s "Protocol is TLSv1.3" \
10175 -s "got named group: secp521r1(0019)" \
10176 -s "Verifying peer X.509 certificate... ok" \
10177 -c "HTTP/1.0 200 OK" \
10178 -s "HRR selected_group: secp521r1"
10179
10180requires_config_enabled MBEDTLS_SSL_SRV_C
10181requires_config_enabled MBEDTLS_DEBUG_C
10182requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10183requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10184requires_gnutls_tls1_3
10185requires_gnutls_next_no_ticket
10186requires_gnutls_next_disable_tls13_compat
10187run_test "TLS 1.3 G->m: HRR secp384r1 -> x25519" \
10188 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10189 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10190 0 \
10191 -s "Protocol is TLSv1.3" \
10192 -s "got named group: x25519(001d)" \
10193 -s "Verifying peer X.509 certificate... ok" \
10194 -c "HTTP/1.0 200 OK" \
10195 -s "HRR selected_group: x25519"
10196
10197requires_config_enabled MBEDTLS_SSL_SRV_C
10198requires_config_enabled MBEDTLS_DEBUG_C
10199requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10200requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10201requires_gnutls_tls1_3
10202requires_gnutls_next_no_ticket
10203requires_gnutls_next_disable_tls13_compat
10204run_test "TLS 1.3 G->m: HRR secp384r1 -> x448" \
10205 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10206 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10207 0 \
10208 -s "Protocol is TLSv1.3" \
10209 -s "got named group: x448(001e)" \
10210 -s "Verifying peer X.509 certificate... ok" \
10211 -c "HTTP/1.0 200 OK" \
10212 -s "HRR selected_group: x448"
10213
10214requires_config_enabled MBEDTLS_SSL_SRV_C
10215requires_config_enabled MBEDTLS_DEBUG_C
10216requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10217requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10218requires_gnutls_tls1_3
10219requires_gnutls_next_no_ticket
10220requires_gnutls_next_disable_tls13_compat
10221run_test "TLS 1.3 G->m: HRR secp521r1 -> secp256r1" \
10222 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10223 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10224 0 \
10225 -s "Protocol is TLSv1.3" \
10226 -s "got named group: secp256r1(0017)" \
10227 -s "Verifying peer X.509 certificate... ok" \
10228 -c "HTTP/1.0 200 OK" \
10229 -s "HRR selected_group: secp256r1"
10230
10231requires_config_enabled MBEDTLS_SSL_SRV_C
10232requires_config_enabled MBEDTLS_DEBUG_C
10233requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10234requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10235requires_gnutls_tls1_3
10236requires_gnutls_next_no_ticket
10237requires_gnutls_next_disable_tls13_compat
10238run_test "TLS 1.3 G->m: HRR secp521r1 -> secp384r1" \
10239 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10240 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10241 0 \
10242 -s "Protocol is TLSv1.3" \
10243 -s "got named group: secp384r1(0018)" \
10244 -s "Verifying peer X.509 certificate... ok" \
10245 -c "HTTP/1.0 200 OK" \
10246 -s "HRR selected_group: secp384r1"
10247
10248requires_config_enabled MBEDTLS_SSL_SRV_C
10249requires_config_enabled MBEDTLS_DEBUG_C
10250requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10251requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10252requires_gnutls_tls1_3
10253requires_gnutls_next_no_ticket
10254requires_gnutls_next_disable_tls13_compat
10255run_test "TLS 1.3 G->m: HRR secp521r1 -> x25519" \
10256 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10257 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10258 0 \
10259 -s "Protocol is TLSv1.3" \
10260 -s "got named group: x25519(001d)" \
10261 -s "Verifying peer X.509 certificate... ok" \
10262 -c "HTTP/1.0 200 OK" \
10263 -s "HRR selected_group: x25519"
10264
10265requires_config_enabled MBEDTLS_SSL_SRV_C
10266requires_config_enabled MBEDTLS_DEBUG_C
10267requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10268requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10269requires_gnutls_tls1_3
10270requires_gnutls_next_no_ticket
10271requires_gnutls_next_disable_tls13_compat
10272run_test "TLS 1.3 G->m: HRR secp521r1 -> x448" \
10273 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10274 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10275 0 \
10276 -s "Protocol is TLSv1.3" \
10277 -s "got named group: x448(001e)" \
10278 -s "Verifying peer X.509 certificate... ok" \
10279 -c "HTTP/1.0 200 OK" \
10280 -s "HRR selected_group: x448"
10281
10282requires_config_enabled MBEDTLS_SSL_SRV_C
10283requires_config_enabled MBEDTLS_DEBUG_C
10284requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10285requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10286requires_gnutls_tls1_3
10287requires_gnutls_next_no_ticket
10288requires_gnutls_next_disable_tls13_compat
10289run_test "TLS 1.3 G->m: HRR x25519 -> secp256r1" \
10290 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10291 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10292 0 \
10293 -s "Protocol is TLSv1.3" \
10294 -s "got named group: secp256r1(0017)" \
10295 -s "Verifying peer X.509 certificate... ok" \
10296 -c "HTTP/1.0 200 OK" \
10297 -s "HRR selected_group: secp256r1"
10298
10299requires_config_enabled MBEDTLS_SSL_SRV_C
10300requires_config_enabled MBEDTLS_DEBUG_C
10301requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10302requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10303requires_gnutls_tls1_3
10304requires_gnutls_next_no_ticket
10305requires_gnutls_next_disable_tls13_compat
10306run_test "TLS 1.3 G->m: HRR x25519 -> secp384r1" \
10307 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10308 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10309 0 \
10310 -s "Protocol is TLSv1.3" \
10311 -s "got named group: secp384r1(0018)" \
10312 -s "Verifying peer X.509 certificate... ok" \
10313 -c "HTTP/1.0 200 OK" \
10314 -s "HRR selected_group: secp384r1"
10315
10316requires_config_enabled MBEDTLS_SSL_SRV_C
10317requires_config_enabled MBEDTLS_DEBUG_C
10318requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10319requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10320requires_gnutls_tls1_3
10321requires_gnutls_next_no_ticket
10322requires_gnutls_next_disable_tls13_compat
10323run_test "TLS 1.3 G->m: HRR x25519 -> secp521r1" \
10324 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10325 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10326 0 \
10327 -s "Protocol is TLSv1.3" \
10328 -s "got named group: secp521r1(0019)" \
10329 -s "Verifying peer X.509 certificate... ok" \
10330 -c "HTTP/1.0 200 OK" \
10331 -s "HRR selected_group: secp521r1"
10332
10333requires_config_enabled MBEDTLS_SSL_SRV_C
10334requires_config_enabled MBEDTLS_DEBUG_C
10335requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10336requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10337requires_gnutls_tls1_3
10338requires_gnutls_next_no_ticket
10339requires_gnutls_next_disable_tls13_compat
10340run_test "TLS 1.3 G->m: HRR x25519 -> x448" \
10341 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10342 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10343 0 \
10344 -s "Protocol is TLSv1.3" \
10345 -s "got named group: x448(001e)" \
10346 -s "Verifying peer X.509 certificate... ok" \
10347 -c "HTTP/1.0 200 OK" \
10348 -s "HRR selected_group: x448"
10349
10350requires_config_enabled MBEDTLS_SSL_SRV_C
10351requires_config_enabled MBEDTLS_DEBUG_C
10352requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10353requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10354requires_gnutls_tls1_3
10355requires_gnutls_next_no_ticket
10356requires_gnutls_next_disable_tls13_compat
10357run_test "TLS 1.3 G->m: HRR x448 -> secp256r1" \
10358 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10359 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10360 0 \
10361 -s "Protocol is TLSv1.3" \
10362 -s "got named group: secp256r1(0017)" \
10363 -s "Verifying peer X.509 certificate... ok" \
10364 -c "HTTP/1.0 200 OK" \
10365 -s "HRR selected_group: secp256r1"
10366
10367requires_config_enabled MBEDTLS_SSL_SRV_C
10368requires_config_enabled MBEDTLS_DEBUG_C
10369requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10370requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10371requires_gnutls_tls1_3
10372requires_gnutls_next_no_ticket
10373requires_gnutls_next_disable_tls13_compat
10374run_test "TLS 1.3 G->m: HRR x448 -> secp384r1" \
10375 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10376 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10377 0 \
10378 -s "Protocol is TLSv1.3" \
10379 -s "got named group: secp384r1(0018)" \
10380 -s "Verifying peer X.509 certificate... ok" \
10381 -c "HTTP/1.0 200 OK" \
10382 -s "HRR selected_group: secp384r1"
10383
10384requires_config_enabled MBEDTLS_SSL_SRV_C
10385requires_config_enabled MBEDTLS_DEBUG_C
10386requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10387requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10388requires_gnutls_tls1_3
10389requires_gnutls_next_no_ticket
10390requires_gnutls_next_disable_tls13_compat
10391run_test "TLS 1.3 G->m: HRR x448 -> secp521r1" \
10392 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10393 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10394 0 \
10395 -s "Protocol is TLSv1.3" \
10396 -s "got named group: secp521r1(0019)" \
10397 -s "Verifying peer X.509 certificate... ok" \
10398 -c "HTTP/1.0 200 OK" \
10399 -s "HRR selected_group: secp521r1"
10400
10401requires_config_enabled MBEDTLS_SSL_SRV_C
10402requires_config_enabled MBEDTLS_DEBUG_C
10403requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10404requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10405requires_gnutls_tls1_3
10406requires_gnutls_next_no_ticket
10407requires_gnutls_next_disable_tls13_compat
10408run_test "TLS 1.3 G->m: HRR x448 -> x25519" \
10409 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
10410 "$G_NEXT_CLI_NO_CERT --debug=4 localhost -p $SRV_PORT --single-key-share --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS --x509cafile data_files/test-ca2.crt" \
10411 0 \
10412 -s "Protocol is TLSv1.3" \
10413 -s "got named group: x25519(001d)" \
10414 -s "Verifying peer X.509 certificate... ok" \
10415 -c "HTTP/1.0 200 OK" \
10416 -s "HRR selected_group: x25519"
10417
10418requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10419requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10420requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10421requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10422requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]10423run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10424 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10425 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]10426 0 \
10427 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10428 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]10429 -c "NamedGroup: secp256r1 ( 17 )" \
10430 -c "NamedGroup: secp384r1 ( 18 )" \
10431 -c "Verifying peer X.509 certificate... ok" \
10432 -c "received HelloRetryRequest message" \
10433 -c "selected_group ( 24 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10434
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10435requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10436requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10437requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10438requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10439requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]10440run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10441 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10442 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10443 0 \
10444 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10445 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]10446 -c "NamedGroup: secp256r1 ( 17 )" \
10447 -c "NamedGroup: secp521r1 ( 19 )" \
10448 -c "Verifying peer X.509 certificate... ok" \
10449 -c "received HelloRetryRequest message" \
10450 -c "selected_group ( 25 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10451
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10452requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10453requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10454requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10455requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10456requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]10457run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10458 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10459 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10460 0 \
10461 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10462 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]10463 -c "NamedGroup: secp256r1 ( 17 )" \
10464 -c "NamedGroup: x25519 ( 1d )" \
10465 -c "Verifying peer X.509 certificate... ok" \
10466 -c "received HelloRetryRequest message" \
10467 -c "selected_group ( 29 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10468
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10469requires_openssl_tls1_3
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10470requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10471requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10472requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10473requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]10474run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10475 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10476 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10477 0 \
10478 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10479 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]10480 -c "NamedGroup: secp256r1 ( 17 )" \
10481 -c "NamedGroup: x448 ( 1e )" \
10482 -c "Verifying peer X.509 certificate... ok" \
10483 -c "received HelloRetryRequest message" \
10484 -c "selected_group ( 30 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10485
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10486requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10487requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10488requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10489requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10490requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10491run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10492 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10493 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10494 0 \
10495 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10496 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10497 -c "NamedGroup: secp384r1 ( 18 )" \
10498 -c "NamedGroup: secp256r1 ( 17 )" \
10499 -c "Verifying peer X.509 certificate... ok" \
10500 -c "received HelloRetryRequest message" \
10501 -c "selected_group ( 23 )"
10502
10503requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10504requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10505requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10506requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10507requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10508run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10509 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10510 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10511 0 \
10512 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10513 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10514 -c "NamedGroup: secp384r1 ( 18 )" \
10515 -c "NamedGroup: secp521r1 ( 19 )" \
10516 -c "Verifying peer X.509 certificate... ok" \
10517 -c "received HelloRetryRequest message" \
10518 -c "selected_group ( 25 )"
10519
10520requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10521requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10522requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10523requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10524requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10525run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10526 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10527 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10528 0 \
10529 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10530 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10531 -c "NamedGroup: secp384r1 ( 18 )" \
10532 -c "NamedGroup: x25519 ( 1d )" \
10533 -c "Verifying peer X.509 certificate... ok" \
10534 -c "received HelloRetryRequest message" \
10535 -c "selected_group ( 29 )"
10536
10537requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10538requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10539requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10540requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10541requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10542run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10543 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10544 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10545 0 \
10546 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10547 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10548 -c "NamedGroup: secp384r1 ( 18 )" \
10549 -c "NamedGroup: x448 ( 1e )" \
10550 -c "Verifying peer X.509 certificate... ok" \
10551 -c "received HelloRetryRequest message" \
10552 -c "selected_group ( 30 )"
10553
10554requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10555requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10556requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10557requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10558requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10559run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10560 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10561 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10562 0 \
10563 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10564 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10565 -c "NamedGroup: secp521r1 ( 19 )" \
10566 -c "NamedGroup: secp256r1 ( 17 )" \
10567 -c "Verifying peer X.509 certificate... ok" \
10568 -c "received HelloRetryRequest message" \
10569 -c "selected_group ( 23 )"
10570
10571requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10572requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10573requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10574requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10575requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10576run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10577 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10578 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10579 0 \
10580 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10581 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10582 -c "NamedGroup: secp521r1 ( 19 )" \
10583 -c "NamedGroup: secp384r1 ( 18 )" \
10584 -c "Verifying peer X.509 certificate... ok" \
10585 -c "received HelloRetryRequest message" \
10586 -c "selected_group ( 24 )"
10587
10588requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10589requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10590requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10591requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10592requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10593run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10594 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10595 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10596 0 \
10597 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10598 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10599 -c "NamedGroup: secp521r1 ( 19 )" \
10600 -c "NamedGroup: x25519 ( 1d )" \
10601 -c "Verifying peer X.509 certificate... ok" \
10602 -c "received HelloRetryRequest message" \
10603 -c "selected_group ( 29 )"
10604
10605requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10606requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10607requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10608requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10609requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10610run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10611 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10612 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10613 0 \
10614 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10615 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10616 -c "NamedGroup: secp521r1 ( 19 )" \
10617 -c "NamedGroup: x448 ( 1e )" \
10618 -c "Verifying peer X.509 certificate... ok" \
10619 -c "received HelloRetryRequest message" \
10620 -c "selected_group ( 30 )"
10621
10622requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10623requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10624requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10625requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10626requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10627run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10628 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10629 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10630 0 \
10631 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10632 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10633 -c "NamedGroup: x25519 ( 1d )" \
10634 -c "NamedGroup: secp256r1 ( 17 )" \
10635 -c "Verifying peer X.509 certificate... ok" \
10636 -c "received HelloRetryRequest message" \
10637 -c "selected_group ( 23 )"
10638
10639requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10640requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10641requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10642requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10643requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10644run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10645 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10646 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10647 0 \
10648 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10649 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10650 -c "NamedGroup: x25519 ( 1d )" \
10651 -c "NamedGroup: secp384r1 ( 18 )" \
10652 -c "Verifying peer X.509 certificate... ok" \
10653 -c "received HelloRetryRequest message" \
10654 -c "selected_group ( 24 )"
10655
10656requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10657requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10658requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10659requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10660requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10661run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10662 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10663 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10664 0 \
10665 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10666 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10667 -c "NamedGroup: x25519 ( 1d )" \
10668 -c "NamedGroup: secp521r1 ( 19 )" \
10669 -c "Verifying peer X.509 certificate... ok" \
10670 -c "received HelloRetryRequest message" \
10671 -c "selected_group ( 25 )"
10672
10673requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10674requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10675requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10676requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10677requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10678run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10679 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10680 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10681 0 \
10682 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10683 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10684 -c "NamedGroup: x25519 ( 1d )" \
10685 -c "NamedGroup: x448 ( 1e )" \
10686 -c "Verifying peer X.509 certificate... ok" \
10687 -c "received HelloRetryRequest message" \
10688 -c "selected_group ( 30 )"
10689
10690requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10691requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10692requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10693requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10694requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10695run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10696 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10697 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10698 0 \
10699 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10700 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10701 -c "NamedGroup: x448 ( 1e )" \
10702 -c "NamedGroup: secp256r1 ( 17 )" \
10703 -c "Verifying peer X.509 certificate... ok" \
10704 -c "received HelloRetryRequest message" \
10705 -c "selected_group ( 23 )"
10706
10707requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10708requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10709requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10710requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10711requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10712run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10713 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10714 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10715 0 \
10716 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10717 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10718 -c "NamedGroup: x448 ( 1e )" \
10719 -c "NamedGroup: secp384r1 ( 18 )" \
10720 -c "Verifying peer X.509 certificate... ok" \
10721 -c "received HelloRetryRequest message" \
10722 -c "selected_group ( 24 )"
10723
10724requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10725requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10726requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10727requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10728requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10729run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10730 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10731 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10732 0 \
10733 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10734 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10735 -c "NamedGroup: x448 ( 1e )" \
10736 -c "NamedGroup: secp521r1 ( 19 )" \
10737 -c "Verifying peer X.509 certificate... ok" \
10738 -c "received HelloRetryRequest message" \
10739 -c "selected_group ( 25 )"
10740
10741requires_openssl_tls1_3
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10742requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10743requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10744requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10745requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10746run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]10747 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -accept $SRV_PORT -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10748 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10749 0 \
10750 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10751 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10752 -c "NamedGroup: x448 ( 1e )" \
10753 -c "NamedGroup: x25519 ( 1d )" \
10754 -c "Verifying peer X.509 certificate... ok" \
10755 -c "received HelloRetryRequest message" \
10756 -c "selected_group ( 29 )"
10757
10758requires_gnutls_tls1_3
10759requires_gnutls_next_no_ticket
10760requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10761requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10762requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10763requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10764requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10765run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10766 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10767 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10768 0 \
10769 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10770 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10771 -c "NamedGroup: secp256r1 ( 17 )" \
10772 -c "NamedGroup: secp384r1 ( 18 )" \
10773 -c "Verifying peer X.509 certificate... ok" \
10774 -c "received HelloRetryRequest message" \
10775 -c "selected_group ( 24 )"
10776
10777requires_gnutls_tls1_3
10778requires_gnutls_next_no_ticket
10779requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10780requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10781requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10782requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10783requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10784run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10785 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10786 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10787 0 \
10788 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10789 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10790 -c "NamedGroup: secp256r1 ( 17 )" \
10791 -c "NamedGroup: secp521r1 ( 19 )" \
10792 -c "Verifying peer X.509 certificate... ok" \
10793 -c "received HelloRetryRequest message" \
10794 -c "selected_group ( 25 )"
10795
10796requires_gnutls_tls1_3
10797requires_gnutls_next_no_ticket
10798requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10799requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10800requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10801requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10802requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10803run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10804 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10805 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10806 0 \
10807 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10808 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10809 -c "NamedGroup: secp256r1 ( 17 )" \
10810 -c "NamedGroup: x25519 ( 1d )" \
10811 -c "Verifying peer X.509 certificate... ok" \
10812 -c "received HelloRetryRequest message" \
10813 -c "selected_group ( 29 )"
10814
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10815requires_gnutls_tls1_3
10816requires_gnutls_next_no_ticket
10817requires_gnutls_next_disable_tls13_compat
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10818requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10819requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10820requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10821requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]10822run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10823 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10824 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]10825 0 \
10826 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10827 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]10828 -c "NamedGroup: secp256r1 ( 17 )" \
10829 -c "NamedGroup: x448 ( 1e )" \
10830 -c "Verifying peer X.509 certificate... ok" \
10831 -c "received HelloRetryRequest message" \
10832 -c "selected_group ( 30 )"
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10833
10834requires_gnutls_tls1_3
10835requires_gnutls_next_no_ticket
10836requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10837requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10838requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10839requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10840requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10841run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10842 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10843 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10844 0 \
10845 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10846 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10847 -c "NamedGroup: secp384r1 ( 18 )" \
10848 -c "NamedGroup: secp256r1 ( 17 )" \
10849 -c "Verifying peer X.509 certificate... ok" \
10850 -c "received HelloRetryRequest message" \
10851 -c "selected_group ( 23 )"
10852
10853requires_gnutls_tls1_3
10854requires_gnutls_next_no_ticket
10855requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10856requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10857requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10858requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10859requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10860run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10861 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10862 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10863 0 \
10864 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10865 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10866 -c "NamedGroup: secp384r1 ( 18 )" \
10867 -c "NamedGroup: secp521r1 ( 19 )" \
10868 -c "Verifying peer X.509 certificate... ok" \
10869 -c "received HelloRetryRequest message" \
10870 -c "selected_group ( 25 )"
10871
10872requires_gnutls_tls1_3
10873requires_gnutls_next_no_ticket
10874requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10875requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10876requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10877requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10878requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10879run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10880 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10881 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10882 0 \
10883 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10884 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10885 -c "NamedGroup: secp384r1 ( 18 )" \
10886 -c "NamedGroup: x25519 ( 1d )" \
10887 -c "Verifying peer X.509 certificate... ok" \
10888 -c "received HelloRetryRequest message" \
10889 -c "selected_group ( 29 )"
10890
10891requires_gnutls_tls1_3
10892requires_gnutls_next_no_ticket
10893requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10894requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10895requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10896requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10897requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10898run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10899 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10900 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10901 0 \
10902 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10903 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10904 -c "NamedGroup: secp384r1 ( 18 )" \
10905 -c "NamedGroup: x448 ( 1e )" \
10906 -c "Verifying peer X.509 certificate... ok" \
10907 -c "received HelloRetryRequest message" \
10908 -c "selected_group ( 30 )"
10909
10910requires_gnutls_tls1_3
10911requires_gnutls_next_no_ticket
10912requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10913requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10914requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10915requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10916requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10917run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10918 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10919 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10920 0 \
10921 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10922 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10923 -c "NamedGroup: secp521r1 ( 19 )" \
10924 -c "NamedGroup: secp256r1 ( 17 )" \
10925 -c "Verifying peer X.509 certificate... ok" \
10926 -c "received HelloRetryRequest message" \
10927 -c "selected_group ( 23 )"
10928
10929requires_gnutls_tls1_3
10930requires_gnutls_next_no_ticket
10931requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10932requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10933requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10934requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10935requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10936run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10937 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10938 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10939 0 \
10940 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10941 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10942 -c "NamedGroup: secp521r1 ( 19 )" \
10943 -c "NamedGroup: secp384r1 ( 18 )" \
10944 -c "Verifying peer X.509 certificate... ok" \
10945 -c "received HelloRetryRequest message" \
10946 -c "selected_group ( 24 )"
10947
10948requires_gnutls_tls1_3
10949requires_gnutls_next_no_ticket
10950requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10951requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10952requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10953requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10954requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10955run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10956 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10957 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10958 0 \
10959 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10960 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10961 -c "NamedGroup: secp521r1 ( 19 )" \
10962 -c "NamedGroup: x25519 ( 1d )" \
10963 -c "Verifying peer X.509 certificate... ok" \
10964 -c "received HelloRetryRequest message" \
10965 -c "selected_group ( 29 )"
10966
10967requires_gnutls_tls1_3
10968requires_gnutls_next_no_ticket
10969requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10970requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10971requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10972requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10973requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10974run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10975 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10976 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10977 0 \
10978 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10979 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10980 -c "NamedGroup: secp521r1 ( 19 )" \
10981 -c "NamedGroup: x448 ( 1e )" \
10982 -c "Verifying peer X.509 certificate... ok" \
10983 -c "received HelloRetryRequest message" \
10984 -c "selected_group ( 30 )"
10985
10986requires_gnutls_tls1_3
10987requires_gnutls_next_no_ticket
10988requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10989requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]10990requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10991requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
10992requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10993run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]10994 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10995 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10996 0 \
10997 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]10998 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]10999 -c "NamedGroup: x25519 ( 1d )" \
11000 -c "NamedGroup: secp256r1 ( 17 )" \
11001 -c "Verifying peer X.509 certificate... ok" \
11002 -c "received HelloRetryRequest message" \
11003 -c "selected_group ( 23 )"
11004
11005requires_gnutls_tls1_3
11006requires_gnutls_next_no_ticket
11007requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11008requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11009requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11010requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11011requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11012run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11013 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11014 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11015 0 \
11016 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11017 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11018 -c "NamedGroup: x25519 ( 1d )" \
11019 -c "NamedGroup: secp384r1 ( 18 )" \
11020 -c "Verifying peer X.509 certificate... ok" \
11021 -c "received HelloRetryRequest message" \
11022 -c "selected_group ( 24 )"
11023
11024requires_gnutls_tls1_3
11025requires_gnutls_next_no_ticket
11026requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11027requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11028requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11029requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11030requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11031run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11032 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11033 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11034 0 \
11035 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11036 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11037 -c "NamedGroup: x25519 ( 1d )" \
11038 -c "NamedGroup: secp521r1 ( 19 )" \
11039 -c "Verifying peer X.509 certificate... ok" \
11040 -c "received HelloRetryRequest message" \
11041 -c "selected_group ( 25 )"
11042
11043requires_gnutls_tls1_3
11044requires_gnutls_next_no_ticket
11045requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11046requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11047requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11048requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11049requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11050run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11051 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11052 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11053 0 \
11054 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11055 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11056 -c "NamedGroup: x25519 ( 1d )" \
11057 -c "NamedGroup: x448 ( 1e )" \
11058 -c "Verifying peer X.509 certificate... ok" \
11059 -c "received HelloRetryRequest message" \
11060 -c "selected_group ( 30 )"
11061
11062requires_gnutls_tls1_3
11063requires_gnutls_next_no_ticket
11064requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11065requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11066requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11067requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11068requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11069run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11070 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11071 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11072 0 \
11073 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11074 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11075 -c "NamedGroup: x448 ( 1e )" \
11076 -c "NamedGroup: secp256r1 ( 17 )" \
11077 -c "Verifying peer X.509 certificate... ok" \
11078 -c "received HelloRetryRequest message" \
11079 -c "selected_group ( 23 )"
11080
11081requires_gnutls_tls1_3
11082requires_gnutls_next_no_ticket
11083requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11084requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11085requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11086requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11087requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11088run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11089 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11090 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11091 0 \
11092 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11093 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11094 -c "NamedGroup: x448 ( 1e )" \
11095 -c "NamedGroup: secp384r1 ( 18 )" \
11096 -c "Verifying peer X.509 certificate... ok" \
11097 -c "received HelloRetryRequest message" \
11098 -c "selected_group ( 24 )"
11099
11100requires_gnutls_tls1_3
11101requires_gnutls_next_no_ticket
11102requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11103requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11104requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11105requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11106requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11107run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11108 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11109 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11110 0 \
11111 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11112 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11113 -c "NamedGroup: x448 ( 1e )" \
11114 -c "NamedGroup: secp521r1 ( 19 )" \
11115 -c "Verifying peer X.509 certificate... ok" \
11116 -c "received HelloRetryRequest message" \
11117 -c "selected_group ( 25 )"
11118
11119requires_gnutls_tls1_3
11120requires_gnutls_next_no_ticket
11121requires_gnutls_next_disable_tls13_compat
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11122requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11123requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11124requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11125requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11126run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11127 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11128 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11129 0 \
11130 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]11131 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]11132 -c "NamedGroup: x448 ( 1e )" \
11133 -c "NamedGroup: x25519 ( 1d )" \
11134 -c "Verifying peer X.509 certificate... ok" \
11135 -c "received HelloRetryRequest message" \
11136 -c "selected_group ( 29 )"
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11137
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11138requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11139requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11140requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11141requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11142requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11143requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11144requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11145requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11146run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \
11147 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11148 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
11149 0 \
11150 -s "Protocol is TLSv1.3" \
11151 -s "got named group: secp384r1(0018)" \
11152 -s "Verifying peer X.509 certificate... ok" \
11153 -c "Protocol is TLSv1.3" \
11154 -c "NamedGroup: secp256r1 ( 17 )" \
11155 -c "NamedGroup: secp384r1 ( 18 )" \
11156 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11157 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11158 -c "received HelloRetryRequest message" \
11159 -c "selected_group ( 24 )"
11160
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11161requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11162requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11163requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11164requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11165requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11166requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11167requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11168requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11169run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \
11170 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11171 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
11172 0 \
11173 -s "Protocol is TLSv1.3" \
11174 -s "got named group: secp521r1(0019)" \
11175 -s "Verifying peer X.509 certificate... ok" \
11176 -c "Protocol is TLSv1.3" \
11177 -c "NamedGroup: secp256r1 ( 17 )" \
11178 -c "NamedGroup: secp521r1 ( 19 )" \
11179 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11180 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11181 -c "received HelloRetryRequest message" \
11182 -c "selected_group ( 25 )"
11183
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11184requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11185requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11186requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11188requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11189requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11190requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11191requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11192run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \
11193 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11194 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
11195 0 \
11196 -s "Protocol is TLSv1.3" \
11197 -s "got named group: x25519(001d)" \
11198 -s "Verifying peer X.509 certificate... ok" \
11199 -c "Protocol is TLSv1.3" \
11200 -c "NamedGroup: secp256r1 ( 17 )" \
11201 -c "NamedGroup: x25519 ( 1d )" \
11202 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11203 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11204 -c "received HelloRetryRequest message" \
11205 -c "selected_group ( 29 )"
11206
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11207requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11208requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11209requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11210requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11211requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11212requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11213requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11214requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11215run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \
11216 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11217 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
11218 0 \
11219 -s "Protocol is TLSv1.3" \
11220 -s "got named group: x448(001e)" \
11221 -s "Verifying peer X.509 certificate... ok" \
11222 -c "Protocol is TLSv1.3" \
11223 -c "NamedGroup: secp256r1 ( 17 )" \
11224 -c "NamedGroup: x448 ( 1e )" \
11225 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11226 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11227 -c "received HelloRetryRequest message" \
11228 -c "selected_group ( 30 )"
11229
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11230requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11231requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11232requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11233requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11234requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11235requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11236requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11237requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11238run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \
11239 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11240 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
11241 0 \
11242 -s "Protocol is TLSv1.3" \
11243 -s "got named group: secp256r1(0017)" \
11244 -s "Verifying peer X.509 certificate... ok" \
11245 -c "Protocol is TLSv1.3" \
11246 -c "NamedGroup: secp384r1 ( 18 )" \
11247 -c "NamedGroup: secp256r1 ( 17 )" \
11248 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11249 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11250 -c "received HelloRetryRequest message" \
11251 -c "selected_group ( 23 )"
11252
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11253requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11254requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11255requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11257requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11258requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11259requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11260requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11261run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \
11262 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11263 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
11264 0 \
11265 -s "Protocol is TLSv1.3" \
11266 -s "got named group: secp521r1(0019)" \
11267 -s "Verifying peer X.509 certificate... ok" \
11268 -c "Protocol is TLSv1.3" \
11269 -c "NamedGroup: secp384r1 ( 18 )" \
11270 -c "NamedGroup: secp521r1 ( 19 )" \
11271 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11272 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11273 -c "received HelloRetryRequest message" \
11274 -c "selected_group ( 25 )"
11275
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11276requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11277requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11278requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11279requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11280requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11281requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11282requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11283requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11284run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \
11285 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11286 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
11287 0 \
11288 -s "Protocol is TLSv1.3" \
11289 -s "got named group: x25519(001d)" \
11290 -s "Verifying peer X.509 certificate... ok" \
11291 -c "Protocol is TLSv1.3" \
11292 -c "NamedGroup: secp384r1 ( 18 )" \
11293 -c "NamedGroup: x25519 ( 1d )" \
11294 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11295 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11296 -c "received HelloRetryRequest message" \
11297 -c "selected_group ( 29 )"
11298
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11299requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11300requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11301requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11302requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11303requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11304requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11305requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11306requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11307run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \
11308 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11309 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
11310 0 \
11311 -s "Protocol is TLSv1.3" \
11312 -s "got named group: x448(001e)" \
11313 -s "Verifying peer X.509 certificate... ok" \
11314 -c "Protocol is TLSv1.3" \
11315 -c "NamedGroup: secp384r1 ( 18 )" \
11316 -c "NamedGroup: x448 ( 1e )" \
11317 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11318 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11319 -c "received HelloRetryRequest message" \
11320 -c "selected_group ( 30 )"
11321
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11322requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11323requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11324requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11326requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11327requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11328requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11329requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11330run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \
11331 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11332 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
11333 0 \
11334 -s "Protocol is TLSv1.3" \
11335 -s "got named group: secp256r1(0017)" \
11336 -s "Verifying peer X.509 certificate... ok" \
11337 -c "Protocol is TLSv1.3" \
11338 -c "NamedGroup: secp521r1 ( 19 )" \
11339 -c "NamedGroup: secp256r1 ( 17 )" \
11340 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11341 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11342 -c "received HelloRetryRequest message" \
11343 -c "selected_group ( 23 )"
11344
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11345requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11346requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11347requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11348requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11349requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11350requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11351requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11352requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11353run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \
11354 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11355 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
11356 0 \
11357 -s "Protocol is TLSv1.3" \
11358 -s "got named group: secp384r1(0018)" \
11359 -s "Verifying peer X.509 certificate... ok" \
11360 -c "Protocol is TLSv1.3" \
11361 -c "NamedGroup: secp521r1 ( 19 )" \
11362 -c "NamedGroup: secp384r1 ( 18 )" \
11363 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11364 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11365 -c "received HelloRetryRequest message" \
11366 -c "selected_group ( 24 )"
11367
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11368requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11369requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11370requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11371requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11372requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11373requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11374requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11375requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11376run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \
11377 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11378 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
11379 0 \
11380 -s "Protocol is TLSv1.3" \
11381 -s "got named group: x25519(001d)" \
11382 -s "Verifying peer X.509 certificate... ok" \
11383 -c "Protocol is TLSv1.3" \
11384 -c "NamedGroup: secp521r1 ( 19 )" \
11385 -c "NamedGroup: x25519 ( 1d )" \
11386 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11387 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11388 -c "received HelloRetryRequest message" \
11389 -c "selected_group ( 29 )"
11390
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11391requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11392requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11393requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11395requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11396requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11397requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11398requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11399run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \
11400 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11401 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
11402 0 \
11403 -s "Protocol is TLSv1.3" \
11404 -s "got named group: x448(001e)" \
11405 -s "Verifying peer X.509 certificate... ok" \
11406 -c "Protocol is TLSv1.3" \
11407 -c "NamedGroup: secp521r1 ( 19 )" \
11408 -c "NamedGroup: x448 ( 1e )" \
11409 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11410 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11411 -c "received HelloRetryRequest message" \
11412 -c "selected_group ( 30 )"
11413
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11414requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11415requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11416requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11417requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11418requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11419requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11420requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11421requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11422run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \
11423 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11424 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
11425 0 \
11426 -s "Protocol is TLSv1.3" \
11427 -s "got named group: secp256r1(0017)" \
11428 -s "Verifying peer X.509 certificate... ok" \
11429 -c "Protocol is TLSv1.3" \
11430 -c "NamedGroup: x25519 ( 1d )" \
11431 -c "NamedGroup: secp256r1 ( 17 )" \
11432 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11433 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11434 -c "received HelloRetryRequest message" \
11435 -c "selected_group ( 23 )"
11436
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11437requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11438requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11439requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11440requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11441requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11442requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11443requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11444requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11445run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \
11446 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11447 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
11448 0 \
11449 -s "Protocol is TLSv1.3" \
11450 -s "got named group: secp384r1(0018)" \
11451 -s "Verifying peer X.509 certificate... ok" \
11452 -c "Protocol is TLSv1.3" \
11453 -c "NamedGroup: x25519 ( 1d )" \
11454 -c "NamedGroup: secp384r1 ( 18 )" \
11455 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11456 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11457 -c "received HelloRetryRequest message" \
11458 -c "selected_group ( 24 )"
11459
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11460requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11461requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11462requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11463requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11464requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11465requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11466requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11467requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11468run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \
11469 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11470 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
11471 0 \
11472 -s "Protocol is TLSv1.3" \
11473 -s "got named group: secp521r1(0019)" \
11474 -s "Verifying peer X.509 certificate... ok" \
11475 -c "Protocol is TLSv1.3" \
11476 -c "NamedGroup: x25519 ( 1d )" \
11477 -c "NamedGroup: secp521r1 ( 19 )" \
11478 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11479 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11480 -c "received HelloRetryRequest message" \
11481 -c "selected_group ( 25 )"
11482
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11483requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11484requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11485requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11486requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11487requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11488requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11489requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11490requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11491run_test "TLS 1.3 m->m: HRR x25519 -> x448" \
11492 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11493 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
11494 0 \
11495 -s "Protocol is TLSv1.3" \
11496 -s "got named group: x448(001e)" \
11497 -s "Verifying peer X.509 certificate... ok" \
11498 -c "Protocol is TLSv1.3" \
11499 -c "NamedGroup: x25519 ( 1d )" \
11500 -c "NamedGroup: x448 ( 1e )" \
11501 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11502 -s "HRR selected_group: x448" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11503 -c "received HelloRetryRequest message" \
11504 -c "selected_group ( 30 )"
11505
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11506requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11507requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11508requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11509requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11510requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11511requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11512requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11513requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11514run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \
11515 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11516 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
11517 0 \
11518 -s "Protocol is TLSv1.3" \
11519 -s "got named group: secp256r1(0017)" \
11520 -s "Verifying peer X.509 certificate... ok" \
11521 -c "Protocol is TLSv1.3" \
11522 -c "NamedGroup: x448 ( 1e )" \
11523 -c "NamedGroup: secp256r1 ( 17 )" \
11524 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11525 -s "HRR selected_group: secp256r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11526 -c "received HelloRetryRequest message" \
11527 -c "selected_group ( 23 )"
11528
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11529requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11530requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11531requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11532requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11533requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11534requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11535requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11536requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11537run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \
11538 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11539 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
11540 0 \
11541 -s "Protocol is TLSv1.3" \
11542 -s "got named group: secp384r1(0018)" \
11543 -s "Verifying peer X.509 certificate... ok" \
11544 -c "Protocol is TLSv1.3" \
11545 -c "NamedGroup: x448 ( 1e )" \
11546 -c "NamedGroup: secp384r1 ( 18 )" \
11547 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11548 -s "HRR selected_group: secp384r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11549 -c "received HelloRetryRequest message" \
11550 -c "selected_group ( 24 )"
11551
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11552requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11553requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11554requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11555requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11556requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11557requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11558requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11559requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11560run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \
11561 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11562 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
11563 0 \
11564 -s "Protocol is TLSv1.3" \
11565 -s "got named group: secp521r1(0019)" \
11566 -s "Verifying peer X.509 certificate... ok" \
11567 -c "Protocol is TLSv1.3" \
11568 -c "NamedGroup: x448 ( 1e )" \
11569 -c "NamedGroup: secp521r1 ( 19 )" \
11570 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11571 -s "HRR selected_group: secp521r1" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11572 -c "received HelloRetryRequest message" \
11573 -c "selected_group ( 25 )"
11574
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000[diff] [blame]11575requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11576requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11577requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11578requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11579requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11580requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11581requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11582requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
11583run_test "TLS 1.3 m->m: HRR x448 -> x25519" \
11584 "$P_SRV_NO_CERT server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519 force_version=tls13 crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key tls13_kex_modes=ephemeral cookies=0 tickets=0" \
11585 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
11586 0 \
11587 -s "Protocol is TLSv1.3" \
11588 -s "got named group: x25519(001d)" \
11589 -s "Verifying peer X.509 certificate... ok" \
11590 -c "Protocol is TLSv1.3" \
11591 -c "NamedGroup: x448 ( 1e )" \
11592 -c "NamedGroup: x25519 ( 1d )" \
11593 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian9b938b72022-06-10 03:10:59 +0000[diff] [blame^]11594 -s "HRR selected_group: x25519" \
XiaokangQianb1847a22022-06-08 07:49:31 +0000[diff] [blame]11595 -c "received HelloRetryRequest message" \
11596 -c "selected_group ( 29 )"