TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ab84fe8052e9dba3b61087fec604d68d59e94edf / . / tests / opt-testcases / tls13-misc.sh
blob: ac91093fd2da57a0765b45286c76d93b8073afd2 [file] [log] [blame]
Gilles Peskineab84fe82024-09-13 13:53:50 +0200[diff] [blame^]1# Miscellaneous tests of TLS 1.3 features.
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]2
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]3# Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +0000[diff] [blame]4# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]5#
6
7requires_gnutls_tls1_3
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]8requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
9requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
10requires_config_enabled MBEDTLS_SSL_SRV_C
11requires_config_enabled MBEDTLS_DEBUG_C
12requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
13
14run_test "TLS 1.3: PSK: No valid ciphersuite. G->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]15 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]16 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-CIPHER-ALL:+AES-256-GCM:+AEAD:+SHA384:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3 \
17 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
18 localhost" \
19 1 \
20 -s "found psk key exchange modes extension" \
21 -s "found pre_shared_key extension" \
22 -s "Found PSK_EPHEMERAL KEX MODE" \
23 -s "Found PSK KEX MODE" \
24 -s "No matched ciphersuite"
25
26requires_openssl_tls1_3
27requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
28requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
29requires_config_enabled MBEDTLS_SSL_SRV_C
30requires_config_enabled MBEDTLS_DEBUG_C
31requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
32
33run_test "TLS 1.3: PSK: No valid ciphersuite. O->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]34 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]35 "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -ciphersuites TLS_AES_256_GCM_SHA384\
36 -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70" \
37 1 \
38 -s "found psk key exchange modes extension" \
39 -s "found pre_shared_key extension" \
40 -s "Found PSK_EPHEMERAL KEX MODE" \
41 -s "Found PSK KEX MODE" \
42 -s "No matched ciphersuite"
43
44requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]45 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
46 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]47run_test "TLS 1.3 m->m: Multiple PSKs: valid ticket, reconnect with ticket" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]48 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]49 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]50 0 \
51 -c "Pre-configured PSK number = 2" \
52 -s "sent selected_identity: 0" \
53 -s "key exchange mode: psk_ephemeral" \
54 -S "key exchange mode: psk$" \
55 -S "key exchange mode: ephemeral$" \
56 -S "ticket is not authentic"
57
58requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]59 MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
60 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]61run_test "TLS 1.3 m->m: Multiple PSKs: invalid ticket, reconnect with PSK" \
Ronald Cron50ae84e2023-03-14 08:59:56 +0100[diff] [blame]62 "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 tickets=8 dummy_ticket=1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]63 "$P_CLI tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]64 0 \
65 -c "Pre-configured PSK number = 2" \
66 -s "sent selected_identity: 1" \
67 -s "key exchange mode: psk_ephemeral" \
68 -S "key exchange mode: psk$" \
69 -S "key exchange mode: ephemeral$" \
70 -s "ticket is not authentic"
71
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]72requires_gnutls_tls1_3
73requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
74requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
75run_test "TLS 1.3: G->m: ephemeral_all/psk, fail, no common kex mode" \
76 "$P_SRV tls13_kex_modes=psk debug_level=5 $(get_srv_psk_list)" \
77 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK:+VERS-TLS1.3 \
78 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
79 localhost" \
80 1 \
81 -s "found psk key exchange modes extension" \
82 -s "found pre_shared_key extension" \
83 -s "Found PSK_EPHEMERAL KEX MODE" \
84 -S "Found PSK KEX MODE" \
85 -S "key exchange mode: psk$" \
86 -S "key exchange mode: psk_ephemeral" \
87 -S "key exchange mode: ephemeral"
88
89requires_gnutls_tls1_3
90requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
91 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
92 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
93requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
94 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
95run_test "TLS 1.3: G->m: PSK: configured psk only, good." \
96 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
97 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
98 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
99 localhost" \
100 0 \
101 -s "found psk key exchange modes extension" \
102 -s "found pre_shared_key extension" \
103 -s "Found PSK_EPHEMERAL KEX MODE" \
104 -s "Found PSK KEX MODE" \
105 -s "key exchange mode: psk$"
106
107requires_gnutls_tls1_3
108requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
109 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
110 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
111requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
112 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
113run_test "TLS 1.3: G->m: PSK: configured psk_ephemeral only, good." \
114 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
115 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
116 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
117 localhost" \
118 0 \
119 -s "found psk key exchange modes extension" \
120 -s "found pre_shared_key extension" \
121 -s "Found PSK_EPHEMERAL KEX MODE" \
122 -s "Found PSK KEX MODE" \
123 -s "key exchange mode: psk_ephemeral$"
124
125requires_gnutls_tls1_3
126requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
127 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
128 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
129requires_all_configs_disabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
130 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
131run_test "TLS 1.3: G->m: PSK: configured ephemeral only, good." \
132 "$P_SRV tls13_kex_modes=all debug_level=5 $(get_srv_psk_list)" \
133 "$G_NEXT_CLI -d 10 --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:+GROUP-ALL \
134 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
135 localhost" \
136 0 \
137 -s "key exchange mode: ephemeral$"
138
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]139requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
140 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
141 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
142 MBEDTLS_DEBUG_C \
143 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
144requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
145 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]146run_test "TLS 1.3 m->m: resumption" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]147 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]148 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]149 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]150 -c "Protocol is TLSv1.3" \
151 -c "Saving session for reuse... ok" \
152 -c "Reconnecting with saved session... ok" \
153 -c "HTTP/1.0 200 OK" \
154 -s "Protocol is TLSv1.3" \
155 -s "key exchange mode: psk" \
156 -s "Select PSK ciphersuite"
157
158requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
159 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
160 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
161 MBEDTLS_DEBUG_C \
162 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
163requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
164 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
165run_test "TLS 1.3 m->m: resumption with servername" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]166 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
167 sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]168 "$P_CLI server_name=localhost new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]169 0 \
170 -c "Protocol is TLSv1.3" \
171 -c "Saving session for reuse... ok" \
172 -c "Reconnecting with saved session... ok" \
173 -c "HTTP/1.0 200 OK" \
174 -s "Protocol is TLSv1.3" \
175 -s "key exchange mode: psk" \
176 -s "Select PSK ciphersuite"
177
178requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
179 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
180 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
181 MBEDTLS_DEBUG_C \
182 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
183requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
184 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
185run_test "TLS 1.3 m->m: resumption with ticket max lifetime (7d)" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]186 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604800 tickets=1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]187 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]188 0 \
189 -c "Protocol is TLSv1.3" \
190 -c "Saving session for reuse... ok" \
191 -c "Reconnecting with saved session... ok" \
192 -c "HTTP/1.0 200 OK" \
193 -s "Protocol is TLSv1.3" \
194 -s "key exchange mode: psk" \
195 -s "Select PSK ciphersuite"
196
197requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
198 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
199 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
200 MBEDTLS_DEBUG_C \
201 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
202requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
203 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]204requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
205run_test "TLS 1.3 m->m: resumption with AES-256-GCM-SHA384 only" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]206 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]207 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]208 0 \
209 -c "Protocol is TLSv1.3" \
210 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
211 -c "Saving session for reuse... ok" \
212 -c "Reconnecting with saved session... ok" \
213 -c "HTTP/1.0 200 OK" \
214 -s "Protocol is TLSv1.3" \
215 -s "key exchange mode: psk" \
216 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
217
218requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
219 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
220 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
221 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
222 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
223requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
224 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
225run_test "TLS 1.3 m->m: resumption with early data" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]226 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]227 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]228 0 \
229 -c "Protocol is TLSv1.3" \
230 -c "Saving session for reuse... ok" \
231 -c "Reconnecting with saved session" \
232 -c "HTTP/1.0 200 OK" \
233 -c "received max_early_data_size" \
234 -c "NewSessionTicket: early_data(42) extension received." \
235 -c "ClientHello: early_data(42) extension exists." \
236 -c "EncryptedExtensions: early_data(42) extension received." \
237 -c "bytes of early data written" \
238 -C "0 bytes of early data written" \
239 -s "Protocol is TLSv1.3" \
240 -s "key exchange mode: psk" \
241 -s "Select PSK ciphersuite" \
242 -s "Sent max_early_data_size" \
243 -s "NewSessionTicket: early_data(42) extension exists." \
244 -s "ClientHello: early_data(42) extension exists." \
245 -s "EncryptedExtensions: early_data(42) extension exists." \
246 -s "early data bytes read"
247
248requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
249 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
250 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
251 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
252 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
253requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
254 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
255requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
256run_test "TLS 1.3 m->m: resumption with early data, AES-256-GCM-SHA384 only" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]257 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]258 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]259 0 \
260 -c "Protocol is TLSv1.3" \
261 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
262 -c "Saving session for reuse... ok" \
263 -c "Reconnecting with saved session" \
264 -c "HTTP/1.0 200 OK" \
265 -c "received max_early_data_size" \
266 -c "NewSessionTicket: early_data(42) extension received." \
267 -c "ClientHello: early_data(42) extension exists." \
268 -c "EncryptedExtensions: early_data(42) extension received." \
269 -c "bytes of early data written" \
270 -C "0 bytes of early data written" \
271 -s "Protocol is TLSv1.3" \
272 -s "key exchange mode: psk" \
273 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
274 -s "Sent max_early_data_size" \
275 -s "NewSessionTicket: early_data(42) extension exists." \
276 -s "ClientHello: early_data(42) extension exists." \
277 -s "EncryptedExtensions: early_data(42) extension exists." \
278 -s "early data bytes read"
279
280requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
281 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
282 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
283 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
284 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
285requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
286 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
287run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-default" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]288 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]289 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]290 0 \
291 -c "Protocol is TLSv1.3" \
292 -c "Saving session for reuse... ok" \
293 -c "Reconnecting with saved session" \
294 -c "HTTP/1.0 200 OK" \
295 -C "received max_early_data_size" \
296 -C "NewSessionTicket: early_data(42) extension received." \
297 -C "ClientHello: early_data(42) extension exists." \
298 -C "EncryptedExtensions: early_data(42) extension received." \
299 -c "0 bytes of early data written" \
300 -s "Protocol is TLSv1.3" \
301 -s "key exchange mode: psk" \
302 -s "Select PSK ciphersuite" \
303 -S "Sent max_early_data_size" \
304 -S "NewSessionTicket: early_data(42) extension exists." \
305 -S "ClientHello: early_data(42) extension exists." \
306 -S "EncryptedExtensions: early_data(42) extension exists." \
307 -S "early data bytes read"
308
309requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
310 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
311 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
312 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
313 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
314requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
315 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
316run_test "TLS 1.3 m->m: resumption, early data cli-enabled/srv-disabled" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]317 "$P_SRV debug_level=4 early_data=0 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]318 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]319 0 \
320 -c "Protocol is TLSv1.3" \
321 -c "Saving session for reuse... ok" \
322 -c "Reconnecting with saved session" \
323 -c "HTTP/1.0 200 OK" \
324 -C "received max_early_data_size" \
325 -C "NewSessionTicket: early_data(42) extension received." \
326 -C "ClientHello: early_data(42) extension exists." \
327 -C "EncryptedExtensions: early_data(42) extension received." \
328 -c "0 bytes of early data written" \
329 -s "Protocol is TLSv1.3" \
330 -s "key exchange mode: psk" \
331 -s "Select PSK ciphersuite" \
332 -S "Sent max_early_data_size" \
333 -S "NewSessionTicket: early_data(42) extension exists." \
334 -S "ClientHello: early_data(42) extension exists." \
335 -S "EncryptedExtensions: early_data(42) extension exists." \
336 -S "early data bytes read"
337
338requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
339 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
340 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
341 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
342 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
343requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
344 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
345run_test "TLS 1.3 m->m: resumption, early data cli-default/srv-enabled" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]346 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]347 "$P_CLI debug_level=3 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]348 0 \
349 -c "Protocol is TLSv1.3" \
350 -c "Saving session for reuse... ok" \
351 -c "Reconnecting with saved session" \
352 -c "HTTP/1.0 200 OK" \
353 -c "received max_early_data_size" \
354 -c "NewSessionTicket: early_data(42) extension received." \
355 -C "ClientHello: early_data(42) extension exists." \
356 -C "EncryptedExtensions: early_data(42) extension received." \
357 -C "bytes of early data written" \
358 -s "Protocol is TLSv1.3" \
359 -s "key exchange mode: psk" \
360 -s "Select PSK ciphersuite" \
361 -s "Sent max_early_data_size" \
362 -s "NewSessionTicket: early_data(42) extension exists." \
363 -S "ClientHello: early_data(42) extension exists." \
364 -S "EncryptedExtensions: early_data(42) extension exists." \
365 -S "early data bytes read"
366
367requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
368 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
369 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
370 MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
371 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
372requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
373 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
374run_test "TLS 1.3 m->m: resumption, early data cli-disabled/srv-enabled" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]375 "$P_SRV debug_level=4 early_data=1 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]376 "$P_CLI debug_level=3 early_data=0 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crondd2dc152024-03-15 10:08:32 +0100[diff] [blame]377 0 \
378 -c "Protocol is TLSv1.3" \
379 -c "Saving session for reuse... ok" \
380 -c "Reconnecting with saved session" \
381 -c "HTTP/1.0 200 OK" \
382 -c "received max_early_data_size" \
383 -c "NewSessionTicket: early_data(42) extension received." \
384 -C "ClientHello: early_data(42) extension exists." \
385 -C "EncryptedExtensions: early_data(42) extension received." \
386 -C "bytes of early data written" \
387 -s "Protocol is TLSv1.3" \
388 -s "key exchange mode: psk" \
389 -s "Select PSK ciphersuite" \
390 -s "Sent max_early_data_size" \
391 -s "NewSessionTicket: early_data(42) extension exists." \
392 -S "ClientHello: early_data(42) extension exists." \
393 -S "EncryptedExtensions: early_data(42) extension exists." \
394 -S "early data bytes read"
395
396requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
397 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
398 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
399 MBEDTLS_DEBUG_C \
400 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
401requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
402 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]403run_test "TLS 1.3 m->m: resumption fails, ticket lifetime too long (7d + 1s)" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]404 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=604801 tickets=1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]405 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]406 1 \
407 -c "Protocol is TLSv1.3" \
408 -C "Saving session for reuse... ok" \
409 -c "Reconnecting with saved session... failed" \
410 -S "Protocol is TLSv1.3" \
411 -S "key exchange mode: psk" \
412 -S "Select PSK ciphersuite" \
413 -s "Ticket lifetime (604801) is greater than 7 days."
414
415requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
416 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
417 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
418 MBEDTLS_DEBUG_C \
419 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
420requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
421 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
422run_test "TLS 1.3 m->m: resumption fails, ticket lifetime=0" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]423 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key ticket_timeout=0 tickets=1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]424 "$P_CLI debug_level=2 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]425 1 \
426 -c "Protocol is TLSv1.3" \
427 -C "Saving session for reuse... ok" \
428 -c "Discard new session ticket" \
429 -c "Reconnecting with saved session... failed" \
430 -s "Protocol is TLSv1.3" \
431 -S "key exchange mode: psk" \
432 -S "Select PSK ciphersuite"
433
434requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
435 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
436 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
437 MBEDTLS_DEBUG_C \
438 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
439requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
440 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
441run_test "TLS 1.3 m->m: resumption fails, servername check failed" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]442 "$P_SRV debug_level=2 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key \
443 sni=localhost,../framework/data_files/server2.crt,../framework/data_files/server2.key,-,-,-,polarssl.example,../framework/data_files/server1-nospace.crt,../framework/data_files/server1.key,-,-,-" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]444 "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]445 1 \
446 -c "Protocol is TLSv1.3" \
447 -c "Saving session for reuse... ok" \
448 -c "Reconnecting with saved session" \
449 -c "Hostname mismatch the session ticket, disable session resumption." \
450 -s "Protocol is TLSv1.3" \
451 -S "key exchange mode: psk" \
452 -S "Select PSK ciphersuite"
453
454requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
455 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
456 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
457 MBEDTLS_DEBUG_C \
458 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
459requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
460 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
461run_test "TLS 1.3 m->m: resumption fails, ticket auth failed." \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]462 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]463 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]464 0 \
465 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]466 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]467 -s "Protocol is TLSv1.3" \
468 -c "Saving session for reuse... ok" \
469 -c "Reconnecting with saved session" \
470 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]471 -s "ticket is not authentic" \
472 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]473 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]474 -S "Ticket age exceeds limitation" \
475 -S "Ticket age outside tolerance window"
476
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]477requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
478 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
479 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
480 MBEDTLS_DEBUG_C \
481 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
482requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]483 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]484run_test "TLS 1.3 m->m: resumption fails, ticket expired." \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]485 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=2" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]486 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]487 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]488 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]489 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]490 -s "Protocol is TLSv1.3" \
491 -c "Saving session for reuse... ok" \
492 -c "Reconnecting with saved session" \
493 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]494 -S "ticket is not authentic" \
495 -s "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]496 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]497 -S "Ticket age exceeds limitation" \
498 -S "Ticket age outside tolerance window"
499
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]500requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
501 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
502 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
503 MBEDTLS_DEBUG_C \
504 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
505requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]506 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]507run_test "TLS 1.3 m->m: resumption fails, invalid creation time." \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]508 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=3" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]509 "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]510 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]511 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]512 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]513 -s "Protocol is TLSv1.3" \
514 -c "Saving session for reuse... ok" \
515 -c "Reconnecting with saved session" \
516 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]517 -S "ticket is not authentic" \
518 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]519 -s "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]520 -S "Ticket age exceeds limitation" \
521 -S "Ticket age outside tolerance window"
522
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]523requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
524 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
525 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
526 MBEDTLS_DEBUG_C \
527 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
528requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]529 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]530run_test "TLS 1.3 m->m: resumption fails, ticket expired, too old" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]531 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=4" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]532 "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]533 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]534 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]535 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]536 -s "Protocol is TLSv1.3" \
537 -c "Saving session for reuse... ok" \
538 -c "Reconnecting with saved session" \
539 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]540 -S "ticket is not authentic" \
541 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]542 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]543 -s "Ticket age exceeds limitation" \
544 -S "Ticket age outside tolerance window"
545
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]546requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
547 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
548 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
549 MBEDTLS_DEBUG_C \
550 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
551requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]552 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]553run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too young" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]554 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=5" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]555 "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]556 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]557 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]558 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]559 -s "Protocol is TLSv1.3" \
560 -c "Saving session for reuse... ok" \
561 -c "Reconnecting with saved session" \
562 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]563 -S "ticket is not authentic" \
564 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]565 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]566 -S "Ticket age exceeds limitation" \
567 -s "Ticket age outside tolerance window"
568
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]569requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
570 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
571 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
572 MBEDTLS_DEBUG_C \
573 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
574requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf5b47062022-12-15 13:46:23 +0100[diff] [blame]575 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]576run_test "TLS 1.3 m->m: resumption fails, age outside tolerance window, too old" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]577 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key tickets=8 dummy_ticket=6" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]578 "$P_CLI debug_level=4 new_session_tickets=1 reco_mode=1 reconnect=1" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]579 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]580 -c "Protocol is TLSv1.3" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]581 -s "key exchange mode: ephemeral" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]582 -s "Protocol is TLSv1.3" \
583 -c "Saving session for reuse... ok" \
584 -c "Reconnecting with saved session" \
585 -S "key exchange mode: psk" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]586 -S "ticket is not authentic" \
587 -S "ticket is expired" \
Jerry Yu60e99722023-11-20 09:55:24 +0800[diff] [blame]588 -S "Invalid ticket creation time" \
Jerry Yu616ba752022-11-08 21:49:47 +0800[diff] [blame]589 -S "Ticket age exceeds limitation" \
590 -s "Ticket age outside tolerance window"
591
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]592requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
593 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
594 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
595 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]596 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]597 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]598run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/none" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]599 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]600 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]601 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]602 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]603 -s "key exchange mode: ephemeral" \
604 -S "key exchange mode: psk_ephemeral" \
605 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]606 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]607 -s "No suitable PSK key exchange mode" \
608 -s "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]609
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]610requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
611 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
612 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
613 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]614 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
615 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]616run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]617 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]618 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]619 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]620 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]621 -s "key exchange mode: ephemeral" \
622 -S "key exchange mode: psk_ephemeral" \
623 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]624 -s "found matched identity" \
625 -S "No suitable PSK key exchange mode" \
626 -S "No usable PSK or ticket"
627
628requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
629 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
630 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
631 MBEDTLS_DEBUG_C \
632 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
633 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
634run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk/psk_ephemeral" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]635 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]636 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]637 0 \
638 -c "Protocol is TLSv1.3" \
639 -s "key exchange mode: ephemeral" \
640 -S "key exchange mode: psk_ephemeral" \
641 -S "key exchange mode: psk$" \
642 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]643 -s "No suitable PSK key exchange mode" \
644 -s "No usable PSK or ticket"
645
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]646requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
647 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
648 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
649 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]650 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
651 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]652run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk/psk_all" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]653 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]654 "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]655 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]656 -c "Protocol is TLSv1.3" \
657 -s "key exchange mode: ephemeral" \
658 -S "key exchange mode: psk_ephemeral" \
659 -S "key exchange mode: psk$" \
660 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]661 -S "No suitable PSK key exchange mode" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]662 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]663
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]664requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
665 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
666 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
667 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]668 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]669 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]670run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/none" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]671 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]672 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]673 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]674 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]675 -s "key exchange mode: ephemeral" \
676 -S "key exchange mode: psk_ephemeral" \
677 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]678 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]679 -s "No suitable PSK key exchange mode" \
680 -s "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]681
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]682requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
683 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
684 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
685 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]686 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
687 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]688run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_ephemeral/psk" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]689 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]690 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]691 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]692 -c "Protocol is TLSv1.3" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]693 -s "key exchange mode: ephemeral" \
694 -S "key exchange mode: psk_ephemeral" \
695 -S "key exchange mode: psk$" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]696 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]697 -s "No suitable PSK key exchange mode" \
698 -s "No usable PSK or ticket"
699
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]700requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
701 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
702 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
703 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]704 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
705 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]706run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_ephemeral" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]707 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]708 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]709 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]710 -c "Protocol is TLSv1.3" \
711 -s "key exchange mode: ephemeral" \
712 -s "key exchange mode: psk_ephemeral" \
713 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]714 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]715 -S "No suitable PSK key exchange mode" \
716 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]717
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]718requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
719 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
720 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
721 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]722 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
723 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]724run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_ephemeral/psk_all" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]725 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]726 "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]727 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]728 -c "Protocol is TLSv1.3" \
729 -s "key exchange mode: ephemeral" \
730 -s "key exchange mode: psk_ephemeral" \
731 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]732 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]733 -S "No suitable PSK key exchange mode" \
734 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]735
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]736requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
737 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
738 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
739 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]740 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
741 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
742 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]743run_test "TLS 1.3 m->m: resumption fails, cli/tkt kex modes psk_all/none" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]744 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=7" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]745 "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]746 0 \
747 -c "Pre-configured PSK number = 1" \
748 -S "sent selected_identity:" \
749 -s "key exchange mode: ephemeral" \
750 -S "key exchange mode: psk_ephemeral" \
751 -S "key exchange mode: psk$" \
752 -s "No suitable PSK key exchange mode" \
753 -s "No usable PSK or ticket"
754
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]755requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
756 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
757 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
758 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]759 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
760 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
761 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]762run_test "TLS 1.3 m->m: ephemeral over psk resumption, cli/tkt kex modes psk_all/psk" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]763 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=8" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]764 "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]765 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]766 -c "Protocol is TLSv1.3" \
767 -s "key exchange mode: ephemeral" \
768 -S "key exchange mode: psk_ephemeral" \
769 -S "key exchange mode: psk$" \
770 -s "found matched identity" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]771 -S "No suitable PSK key exchange mode" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]772 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]773
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]774requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
775 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
776 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
777 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]778 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
779 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
780 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]781run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_ephemeral" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]782 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=9" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]783 "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]784 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]785 -c "Protocol is TLSv1.3" \
786 -s "key exchange mode: ephemeral" \
787 -s "key exchange mode: psk_ephemeral" \
788 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]789 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]790 -S "No suitable PSK key exchange mode" \
791 -S "No usable PSK or ticket"
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]792
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]793requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 \
794 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
795 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
796 MBEDTLS_DEBUG_C \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]797 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
798 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
799 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]800run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \
David Horstmann9c4dd4e2024-06-11 17:44:00 +0100[diff] [blame]801 "$P_SRV debug_level=4 crt_file=../framework/data_files/server5.crt key_file=../framework/data_files/server5.key dummy_ticket=10" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]802 "$P_CLI debug_level=4 tls13_kex_modes=all new_session_tickets=1 reconnect=1" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]803 0 \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]804 -c "Protocol is TLSv1.3" \
805 -s "key exchange mode: ephemeral" \
806 -s "key exchange mode: psk_ephemeral" \
807 -S "key exchange mode: psk$" \
Ronald Cron3cf41452024-03-10 10:44:14 +0100[diff] [blame]808 -s "found matched identity" \
Ronald Crone7398922024-03-10 12:11:02 +0100[diff] [blame]809 -S "No suitable PSK key exchange mode" \
810 -S "No usable PSK or ticket"
Jerry Yue5991322022-11-07 14:03:44 +0800[diff] [blame]811
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]812requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]813requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Norbert Fabritiusc93fc862023-04-12 09:50:30 +0200[diff] [blame]814 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]815 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
816 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
817requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
818 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
819run_test "TLS 1.3 m->O: resumption" \
820 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]821 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]822 0 \
823 -c "Protocol is TLSv1.3" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]824 -c "Saving session for reuse... ok" \
825 -c "Reconnecting with saved session... ok" \
826 -c "HTTP/1.0 200 ok"
827
Ronald Cron54a9b112024-03-26 11:17:10 +0100[diff] [blame]828requires_openssl_tls1_3_with_compatible_ephemeral
829requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
830 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
831 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
832requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
833run_test "TLS 1.3 m->O: resumption fails, no ticket support" \
834 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
835 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
836 1 \
837 -c "Protocol is TLSv1.3" \
838 -C "Saving session for reuse... ok" \
839 -C "Reconnecting with saved session... ok" \
Ronald Cron97dc5832024-08-28 09:34:34 +0200[diff] [blame]840 -c "Ignoring NewSessionTicket, not supported."
Ronald Cron54a9b112024-03-26 11:17:10 +0100[diff] [blame]841
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]842requires_openssl_tls1_3_with_compatible_ephemeral
843requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
844 MBEDTLS_SSL_SESSION_TICKETS \
845 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
846 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]847run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled (explicit)" \
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]848 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
849 "$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \
850 1 \
851 -c "Protocol is TLSv1.3" \
852 -C "Saving session for reuse... ok" \
853 -C "Reconnecting with saved session... ok" \
Ronald Cron97dc5832024-08-28 09:34:34 +0200[diff] [blame]854 -c "Ignoring NewSessionTicket, handling disabled."
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]855
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]856requires_openssl_tls1_3_with_compatible_ephemeral
857requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
858 MBEDTLS_SSL_SESSION_TICKETS \
859 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
860 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
861run_test "TLS 1.3 m->O: resumption fails, ticket handling disabled (default)" \
862 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
863 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
864 1 \
865 -c "Protocol is TLSv1.3" \
866 -C "Saving session for reuse... ok" \
867 -C "Reconnecting with saved session... ok" \
868 -c "Ignoring NewSessionTicket, handling disabled."
869
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]870# No early data m->O tests for the time being. The option -early_data is needed
871# to enable early data on OpenSSL server and it is not compatible with the
872# -www option we usually use for testing with OpenSSL server (see
873# O_NEXT_SRV_EARLY_DATA definition). In this configuration when running the
874# ephemeral then ticket based scenario we use for early data testing the first
875# handshake fails. The following skipped test is here to illustrate the kind
876# of testing we would like to do.
877skip_next_test
878requires_openssl_tls1_3_with_compatible_ephemeral
879requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
880 MBEDTLS_SSL_EARLY_DATA \
881 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
882 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
883requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
884 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
885run_test "TLS 1.3 m->O: resumption with early data" \
886 "$O_NEXT_SRV_EARLY_DATA -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]887 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]888 0 \
889 -c "Protocol is TLSv1.3" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]890 -c "Saving session for reuse... ok" \
891 -c "Reconnecting with saved session" \
Ronald Cron00fa13b2024-03-05 17:45:44 +0100[diff] [blame]892 -c "HTTP/1.0 200 OK" \
893 -c "received max_early_data_size: 16384" \
894 -c "NewSessionTicket: early_data(42) extension received." \
895 -c "ClientHello: early_data(42) extension exists." \
896 -c "EncryptedExtensions: early_data(42) extension received." \
897 -c "bytes of early data written" \
898 -s "decrypted early data with length:"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]899
900requires_gnutls_tls1_3
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]901requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Norbert Fabritiusc93fc862023-04-12 09:50:30 +0200[diff] [blame]902 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]903 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
904 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
905requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
906 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
907run_test "TLS 1.3 m->G: resumption" \
908 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]909 "$P_CLI new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]910 0 \
911 -c "Protocol is TLSv1.3" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]912 -c "Saving session for reuse... ok" \
913 -c "Reconnecting with saved session... ok" \
914 -c "HTTP/1.0 200 OK"
915
916requires_gnutls_tls1_3
917requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Ronald Cron54a9b112024-03-26 11:17:10 +0100[diff] [blame]918 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
919 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
920requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
921run_test "TLS 1.3 m->G: resumption fails, no ticket support" \
922 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
923 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
924 1 \
925 -c "Protocol is TLSv1.3" \
926 -C "Saving session for reuse... ok" \
927 -C "Reconnecting with saved session... ok" \
Ronald Cron97dc5832024-08-28 09:34:34 +0200[diff] [blame]928 -c "Ignoring NewSessionTicket, not supported."
Ronald Cron54a9b112024-03-26 11:17:10 +0100[diff] [blame]929
930requires_gnutls_tls1_3
931requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]932 MBEDTLS_SSL_SESSION_TICKETS \
933 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
934 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]935run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled (explicit)" \
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]936 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
937 "$P_CLI debug_level=3 new_session_tickets=0 reco_mode=1 reconnect=1" \
938 1 \
939 -c "Protocol is TLSv1.3" \
940 -C "Saving session for reuse... ok" \
941 -C "Reconnecting with saved session... ok" \
Ronald Cron97dc5832024-08-28 09:34:34 +0200[diff] [blame]942 -c "Ignoring NewSessionTicket, handling disabled."
Ronald Cron57ad1822024-08-27 19:38:41 +0200[diff] [blame]943
944requires_gnutls_tls1_3
945requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]946 MBEDTLS_SSL_SESSION_TICKETS \
947 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
948 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
949run_test "TLS 1.3 m->G: resumption fails, ticket handling disabled (default)" \
950 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
951 "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
952 1 \
953 -c "Protocol is TLSv1.3" \
954 -C "Saving session for reuse... ok" \
955 -C "Reconnecting with saved session... ok" \
956 -c "Ignoring NewSessionTicket, handling disabled."
957
958requires_gnutls_tls1_3
959requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
Norbert Fabritiusc93fc862023-04-12 09:50:30 +0200[diff] [blame]960 MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]961 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
962 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
963requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
964 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
965requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
966run_test "TLS 1.3 m->G: resumption with AES-256-GCM-SHA384 only" \
967 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]968 "$P_CLI force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]969 0 \
970 -c "Protocol is TLSv1.3" \
971 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
972 -c "Saving session for reuse... ok" \
973 -c "Reconnecting with saved session... ok" \
974 -c "HTTP/1.0 200 OK"
975
976requires_gnutls_tls1_3
977requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
978 MBEDTLS_SSL_EARLY_DATA \
979 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
980 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
981requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
982 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
983run_test "TLS 1.3 m->G: resumption with early data" \
984 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
985 --earlydata --maxearlydata 16384" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]986 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]987 0 \
988 -c "Protocol is TLSv1.3" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]989 -c "Saving session for reuse... ok" \
990 -c "Reconnecting with saved session" \
991 -c "HTTP/1.0 200 OK" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]992 -c "received max_early_data_size: 16384" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]993 -c "NewSessionTicket: early_data(42) extension received." \
994 -c "ClientHello: early_data(42) extension exists." \
995 -c "EncryptedExtensions: early_data(42) extension received." \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]996 -c "bytes of early data written" \
997 -s "decrypted early data with length:"
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]998
999requires_gnutls_tls1_3
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1000requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
1001 MBEDTLS_SSL_EARLY_DATA \
1002 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1003 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1004requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
1005 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1006requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
1007run_test "TLS 1.3 m->G: resumption with early data, AES-256-GCM-SHA384 only" \
1008 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
1009 --earlydata --maxearlydata 16384" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]1010 "$P_CLI debug_level=3 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1011 0 \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1012 -c "Protocol is TLSv1.3" \
1013 -c "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \
1014 -c "Saving session for reuse... ok" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1015 -c "Reconnecting with saved session" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1016 -c "HTTP/1.0 200 OK" \
1017 -c "received max_early_data_size: 16384" \
1018 -c "NewSessionTicket: early_data(42) extension received." \
1019 -c "ClientHello: early_data(42) extension exists." \
1020 -c "EncryptedExtensions: early_data(42) extension received." \
1021 -c "bytes of early data written" \
1022 -s "decrypted early data with length:"
1023
1024requires_gnutls_tls1_3
1025requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
1026 MBEDTLS_SSL_EARLY_DATA \
1027 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1028 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1029requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
1030 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1031run_test "TLS 1.3 m->G: resumption, early data cli-enabled/srv-disabled" \
1032 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]1033 "$P_CLI debug_level=3 early_data=1 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1034 0 \
1035 -c "Protocol is TLSv1.3" \
1036 -c "Saving session for reuse... ok" \
1037 -c "Reconnecting with saved session" \
1038 -c "HTTP/1.0 200 OK" \
1039 -C "received max_early_data_size: 16384" \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1040 -C "NewSessionTicket: early_data(42) extension received." \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1041
1042requires_gnutls_tls1_3
1043requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
1044 MBEDTLS_SSL_EARLY_DATA \
1045 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1046 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1047requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
1048 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1049run_test "TLS 1.3 m->G: resumption, early data cli-default/srv-enabled" \
1050 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
1051 --earlydata --maxearlydata 16384" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]1052 "$P_CLI debug_level=3 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1053 0 \
1054 -c "Protocol is TLSv1.3" \
1055 -c "Saving session for reuse... ok" \
1056 -c "Reconnecting with saved session" \
1057 -c "HTTP/1.0 200 OK" \
1058 -c "received max_early_data_size: 16384" \
1059 -c "NewSessionTicket: early_data(42) extension received." \
1060 -C "ClientHello: early_data(42) extension exists." \
1061
1062requires_gnutls_tls1_3
1063requires_all_configs_enabled MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
1064 MBEDTLS_SSL_EARLY_DATA \
1065 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1066 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1067requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
1068 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
1069run_test "TLS 1.3 m->G: resumption, early data cli-disabled/srv-enabled" \
1070 "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert \
1071 --earlydata --maxearlydata 16384" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]1072 "$P_CLI debug_level=3 early_data=0 new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron05210082024-03-05 16:34:51 +0100[diff] [blame]1073 0 \
1074 -c "Protocol is TLSv1.3" \
1075 -c "Saving session for reuse... ok" \
1076 -c "Reconnecting with saved session" \
1077 -c "HTTP/1.0 200 OK" \
1078 -c "received max_early_data_size: 16384" \
1079 -c "NewSessionTicket: early_data(42) extension received." \
1080 -C "ClientHello: early_data(42) extension exists." \
Ronald Cronc8d604d2024-03-05 15:05:47 +0100[diff] [blame]1081
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1082requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]1083requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_SSL_SRV_C \
1084 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1085 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1086requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1087 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1088# https://github.com/openssl/openssl/issues/10714
1089# Until now, OpenSSL client does not support reconnect.
1090skip_next_test
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]1091run_test "TLS 1.3 O->m: resumption" \
1092 "$P_SRV debug_level=2 tickets=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1093 "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \
1094 0 \
Ronald Cron820199a2024-03-10 10:39:26 +0100[diff] [blame]1095 -s "Protocol is TLSv1.3" \
1096 -s "key exchange mode: psk" \
1097 -s "Select PSK ciphersuite"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1098
1099requires_gnutls_tls1_3
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1100requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1101 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
1102 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1103 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1104requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1105 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1106run_test "TLS 1.3 G->m: resumption" \
1107 "$P_SRV debug_level=2 tickets=1" \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1108 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
1109 0 \
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1110 -s "Protocol is TLSv1.3" \
1111 -s "key exchange mode: psk" \
1112 -s "Select PSK ciphersuite"
1113
1114requires_gnutls_tls1_3
1115requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1116 MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
1117 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1118 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1119requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1120 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1121requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
1122# Test the session resumption when the cipher suite for the original session is
1123# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not
1124# 256 bits long as with all the other TLS 1.3 cipher suites.
1125run_test "TLS 1.3 G->m: resumption with AES-256-GCM-SHA384 only" \
1126 "$P_SRV debug_level=2 tickets=1" \
1127 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \
1128 0 \
1129 -s "Protocol is TLSv1.3" \
1130 -s "key exchange mode: psk" \
1131 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384"
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1132
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1133EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 ))
1134EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
1135
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1136requires_gnutls_tls1_3
1137requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1138 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1139 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1140 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1141requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1142 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1143run_test "TLS 1.3 G->m: resumption with early data" \
1144 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1145 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1146 --earlydata $EARLY_DATA_INPUT" \
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1147 0 \
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1148 -s "Protocol is TLSv1.3" \
1149 -s "key exchange mode: psk" \
1150 -s "Select PSK ciphersuite" \
1151 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1152 -s "NewSessionTicket: early_data(42) extension exists." \
1153 -s "ClientHello: early_data(42) extension exists." \
1154 -s "EncryptedExtensions: early_data(42) extension exists." \
1155 -s "$( head -1 $EARLY_DATA_INPUT )" \
1156 -s "$( tail -1 $EARLY_DATA_INPUT )" \
1157 -s "200 early data bytes read" \
Ronald Cron854df132024-03-05 17:50:50 +0100[diff] [blame]1158 -s "106 early data bytes read"
1159
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1160requires_gnutls_tls1_3
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1161requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1162 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1163 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1164 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1165requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1166 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1167requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
Ronald Cron1ccd7a72024-03-05 23:31:07 +0100[diff] [blame]1168run_test "TLS 1.3 G->m: resumption with early data, AES-256-GCM-SHA384 only" \
1169 "$P_SRV debug_level=4 tickets=1 early_data=1 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1170 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r \
1171 --earlydata $EARLY_DATA_INPUT" \
1172 0 \
1173 -s "Protocol is TLSv1.3" \
1174 -s "key exchange mode: psk" \
1175 -s "Select PSK ciphersuite: 1302 - TLS1-3-AES-256-GCM-SHA384" \
1176 -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
1177 -s "NewSessionTicket: early_data(42) extension exists." \
1178 -s "ClientHello: early_data(42) extension exists." \
1179 -s "EncryptedExtensions: early_data(42) extension exists." \
1180 -s "$( head -1 $EARLY_DATA_INPUT )" \
1181 -s "$( tail -1 $EARLY_DATA_INPUT )" \
1182 -s "200 early data bytes read" \
1183 -s "106 early data bytes read"
1184
1185# The Mbed TLS server does not allow early data for the ticket it sends but
1186# the GnuTLS indicates early data anyway when resuming with the ticket and
1187# sends early data. The Mbed TLS server does not expect early data in
1188# association with the ticket thus it eventually fails the resumption
1189# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
1190# specification and thus its behavior may change in following versions.
1191requires_gnutls_tls1_3
1192requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1193 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1194 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1195 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1196requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1197 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1198run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-default" \
1199 "$P_SRV debug_level=4 tickets=1" \
1200 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1201 --earlydata $EARLY_DATA_INPUT" \
1202 1 \
1203 -s "Protocol is TLSv1.3" \
1204 -s "key exchange mode: psk" \
1205 -s "Select PSK ciphersuite" \
1206 -S "Sent max_early_data_size" \
1207 -S "NewSessionTicket: early_data(42) extension exists." \
1208 -s "ClientHello: early_data(42) extension exists." \
1209 -s "EarlyData: rejected, feature disabled in server configuration." \
1210 -S "EncryptedExtensions: early_data(42) extension exists." \
1211 -s "EarlyData: deprotect and discard app data records" \
1212 -s "EarlyData: Too much early data received"
1213
1214# The Mbed TLS server does not allow early data for the ticket it sends but
1215# the GnuTLS indicates early data anyway when resuming with the ticket and
1216# sends early data. The Mbed TLS server does not expect early data in
1217# association with the ticket thus it eventually fails the resumption
1218# handshake. The GnuTLS client behavior is not compliant here with the TLS 1.3
1219# specification and thus its behavior may change in following versions.
1220requires_gnutls_tls1_3
1221requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1222 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1223 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1224 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1225requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1226 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1227run_test "TLS 1.3 G->m: resumption, early data cli-enabled/srv-disabled" \
1228 "$P_SRV debug_level=4 tickets=1 early_data=0" \
1229 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r \
1230 --earlydata $EARLY_DATA_INPUT" \
1231 1 \
1232 -s "Protocol is TLSv1.3" \
1233 -s "key exchange mode: psk" \
1234 -s "Select PSK ciphersuite" \
1235 -S "Sent max_early_data_size" \
1236 -S "NewSessionTicket: early_data(42) extension exists." \
1237 -s "ClientHello: early_data(42) extension exists." \
1238 -s "EarlyData: rejected, feature disabled in server configuration." \
1239 -S "EncryptedExtensions: early_data(42) extension exists." \
1240 -s "EarlyData: deprotect and discard app data records" \
1241 -s "EarlyData: Too much early data received"
1242
1243requires_gnutls_tls1_3
1244requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
1245 MBEDTLS_SSL_SRV_C MBEDTLS_SSL_EARLY_DATA MBEDTLS_DEBUG_C \
1246 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
1247 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1248requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1249 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
1250run_test "TLS 1.3 G->m: resumption, early data cli-disabled/srv-enabled" \
1251 "$P_SRV debug_level=4 tickets=1 early_data=1" \
1252 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \
1253 0 \
1254 -s "Protocol is TLSv1.3" \
1255 -s "key exchange mode: psk" \
1256 -s "Select PSK ciphersuite" \
1257 -s "Sent max_early_data_size" \
1258 -s "NewSessionTicket: early_data(42) extension exists." \
1259 -S "ClientHello: early_data(42) extension exists." \
1260 -S "EncryptedExtensions: early_data(42) extension exists."
Ronald Cronf1ad73f2024-03-05 08:38:49 +0100[diff] [blame]1261
Ronald Cron1f63fe42024-02-23 15:49:12 +0100[diff] [blame]1262requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
1263 MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
1264 MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
1265 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
1266 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
1267run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
Ronald Cron74191a52024-03-09 17:38:16 +0100[diff] [blame]1268 "$P_SRV force_version=tls13 debug_level=4 early_data=1 max_early_data_size=1024" \
Manuel Pégourié-Gonnardaa80f532024-09-04 10:51:33 +0200[diff] [blame]1269 "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral new_session_tickets=1 reco_mode=1 reconnect=1" \
Ronald Cron1f63fe42024-02-23 15:49:12 +0100[diff] [blame]1270 0 \
1271 -s "key exchange mode: ephemeral" \
1272 -S "key exchange mode: psk" \
1273 -s "found matched identity" \
1274 -s "EarlyData: rejected, not a session resumption" \
1275 -C "EncryptedExtensions: early_data(42) extension exists."