TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 26fc0390c939f4dee0901d3133240e4425dd45c5 / . / tests / opt-testcases / tls13-misc.sh
blob: f6520a13b0470fa2e91360da1c14a66d94f6fe94 [file] [log] [blame]
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]1#!/bin/sh
2
3# tls13-misc.sh
4#
5# Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]7#
8
9requires_gnutls_tls1_3
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]10requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
11requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
12requires_config_enabled MBEDTLS_SSL_SRV_C
13requires_config_enabled MBEDTLS_DEBUG_C
14requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
15
16run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]17 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]18 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
19 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
20 localhost" \
21 1 \
22 -s "found psk key exchange modes extension" \
23 -s "found pre_shared_key extension" \
24 -s "Found PSK_EPHEMERAL KEX MODE" \
25 -s "Found PSK KEX MODE" \
26 -s "No matched ciphersuite"
27
28requires_openssl_tls1_3
29requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
30requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
31requires_config_enabled MBEDTLS_SSL_SRV_C
32requires_config_enabled MBEDTLS_DEBUG_C
33requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
34
35run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]36 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]37 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
38 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
39 1 \
40 -s "found psk key exchange modes extension" \
41 -s "found pre_shared_key extension" \
42 -s "Found PSK_EPHEMERAL KEX MODE" \
43 -s "Found PSK KEX MODE" \
44 -s "No matched ciphersuite"
45
46requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]47 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
48 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]49run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]50 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]51 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]52 0 \
53 -c "Pre-configured PSK number = 2" \
54 -s "sent selected_identity: 0" \
55 -s "key exchange mode: psk_ephemeral" \
56 -S "key exchange mode: psk$" \
57 -S "key exchange mode: ephemeral$" \
58 -S "ticket is not authentic"
59
60requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]61 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
62 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]63run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]64 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]65 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]66 0 \
67 -c "Pre-configured PSK number = 2" \
68 -s "sent selected_identity: 1" \
69 -s "key exchange mode: psk_ephemeral" \
70 -S "key exchange mode: psk$" \
71 -S "key exchange mode: ephemeral$" \
72 -s "ticket is not authentic"
73
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]74requires_gnutls_tls1_3
75requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
76requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
77run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
78 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
79 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
80 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
81 localhost" \
82 1 \
83 -s "found psk key exchange modes extension" \
84 -s "found pre_shared_key extension" \
85 -s "Found PSK_EPHEMERAL KEX MODE" \
86 -S "Found PSK KEX MODE" \
87 -S "key exchange mode: psk$" \
88 -S "key exchange mode: psk_ephemeral" \
89 -S "key exchange mode: ephemeral"
90
91requires_gnutls_tls1_3
92requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
93 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
94 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
95requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
96 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
97run_test "TLS 1.3: G->m: PSK: configured psk only, good." \
98 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
99 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
100 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
101 localhost" \
102 0 \
103 -s "found psk key exchange modes extension" \
104 -s "found pre_shared_key extension" \
105 -s "Found PSK_EPHEMERAL KEX MODE" \
106 -s "Found PSK KEX MODE" \
107 -s "key exchange mode: psk$"
108
109requires_gnutls_tls1_3
110requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
111 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
112 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
113requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
114 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
115run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \
116 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
117 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
118 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
119 localhost" \
120 0 \
121 -s "found psk key exchange modes extension" \
122 -s "found pre_shared_key extension" \
123 -s "Found PSK_EPHEMERAL KEX MODE" \
124 -s "Found PSK KEX MODE" \
125 -s "key exchange mode: psk_ephemeral$"
126
127requires_gnutls_tls1_3
128requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
129 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
130 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
131requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
132 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
133run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \
134 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
135 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
136 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
137 localhost" \
138 0 \
139 -s "key exchange mode: ephemeral$"
140
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]141requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
142 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
143 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
144 MBEDTLS_DEBUG_C \
145 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
146requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
147 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]148run_test "TLS 1.3 m->m: resumption" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]149 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]150 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]151 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]152 -c "Protocol is TLSv1.3" \
153 -c "Saving session for reuse... ok" \
154 -c "Reconnecting with saved session... ok" \
155 -c "HTTP/1.0 200 OK" \
156 -s "Protocol is TLSv1.3" \
157 -s "key exchange mode: psk" \
158 -s "Select PSK ciphersuite"
159
160requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
161 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
162 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
163 MBEDTLS_DEBUG_C \
164 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
165requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
166 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
167run_test "TLS 1.3 m->m: resumption with servername" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]168 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
169 sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]170 "$P_CLI server_name=localhost new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]171 0 \
172 -c "Protocol is TLSv1.3" \
173 -c "Saving session for reuse... ok" \
174 -c "Reconnecting with saved session... ok" \
175 -c "HTTP/1.0 200 OK" \
176 -s "Protocol is TLSv1.3" \
177 -s "key exchange mode: psk" \
178 -s "Select PSK ciphersuite"
179
180requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
181 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
182 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
183 MBEDTLS_DEBUG_C \
184 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
185requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
186 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
187run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]188 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604800 tickets=1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]189 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]190 0 \
191 -c "Protocol is TLSv1.3" \
192 -c "Saving session for reuse... ok" \
193 -c "Reconnecting with saved session... ok" \
194 -c "HTTP/1.0 200 OK" \
195 -s "Protocol is TLSv1.3" \
196 -s "key exchange mode: psk" \
197 -s "Select PSK ciphersuite"
198
199requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
200 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
201 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
202 MBEDTLS_DEBUG_C \
203 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
204requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
205 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]206requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
207run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]208 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]209 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]210 0 \
211 -c "Protocol is TLSv1.3" \
212 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
213 -c "Saving session for reuse... ok" \
214 -c "Reconnecting with saved session... ok" \
215 -c "HTTP/1.0 200 OK" \
216 -s "Protocol is TLSv1.3" \
217 -s "key exchange mode: psk" \
218 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
219
220requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
221 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
222 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
223 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
224 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
225requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
226 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
227run_test "TLS 1.3 m->m: resumption with early data" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]228 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]229 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]230 0 \
231 -c "Protocol is TLSv1.3" \
232 -c "Saving session for reuse... ok" \
233 -c "Reconnecting with saved session" \
234 -c "HTTP/1.0 200 OK" \
235 -c "received max_early_data_size" \
236 -c "NewSessionTicket: early_data(42) extension received." \
237 -c "ClientHello: early_data(42) extension exists." \
238 -c "EncryptedExtensions: early_data(42) extension received." \
239 -c "bytes of early data written" \
240 -C "0 bytes of early data written" \
241 -s "Protocol is TLSv1.3" \
242 -s "key exchange mode: psk" \
243 -s "Select PSK ciphersuite" \
244 -s "Sent max_early_data_size" \
245 -s "NewSessionTicket: early_data(42) extension exists." \
246 -s "ClientHello: early_data(42) extension exists." \
247 -s "EncryptedExtensions: early_data(42) extension exists." \
248 -s "early data bytes read"
249
250requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
251 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
252 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
253 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
254 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
255requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
256 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
257requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
258run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]259 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]260 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]261 0 \
262 -c "Protocol is TLSv1.3" \
263 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
264 -c "Saving session for reuse... ok" \
265 -c "Reconnecting with saved session" \
266 -c "HTTP/1.0 200 OK" \
267 -c "received max_early_data_size" \
268 -c "NewSessionTicket: early_data(42) extension received." \
269 -c "ClientHello: early_data(42) extension exists." \
270 -c "EncryptedExtensions: early_data(42) extension received." \
271 -c "bytes of early data written" \
272 -C "0 bytes of early data written" \
273 -s "Protocol is TLSv1.3" \
274 -s "key exchange mode: psk" \
275 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
276 -s "Sent max_early_data_size" \
277 -s "NewSessionTicket: early_data(42) extension exists." \
278 -s "ClientHello: early_data(42) extension exists." \
279 -s "EncryptedExtensions: early_data(42) extension exists." \
280 -s "early data bytes read"
281
282requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
283 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
284 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
285 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
286 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
287requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
288 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
289run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]290 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]291 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]292 0 \
293 -c "Protocol is TLSv1.3" \
294 -c "Saving session for reuse... ok" \
295 -c "Reconnecting with saved session" \
296 -c "HTTP/1.0 200 OK" \
297 -C "received max_early_data_size" \
298 -C "NewSessionTicket: early_data(42) extension received." \
299 -C "ClientHello: early_data(42) extension exists." \
300 -C "EncryptedExtensions: early_data(42) extension received." \
301 -c "0 bytes of early data written" \
302 -s "Protocol is TLSv1.3" \
303 -s "key exchange mode: psk" \
304 -s "Select PSK ciphersuite" \
305 -S "Sent max_early_data_size" \
306 -S "NewSessionTicket: early_data(42) extension exists." \
307 -S "ClientHello: early_data(42) extension exists." \
308 -S "EncryptedExtensions: early_data(42) extension exists." \
309 -S "early data bytes read"
310
311requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
312 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
313 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
314 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
315 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
316requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
317 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
318run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]319 "$P_SRV debug_level=4 early_data=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]320 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]321 0 \
322 -c "Protocol is TLSv1.3" \
323 -c "Saving session for reuse... ok" \
324 -c "Reconnecting with saved session" \
325 -c "HTTP/1.0 200 OK" \
326 -C "received max_early_data_size" \
327 -C "NewSessionTicket: early_data(42) extension received." \
328 -C "ClientHello: early_data(42) extension exists." \
329 -C "EncryptedExtensions: early_data(42) extension received." \
330 -c "0 bytes of early data written" \
331 -s "Protocol is TLSv1.3" \
332 -s "key exchange mode: psk" \
333 -s "Select PSK ciphersuite" \
334 -S "Sent max_early_data_size" \
335 -S "NewSessionTicket: early_data(42) extension exists." \
336 -S "ClientHello: early_data(42) extension exists." \
337 -S "EncryptedExtensions: early_data(42) extension exists." \
338 -S "early data bytes read"
339
340requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
341 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
342 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
343 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
344 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
345requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
346 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
347run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]348 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]349 "$P_CLI debug_level=3 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]350 0 \
351 -c "Protocol is TLSv1.3" \
352 -c "Saving session for reuse... ok" \
353 -c "Reconnecting with saved session" \
354 -c "HTTP/1.0 200 OK" \
355 -c "received max_early_data_size" \
356 -c "NewSessionTicket: early_data(42) extension received." \
357 -C "ClientHello: early_data(42) extension exists." \
358 -C "EncryptedExtensions: early_data(42) extension received." \
359 -C "bytes of early data written" \
360 -s "Protocol is TLSv1.3" \
361 -s "key exchange mode: psk" \
362 -s "Select PSK ciphersuite" \
363 -s "Sent max_early_data_size" \
364 -s "NewSessionTicket: early_data(42) extension exists." \
365 -S "ClientHello: early_data(42) extension exists." \
366 -S "EncryptedExtensions: early_data(42) extension exists." \
367 -S "early data bytes read"
368
369requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
370 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
371 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
372 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
373 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
374requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
375 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
376run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]377 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]378 "$P_CLI debug_level=3 early_data=0 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]379 0 \
380 -c "Protocol is TLSv1.3" \
381 -c "Saving session for reuse... ok" \
382 -c "Reconnecting with saved session" \
383 -c "HTTP/1.0 200 OK" \
384 -c "received max_early_data_size" \
385 -c "NewSessionTicket: early_data(42) extension received." \
386 -C "ClientHello: early_data(42) extension exists." \
387 -C "EncryptedExtensions: early_data(42) extension received." \
388 -C "bytes of early data written" \
389 -s "Protocol is TLSv1.3" \
390 -s "key exchange mode: psk" \
391 -s "Select PSK ciphersuite" \
392 -s "Sent max_early_data_size" \
393 -s "NewSessionTicket: early_data(42) extension exists." \
394 -S "ClientHello: early_data(42) extension exists." \
395 -S "EncryptedExtensions: early_data(42) extension exists." \
396 -S "early data bytes read"
397
398requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
399 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
400 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
401 MBEDTLS_DEBUG_C \
402 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
403requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
404 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]405run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]406 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604801 tickets=1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]407 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]408 1 \
409 -c "Protocol is TLSv1.3" \
410 -C "Saving session for reuse... ok" \
411 -c "Reconnecting with saved session... failed" \
412 -S "Protocol is TLSv1.3" \
413 -S "key exchange mode: psk" \
414 -S "Select PSK ciphersuite" \
415 -s "Ticket lifetime (604801) is greater than 7 days."
416
417requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
418 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
419 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
420 MBEDTLS_DEBUG_C \
421 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
422requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
423 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
424run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]425 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=0 tickets=1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]426 "$P_CLI debug_level=2 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]427 1 \
428 -c "Protocol is TLSv1.3" \
429 -C "Saving session for reuse... ok" \
430 -c "Discard new session ticket" \
431 -c "Reconnecting with saved session... failed" \
432 -s "Protocol is TLSv1.3" \
433 -S "key exchange mode: psk" \
434 -S "Select PSK ciphersuite"
435
436requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
437 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
438 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
439 MBEDTLS_DEBUG_C \
440 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
441requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
442 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
443run_test "TLS 1.3 m->m: resumption fails, servername check failed" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]444 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
445 sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]446 "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]447 1 \
448 -c "Protocol is TLSv1.3" \
449 -c "Saving session for reuse... ok" \
450 -c "Reconnecting with saved session" \
451 -c "Hostname mismatch the session ticket, disable session resumption." \
452 -s "Protocol is TLSv1.3" \
453 -S "key exchange mode: psk" \
454 -S "Select PSK ciphersuite"
455
456requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
457 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
458 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
459 MBEDTLS_DEBUG_C \
460 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
461requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
462 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
463run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]464 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]465 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]466 0 \
467 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]468 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]469 -s "Protocol is TLSv1.3" \
470 -c "Saving session for reuse... ok" \
471 -c "Reconnecting with saved session" \
472 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]473 -s "ticket is not authentic" \
474 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]475 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]476 -S "Ticket age exceeds limitation" \
477 -S "Ticket age outside tolerance window"
478
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]479requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
480 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
481 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
482 MBEDTLS_DEBUG_C \
483 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
484requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]485 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]486run_test "TLS 1.3 m->m: resumption fails, ticket expired." \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]487 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=2" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]488 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]489 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]490 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]491 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]492 -s "Protocol is TLSv1.3" \
493 -c "Saving session for reuse... ok" \
494 -c "Reconnecting with saved session" \
495 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]496 -S "ticket is not authentic" \
497 -s "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]498 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]499 -S "Ticket age exceeds limitation" \
500 -S "Ticket age outside tolerance window"
501
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]502requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
503 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
504 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
505 MBEDTLS_DEBUG_C \
506 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
507requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]508 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]509run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]510 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=3" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]511 "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]512 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]513 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]514 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]515 -s "Protocol is TLSv1.3" \
516 -c "Saving session for reuse... ok" \
517 -c "Reconnecting with saved session" \
518 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]519 -S "ticket is not authentic" \
520 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]521 -s "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]522 -S "Ticket age exceeds limitation" \
523 -S "Ticket age outside tolerance window"
524
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]525requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
526 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
527 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
528 MBEDTLS_DEBUG_C \
529 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
530requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]531 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]532run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]533 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=4" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]534 "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]535 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]536 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]537 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]538 -s "Protocol is TLSv1.3" \
539 -c "Saving session for reuse... ok" \
540 -c "Reconnecting with saved session" \
541 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]542 -S "ticket is not authentic" \
543 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]544 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]545 -s "Ticket age exceeds limitation" \
546 -S "Ticket age outside tolerance window"
547
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]548requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
549 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
550 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
551 MBEDTLS_DEBUG_C \
552 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
553requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]554 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]555run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]556 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=5" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]557 "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]558 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]559 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]560 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]561 -s "Protocol is TLSv1.3" \
562 -c "Saving session for reuse... ok" \
563 -c "Reconnecting with saved session" \
564 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]565 -S "ticket is not authentic" \
566 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]567 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]568 -S "Ticket age exceeds limitation" \
569 -s "Ticket age outside tolerance window"
570
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]571requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
572 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
573 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
574 MBEDTLS_DEBUG_C \
575 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
576requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]577 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]578run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]579 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=6" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]580 "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]581 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]582 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]583 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]584 -s "Protocol is TLSv1.3" \
585 -c "Saving session for reuse... ok" \
586 -c "Reconnecting with saved session" \
587 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]588 -S "ticket is not authentic" \
589 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]590 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]591 -S "Ticket age exceeds limitation" \
592 -s "Ticket age outside tolerance window"
593
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]594requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
595 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
596 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
597 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]598 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]599 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]600run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]601 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]602 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]603 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]604 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]605 -s "key exchange mode: ephemeral" \
606 -S "key exchange mode: psk_ephemeral" \
607 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]608 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]609 -s "No suitable PSK key exchange mode" \
610 -s "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]611
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]612requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
613 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
614 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
615 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]616 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
617 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]618run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]619 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]620 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]621 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]622 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]623 -s "key exchange mode: ephemeral" \
624 -S "key exchange mode: psk_ephemeral" \
625 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]626 -s "found matched identity" \
627 -S "No suitable PSK key exchange mode" \
628 -S "No usable PSK or ticket"
629
630requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
631 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
632 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
633 MBEDTLS_DEBUG_C \
634 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
635 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
636run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]637 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]638 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]639 0 \
640 -c "Protocol is TLSv1.3" \
641 -s "key exchange mode: ephemeral" \
642 -S "key exchange mode: psk_ephemeral" \
643 -S "key exchange mode: psk$" \
644 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]645 -s "No suitable PSK key exchange mode" \
646 -s "No usable PSK or ticket"
647
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]648requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
649 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
650 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
651 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]652 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
653 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]654run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]655 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]656 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]657 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]658 -c "Protocol is TLSv1.3" \
659 -s "key exchange mode: ephemeral" \
660 -S "key exchange mode: psk_ephemeral" \
661 -S "key exchange mode: psk$" \
662 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]663 -S "No suitable PSK key exchange mode" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]664 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]665
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]666requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
667 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
668 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
669 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]670 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]671 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]672run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]673 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]674 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]675 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]676 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]677 -s "key exchange mode: ephemeral" \
678 -S "key exchange mode: psk_ephemeral" \
679 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]680 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]681 -s "No suitable PSK key exchange mode" \
682 -s "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]683
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]684requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
685 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
686 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
687 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]688 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
689 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]690run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]691 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]692 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]693 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]694 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]695 -s "key exchange mode: ephemeral" \
696 -S "key exchange mode: psk_ephemeral" \
697 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]698 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]699 -s "No suitable PSK key exchange mode" \
700 -s "No usable PSK or ticket"
701
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]702requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
703 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
704 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
705 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]706 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
707 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]708run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]709 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]710 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]711 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]712 -c "Protocol is TLSv1.3" \
713 -s "key exchange mode: ephemeral" \
714 -s "key exchange mode: psk_ephemeral" \
715 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]716 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]717 -S "No suitable PSK key exchange mode" \
718 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]719
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]720requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
721 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
722 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
723 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]724 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
725 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]726run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]727 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]728 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]729 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]730 -c "Protocol is TLSv1.3" \
731 -s "key exchange mode: ephemeral" \
732 -s "key exchange mode: psk_ephemeral" \
733 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]734 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]735 -S "No suitable PSK key exchange mode" \
736 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]737
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]738requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
739 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
740 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
741 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]742 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
743 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
744 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]745run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]746 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]747 "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]748 0 \
749 -c "Pre-configured PSK number = 1" \
750 -S "sent selected_identity:" \
751 -s "key exchange mode: ephemeral" \
752 -S "key exchange mode: psk_ephemeral" \
753 -S "key exchange mode: psk$" \
754 -s "No suitable PSK key exchange mode" \
755 -s "No usable PSK or ticket"
756
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]757requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
758 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
759 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
760 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]761 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
762 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
763 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]764run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]765 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]766 "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]767 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]768 -c "Protocol is TLSv1.3" \
769 -s "key exchange mode: ephemeral" \
770 -S "key exchange mode: psk_ephemeral" \
771 -S "key exchange mode: psk$" \
772 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]773 -S "No suitable PSK key exchange mode" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]774 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]775
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]776requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
777 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
778 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
779 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]780 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
781 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
782 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]783run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]784 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]785 "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]786 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]787 -c "Protocol is TLSv1.3" \
788 -s "key exchange mode: ephemeral" \
789 -s "key exchange mode: psk_ephemeral" \
790 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]791 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]792 -S "No suitable PSK key exchange mode" \
793 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]794
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]795requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
796 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
797 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
798 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]799 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
800 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
801 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]802run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]803 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]804 "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]805 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]806 -c "Protocol is TLSv1.3" \
807 -s "key exchange mode: ephemeral" \
808 -s "key exchange mode: psk_ephemeral" \
809 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]810 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]811 -S "No suitable PSK key exchange mode" \
812 -S "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]813
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]814requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]815requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Norbert Fabritiusc93fc862023-04-12 09:50:30 +0200[diff] [blame]816 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]817 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
818 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
819requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
820 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
821run_test "TLS 1.3 m->O: resumption" \
822 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]823 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]824 0 \
825 -c "Protocol is TLSv1.3" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]826 -c "Saving session for reuse... ok" \
827 -c "Reconnecting with saved session... ok" \
828 -c "HTTP/1.0 200 ok"
829
Ronald Cron54a9b112024-03-26 11:17:10 +0100[diff] [blame]830requires_openssl_tls1_3_with_compatible_ephemeral
831requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
832 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
833 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
834requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
835run_test "TLS 1.3 m->O: resumption fails, no ticket support" \
836 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
837 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
838 1 \
839 -c "Protocol is TLSv1.3" \
840 -C "Saving session for reuse... ok" \
841 -C "Reconnecting with saved session... ok" \
Ronald Cron97dc5832024-08-28 09:34:34 +0200[diff] [blame]842 -c "Ignoring NewSessionTicket, not supported."
Ronald Cron54a9b112024-03-26 11:17:10 +0100[diff] [blame]843
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]844requires_openssl_tls1_3_with_compatible_ephemeral
845requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
846 MBEDTLS_SSL_SESSION_TICKETS \
847 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
848 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]849run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled (explicit)" \
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]850 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
851 "$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \
852 1 \
853 -c "Protocol is TLSv1.3" \
854 -C "Saving session for reuse... ok" \
855 -C "Reconnecting with saved session... ok" \
Ronald Cron97dc5832024-08-28 09:34:34 +0200[diff] [blame]856 -c "Ignoring NewSessionTicket, handling disabled."
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]857
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]858requires_openssl_tls1_3_with_compatible_ephemeral
859requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
860 MBEDTLS_SSL_SESSION_TICKETS \
861 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
862 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
863run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled (default)" \
864 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
865 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
866 1 \
867 -c "Protocol is TLSv1.3" \
868 -C "Saving session for reuse... ok" \
869 -C "Reconnecting with saved session... ok" \
870 -c "Ignoring NewSessionTicket, handling disabled."
871
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]872# No early data m->O tests for the time being. The option -early_data is needed
873# to enable early data on OpenSSL server and it is not compatible with the
874# -www option we usually use for testing with OpenSSL server (see
875# O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the
876# ephemeral then ticket based scenario we use for early data testing the first
877# handshake fails. The following skipped test is here to illustrate the kind
878# of testing we would like to do.
879skip_next_test
880requires_openssl_tls1_3_with_compatible_ephemeral
881requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
882 MBEDTLS_SSL_EARLY_DATA \
883 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
884 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
885requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
886 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
887run_test "TLS 1.3 m->O: resumption with early data" \
888 "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]889 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]890 0 \
891 -c "Protocol is TLSv1.3" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]892 -c "Saving session for reuse... ok" \
893 -c "Reconnecting with saved session" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]894 -c "HTTP/1.0 200 OK" \
895 -c "received max_early_data_size: 16384" \
896 -c "NewSessionTicket: early_data(42) extension received." \
897 -c "ClientHello: early_data(42) extension exists." \
898 -c "EncryptedExtensions: early_data(42) extension received." \
899 -c "bytes of early data written" \
900 -s "decrypted early data with length:"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]901
902requires_gnutls_tls1_3
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]903requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Norbert Fabritiusc93fc862023-04-12 09:50:30 +0200[diff] [blame]904 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]905 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
906 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
907requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
908 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
909run_test "TLS 1.3 m->G: resumption" \
910 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]911 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]912 0 \
913 -c "Protocol is TLSv1.3" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]914 -c "Saving session for reuse... ok" \
915 -c "Reconnecting with saved session... ok" \
916 -c "HTTP/1.0 200 OK"
917
918requires_gnutls_tls1_3
919requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Ronald Cron54a9b112024-03-26 11:17:10 +0100[diff] [blame]920 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
921 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
922requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
923run_test "TLS 1.3 m->G: resumption fails, no ticket support" \
924 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
925 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
926 1 \
927 -c "Protocol is TLSv1.3" \
928 -C "Saving session for reuse... ok" \
929 -C "Reconnecting with saved session... ok" \
Ronald Cron97dc5832024-08-28 09:34:34 +0200[diff] [blame]930 -c "Ignoring NewSessionTicket, not supported."
Ronald Cron54a9b112024-03-26 11:17:10 +0100[diff] [blame]931
932requires_gnutls_tls1_3
933requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]934 MBEDTLS_SSL_SESSION_TICKETS \
935 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
936 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]937run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled (explicit)" \
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]938 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
939 "$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \
940 1 \
941 -c "Protocol is TLSv1.3" \
942 -C "Saving session for reuse... ok" \
943 -C "Reconnecting with saved session... ok" \
Ronald Cron97dc5832024-08-28 09:34:34 +0200[diff] [blame]944 -c "Ignoring NewSessionTicket, handling disabled."
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]945
946requires_gnutls_tls1_3
947requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]948 MBEDTLS_SSL_SESSION_TICKETS \
949 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
950 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
951run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled (default)" \
952 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
953 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
954 1 \
955 -c "Protocol is TLSv1.3" \
956 -C "Saving session for reuse... ok" \
957 -C "Reconnecting with saved session... ok" \
958 -c "Ignoring NewSessionTicket, handling disabled."
959
960requires_gnutls_tls1_3
961requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Norbert Fabritiusc93fc862023-04-12 09:50:30 +0200[diff] [blame]962 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]963 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
964 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
965requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
966 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
967requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
968run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \
969 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]970 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]971 0 \
972 -c "Protocol is TLSv1.3" \
973 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
974 -c "Saving session for reuse... ok" \
975 -c "Reconnecting with saved session... ok" \
976 -c "HTTP/1.0 200 OK"
977
978requires_gnutls_tls1_3
979requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
980 MBEDTLS_SSL_EARLY_DATA \
981 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
982 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
983requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
984 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
985run_test "TLS 1.3 m->G: resumption with early data" \
986 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
987 --earlydata --maxearlydata 16384" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]988 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]989 0 \
990 -c "Protocol is TLSv1.3" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]991 -c "Saving session for reuse... ok" \
992 -c "Reconnecting with saved session" \
993 -c "HTTP/1.0 200 OK" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]994 -c "received max_early_data_size: 16384" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]995 -c "NewSessionTicket: early_data(42) extension received." \
996 -c "ClientHello: early_data(42) extension exists." \
997 -c "EncryptedExtensions: early_data(42) extension received." \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]998 -c "bytes of early data written" \
999 -s "decrypted early data with length:"
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1000
1001requires_gnutls_tls1_3
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1002requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
1003 MBEDTLS_SSL_EARLY_DATA \
1004 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1005 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1006requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
1007 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1008requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
1009run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \
1010 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
1011 --earlydata --maxearlydata 16384" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]1012 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1013 0 \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1014 -c "Protocol is TLSv1.3" \
1015 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
1016 -c "Saving session for reuse... ok" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1017 -c "Reconnecting with saved session" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1018 -c "HTTP/1.0 200 OK" \
1019 -c "received max_early_data_size: 16384" \
1020 -c "NewSessionTicket: early_data(42) extension received." \
1021 -c "ClientHello: early_data(42) extension exists." \
1022 -c "EncryptedExtensions: early_data(42) extension received." \
1023 -c "bytes of early data written" \
1024 -s "decrypted early data with length:"
1025
1026requires_gnutls_tls1_3
1027requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
1028 MBEDTLS_SSL_EARLY_DATA \
1029 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1030 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1031requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
1032 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1033run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \
1034 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]1035 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1036 0 \
1037 -c "Protocol is TLSv1.3" \
1038 -c "Saving session for reuse... ok" \
1039 -c "Reconnecting with saved session" \
1040 -c "HTTP/1.0 200 OK" \
1041 -C "received max_early_data_size: 16384" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1042 -C "NewSessionTicket: early_data(42) extension received." \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1043
1044requires_gnutls_tls1_3
1045requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
1046 MBEDTLS_SSL_EARLY_DATA \
1047 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1048 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1049requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
1050 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1051run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \
1052 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
1053 --earlydata --maxearlydata 16384" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]1054 "$P_CLI debug_level=3 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1055 0 \
1056 -c "Protocol is TLSv1.3" \
1057 -c "Saving session for reuse... ok" \
1058 -c "Reconnecting with saved session" \
1059 -c "HTTP/1.0 200 OK" \
1060 -c "received max_early_data_size: 16384" \
1061 -c "NewSessionTicket: early_data(42) extension received." \
1062 -C "ClientHello: early_data(42) extension exists." \
1063
1064requires_gnutls_tls1_3
1065requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
1066 MBEDTLS_SSL_EARLY_DATA \
1067 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1068 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1069requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
1070 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1071run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \
1072 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
1073 --earlydata --maxearlydata 16384" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]1074 "$P_CLI debug_level=3 early_data=0 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1075 0 \
1076 -c "Protocol is TLSv1.3" \
1077 -c "Saving session for reuse... ok" \
1078 -c "Reconnecting with saved session" \
1079 -c "HTTP/1.0 200 OK" \
1080 -c "received max_early_data_size: 16384" \
1081 -c "NewSessionTicket: early_data(42) extension received." \
1082 -C "ClientHello: early_data(42) extension exists." \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1083
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1084requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]1085requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
1086 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1087 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1088requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1089 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1090# https://github.com/openssl/openssl/issues/10714
1091# Until now, OpenSSL client does not support reconnect.
1092skip_next_test
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]1093run_test "TLS 1.3 O->m: resumption" \
1094 "$P_SRV debug_level=2 tickets=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1095 "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \
1096 0 \
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]1097 -s "Protocol is TLSv1.3" \
1098 -s "key exchange mode: psk" \
1099 -s "Select PSK ciphersuite"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1100
1101requires_gnutls_tls1_3
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1102requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1103 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
1104 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1105 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1106requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1107 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1108run_test "TLS 1.3 G->m: resumption" \
1109 "$P_SRV debug_level=2 tickets=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1110 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
1111 0 \
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1112 -s "Protocol is TLSv1.3" \
1113 -s "key exchange mode: psk" \
1114 -s "Select PSK ciphersuite"
1115
1116requires_gnutls_tls1_3
1117requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1118 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
1119 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1120 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1121requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1122 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1123requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
1124# Test the session resumption when the cipher suite for the original session is
1125# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not
1126# 256 bits long as with all the other TLS 1.3 cipher suites.
1127run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \
1128 "$P_SRV debug_level=2 tickets=1" \
1129 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \
1130 0 \
1131 -s "Protocol is TLSv1.3" \
1132 -s "key exchange mode: psk" \
1133 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1134
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1135EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 ))
1136EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
1137
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1138requires_gnutls_tls1_3
1139requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1140 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1141 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1142 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1143requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1144 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1145run_test "TLS 1.3 G->m: resumption with early data" \
1146 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1147 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1148 --earlydata $EARLY_DATA_INPUT" \
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1149 0 \
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1150 -s "Protocol is TLSv1.3" \
1151 -s "key exchange mode: psk" \
1152 -s "Select PSK ciphersuite" \
1153 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1154 -s "NewSessionTicket: early_data(42) extension exists." \
1155 -s "ClientHello: early_data(42) extension exists." \
1156 -s "EncryptedExtensions: early_data(42) extension exists." \
1157 -s "$( head -1 $EARLY_DATA_INPUT )" \
1158 -s "$( tail -1 $EARLY_DATA_INPUT )" \
1159 -s "200 early data bytes read" \
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1160 -s "106 early data bytes read"
1161
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1162requires_gnutls_tls1_3
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1163requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1164 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1165 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1166 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1167requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1168 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1169requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1170run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \
1171 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1172 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \
1173 --earlydata $EARLY_DATA_INPUT" \
1174 0 \
1175 -s "Protocol is TLSv1.3" \
1176 -s "key exchange mode: psk" \
1177 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
1178 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1179 -s "NewSessionTicket: early_data(42) extension exists." \
1180 -s "ClientHello: early_data(42) extension exists." \
1181 -s "EncryptedExtensions: early_data(42) extension exists." \
1182 -s "$( head -1 $EARLY_DATA_INPUT )" \
1183 -s "$( tail -1 $EARLY_DATA_INPUT )" \
1184 -s "200 early data bytes read" \
1185 -s "106 early data bytes read"
1186
1187# The Mbed TLS server does not allow early data for the ticket it sends but
1188# the GnuTLS indicates early data anyway when resuming with the ticket and
1189# sends early data. The Mbed TLS server does not expect early data in
1190# association with the ticket thus it eventually fails the resumption
1191# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
1192# specification and thus its behavior may change in following versions.
1193requires_gnutls_tls1_3
1194requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1195 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1196 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1197 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1198requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1199 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1200run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \
1201 "$P_SRV debug_level=4 tickets=1" \
1202 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1203 --earlydata $EARLY_DATA_INPUT" \
1204 1 \
1205 -s "Protocol is TLSv1.3" \
1206 -s "key exchange mode: psk" \
1207 -s "Select PSK ciphersuite" \
1208 -S "Sent max_early_data_size" \
1209 -S "NewSessionTicket: early_data(42) extension exists." \
1210 -s "ClientHello: early_data(42) extension exists." \
1211 -s "EarlyData: rejected, feature disabled in server configuration." \
1212 -S "EncryptedExtensions: early_data(42) extension exists." \
1213 -s "EarlyData: deprotect and discard app data records" \
1214 -s "EarlyData: Too much early data received"
1215
1216# The Mbed TLS server does not allow early data for the ticket it sends but
1217# the GnuTLS indicates early data anyway when resuming with the ticket and
1218# sends early data. The Mbed TLS server does not expect early data in
1219# association with the ticket thus it eventually fails the resumption
1220# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
1221# specification and thus its behavior may change in following versions.
1222requires_gnutls_tls1_3
1223requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1224 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1225 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1226 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1227requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1228 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1229run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \
1230 "$P_SRV debug_level=4 tickets=1 early_data=0" \
1231 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1232 --earlydata $EARLY_DATA_INPUT" \
1233 1 \
1234 -s "Protocol is TLSv1.3" \
1235 -s "key exchange mode: psk" \
1236 -s "Select PSK ciphersuite" \
1237 -S "Sent max_early_data_size" \
1238 -S "NewSessionTicket: early_data(42) extension exists." \
1239 -s "ClientHello: early_data(42) extension exists." \
1240 -s "EarlyData: rejected, feature disabled in server configuration." \
1241 -S "EncryptedExtensions: early_data(42) extension exists." \
1242 -s "EarlyData: deprotect and discard app data records" \
1243 -s "EarlyData: Too much early data received"
1244
1245requires_gnutls_tls1_3
1246requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1247 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1248 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1249 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1250requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1251 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1252run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \
1253 "$P_SRV debug_level=4 tickets=1 early_data=1" \
1254 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
1255 0 \
1256 -s "Protocol is TLSv1.3" \
1257 -s "key exchange mode: psk" \
1258 -s "Select PSK ciphersuite" \
1259 -s "Sent max_early_data_size" \
1260 -s "NewSessionTicket: early_data(42) extension exists." \
1261 -S "ClientHello: early_data(42) extension exists." \
1262 -S "EncryptedExtensions: early_data(42) extension exists."
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1263
Ronald Cron1f63fe42024-02-23 15:49:12 +0100[diff] [blame]1264requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
1265 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
1266 MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
1267 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1268 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1269run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
Ronald Cron74191a52024-03-09 17:38:16 +0100[diff] [blame]1270 "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]1271 "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron1f63fe42024-02-23 15:49:12 +0100[diff] [blame]1272 0 \
1273 -s "key exchange mode: ephemeral" \
1274 -S "key exchange mode: psk" \
1275 -s "found matched identity" \
1276 -s "EarlyData: rejected, not a session resumption" \
1277 -C "EncryptedExtensions: early_data(42) extension exists."