TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d5d5b60c077fc0a2c14d9936d2cde564d930113a / . / tests / opt-testcases / tls13-compat.sh
blob: 2914e1e529ff6e319246ae09780132dd08e5e194 [file] [log] [blame]
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1#!/bin/sh
2
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3# tls13-compat.sh
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# Purpose
21#
22# List TLS1.3 compat test cases. They are generated by
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]23# `./tests/scripts/generate_tls13_compat_tests.py -a -o ./tests/opt-testcases/tls13-compat.sh`.
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]24#
25# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
26# AND REGENERATE THIS FILE.
27#
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]28requires_openssl_tls1_3
29requires_config_enabled MBEDTLS_DEBUG_C
30requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]31requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]32requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]33run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]34 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]35 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]36 0 \
37 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]38 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]39 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
40 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]41 -c "NamedGroup: secp256r1 ( 17 )" \
42 -c "Verifying peer X.509 certificate... ok" \
43 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]44
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]45requires_openssl_tls1_3
46requires_config_enabled MBEDTLS_DEBUG_C
47requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]48requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]49requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]50run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]51 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]52 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]53 0 \
54 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]55 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]56 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
57 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]58 -c "NamedGroup: secp256r1 ( 17 )" \
59 -c "Verifying peer X.509 certificate... ok" \
60 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]61
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]62requires_openssl_tls1_3
63requires_config_enabled MBEDTLS_DEBUG_C
64requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]65requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]66requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]67run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]68 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]69 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]70 0 \
71 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]72 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]73 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
74 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]75 -c "NamedGroup: secp256r1 ( 17 )" \
76 -c "Verifying peer X.509 certificate... ok" \
77 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]78
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]79requires_openssl_tls1_3
80requires_config_enabled MBEDTLS_DEBUG_C
81requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]82requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]83requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]84requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]85run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]86 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]87 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]88 0 \
89 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]90 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]91 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
92 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]93 -c "NamedGroup: secp256r1 ( 17 )" \
94 -c "Verifying peer X.509 certificate... ok" \
95 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]96
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]97requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]98requires_config_enabled MBEDTLS_DEBUG_C
99requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]100requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]102run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
103 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
104 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]105 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]106 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]107 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]108 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]109 -c "Certificate Verify: Signature algorithm ( 0403 )" \
110 -c "NamedGroup: secp384r1 ( 18 )" \
111 -c "Verifying peer X.509 certificate... ok" \
112 -C "received HelloRetryRequest message"
113
114requires_openssl_tls1_3
115requires_config_enabled MBEDTLS_DEBUG_C
116requires_config_enabled MBEDTLS_SSL_CLI_C
117requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
118requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
119run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
120 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
121 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
122 0 \
123 -c "HTTP/1.0 200 ok" \
124 -c "Protocol is TLSv1.3" \
125 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
126 -c "Certificate Verify: Signature algorithm ( 0503 )" \
127 -c "NamedGroup: secp384r1 ( 18 )" \
128 -c "Verifying peer X.509 certificate... ok" \
129 -C "received HelloRetryRequest message"
130
131requires_openssl_tls1_3
132requires_config_enabled MBEDTLS_DEBUG_C
133requires_config_enabled MBEDTLS_SSL_CLI_C
134requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
135requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
136run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
137 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
138 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
139 0 \
140 -c "HTTP/1.0 200 ok" \
141 -c "Protocol is TLSv1.3" \
142 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
143 -c "Certificate Verify: Signature algorithm ( 0603 )" \
144 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]145 -c "Verifying peer X.509 certificate... ok" \
146 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]147
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]148requires_openssl_tls1_3
149requires_config_enabled MBEDTLS_DEBUG_C
150requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]151requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]152requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]153requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]154run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]155 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]156 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]157 0 \
158 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]159 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]160 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
161 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]162 -c "NamedGroup: secp384r1 ( 18 )" \
163 -c "Verifying peer X.509 certificate... ok" \
164 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]165
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]166requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]167requires_config_enabled MBEDTLS_DEBUG_C
168requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]169requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]170requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]171run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
172 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
173 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]174 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]175 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]176 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]177 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]178 -c "Certificate Verify: Signature algorithm ( 0403 )" \
179 -c "NamedGroup: secp521r1 ( 19 )" \
180 -c "Verifying peer X.509 certificate... ok" \
181 -C "received HelloRetryRequest message"
182
183requires_openssl_tls1_3
184requires_config_enabled MBEDTLS_DEBUG_C
185requires_config_enabled MBEDTLS_SSL_CLI_C
186requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
188run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
189 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
190 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
191 0 \
192 -c "HTTP/1.0 200 ok" \
193 -c "Protocol is TLSv1.3" \
194 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
195 -c "Certificate Verify: Signature algorithm ( 0503 )" \
196 -c "NamedGroup: secp521r1 ( 19 )" \
197 -c "Verifying peer X.509 certificate... ok" \
198 -C "received HelloRetryRequest message"
199
200requires_openssl_tls1_3
201requires_config_enabled MBEDTLS_DEBUG_C
202requires_config_enabled MBEDTLS_SSL_CLI_C
203requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
204requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
205run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
206 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
207 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
208 0 \
209 -c "HTTP/1.0 200 ok" \
210 -c "Protocol is TLSv1.3" \
211 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
212 -c "Certificate Verify: Signature algorithm ( 0603 )" \
213 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]214 -c "Verifying peer X.509 certificate... ok" \
215 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]216
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]217requires_openssl_tls1_3
218requires_config_enabled MBEDTLS_DEBUG_C
219requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]220requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]222requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]223run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]224 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]225 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]226 0 \
227 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]228 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]229 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
230 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]231 -c "NamedGroup: secp521r1 ( 19 )" \
232 -c "Verifying peer X.509 certificate... ok" \
233 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]234
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]235requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]236requires_config_enabled MBEDTLS_DEBUG_C
237requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]238requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]240run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
241 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
242 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]243 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]244 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]245 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]246 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]247 -c "Certificate Verify: Signature algorithm ( 0403 )" \
248 -c "NamedGroup: x25519 ( 1d )" \
249 -c "Verifying peer X.509 certificate... ok" \
250 -C "received HelloRetryRequest message"
251
252requires_openssl_tls1_3
253requires_config_enabled MBEDTLS_DEBUG_C
254requires_config_enabled MBEDTLS_SSL_CLI_C
255requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
257run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
258 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
259 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
260 0 \
261 -c "HTTP/1.0 200 ok" \
262 -c "Protocol is TLSv1.3" \
263 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
264 -c "Certificate Verify: Signature algorithm ( 0503 )" \
265 -c "NamedGroup: x25519 ( 1d )" \
266 -c "Verifying peer X.509 certificate... ok" \
267 -C "received HelloRetryRequest message"
268
269requires_openssl_tls1_3
270requires_config_enabled MBEDTLS_DEBUG_C
271requires_config_enabled MBEDTLS_SSL_CLI_C
272requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
273requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
274run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
275 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
276 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
277 0 \
278 -c "HTTP/1.0 200 ok" \
279 -c "Protocol is TLSv1.3" \
280 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
281 -c "Certificate Verify: Signature algorithm ( 0603 )" \
282 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]283 -c "Verifying peer X.509 certificate... ok" \
284 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]285
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]286requires_openssl_tls1_3
287requires_config_enabled MBEDTLS_DEBUG_C
288requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]289requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]290requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]291requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]292run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]293 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]294 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]295 0 \
296 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]297 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]298 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
299 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]300 -c "NamedGroup: x25519 ( 1d )" \
301 -c "Verifying peer X.509 certificate... ok" \
302 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]303
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]304requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]305requires_config_enabled MBEDTLS_DEBUG_C
306requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]307requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]308requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]309run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
310 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
311 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]312 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]313 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]314 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]315 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]316 -c "Certificate Verify: Signature algorithm ( 0403 )" \
317 -c "NamedGroup: x448 ( 1e )" \
318 -c "Verifying peer X.509 certificate... ok" \
319 -C "received HelloRetryRequest message"
320
321requires_openssl_tls1_3
322requires_config_enabled MBEDTLS_DEBUG_C
323requires_config_enabled MBEDTLS_SSL_CLI_C
324requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
326run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
327 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
328 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
329 0 \
330 -c "HTTP/1.0 200 ok" \
331 -c "Protocol is TLSv1.3" \
332 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
333 -c "Certificate Verify: Signature algorithm ( 0503 )" \
334 -c "NamedGroup: x448 ( 1e )" \
335 -c "Verifying peer X.509 certificate... ok" \
336 -C "received HelloRetryRequest message"
337
338requires_openssl_tls1_3
339requires_config_enabled MBEDTLS_DEBUG_C
340requires_config_enabled MBEDTLS_SSL_CLI_C
341requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
342requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
343run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
344 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
345 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
346 0 \
347 -c "HTTP/1.0 200 ok" \
348 -c "Protocol is TLSv1.3" \
349 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
350 -c "Certificate Verify: Signature algorithm ( 0603 )" \
351 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]352 -c "Verifying peer X.509 certificate... ok" \
353 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]354
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]355requires_openssl_tls1_3
356requires_config_enabled MBEDTLS_DEBUG_C
357requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]358requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]359requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]360requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]361run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]362 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]363 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]364 0 \
365 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]366 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]367 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
368 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]369 -c "NamedGroup: x448 ( 1e )" \
370 -c "Verifying peer X.509 certificate... ok" \
371 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]372
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]373requires_openssl_tls1_3
374requires_config_enabled MBEDTLS_DEBUG_C
375requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]376requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]377requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]378run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]379 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]380 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]381 0 \
382 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]383 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]384 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
385 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]386 -c "NamedGroup: secp256r1 ( 17 )" \
387 -c "Verifying peer X.509 certificate... ok" \
388 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]389
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]390requires_openssl_tls1_3
391requires_config_enabled MBEDTLS_DEBUG_C
392requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]393requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]395run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]396 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]397 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]398 0 \
399 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]400 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]401 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
402 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]403 -c "NamedGroup: secp256r1 ( 17 )" \
404 -c "Verifying peer X.509 certificate... ok" \
405 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]406
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]407requires_openssl_tls1_3
408requires_config_enabled MBEDTLS_DEBUG_C
409requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]410requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]411requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]412run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]413 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]414 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]415 0 \
416 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]417 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]418 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
419 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]420 -c "NamedGroup: secp256r1 ( 17 )" \
421 -c "Verifying peer X.509 certificate... ok" \
422 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]423
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]424requires_openssl_tls1_3
425requires_config_enabled MBEDTLS_DEBUG_C
426requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]427requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]428requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]429requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]430run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]431 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]432 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]433 0 \
434 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]435 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]436 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
437 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]438 -c "NamedGroup: secp256r1 ( 17 )" \
439 -c "Verifying peer X.509 certificate... ok" \
440 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]441
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]442requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]443requires_config_enabled MBEDTLS_DEBUG_C
444requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]445requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]446requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]447run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
448 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
449 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]450 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]451 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]452 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]453 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]454 -c "Certificate Verify: Signature algorithm ( 0403 )" \
455 -c "NamedGroup: secp384r1 ( 18 )" \
456 -c "Verifying peer X.509 certificate... ok" \
457 -C "received HelloRetryRequest message"
458
459requires_openssl_tls1_3
460requires_config_enabled MBEDTLS_DEBUG_C
461requires_config_enabled MBEDTLS_SSL_CLI_C
462requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
463requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
464run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
465 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
466 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
467 0 \
468 -c "HTTP/1.0 200 ok" \
469 -c "Protocol is TLSv1.3" \
470 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
471 -c "Certificate Verify: Signature algorithm ( 0503 )" \
472 -c "NamedGroup: secp384r1 ( 18 )" \
473 -c "Verifying peer X.509 certificate... ok" \
474 -C "received HelloRetryRequest message"
475
476requires_openssl_tls1_3
477requires_config_enabled MBEDTLS_DEBUG_C
478requires_config_enabled MBEDTLS_SSL_CLI_C
479requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
480requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
481run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
482 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
483 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
484 0 \
485 -c "HTTP/1.0 200 ok" \
486 -c "Protocol is TLSv1.3" \
487 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
488 -c "Certificate Verify: Signature algorithm ( 0603 )" \
489 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]490 -c "Verifying peer X.509 certificate... ok" \
491 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]492
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]493requires_openssl_tls1_3
494requires_config_enabled MBEDTLS_DEBUG_C
495requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]496requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]497requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]498requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]499run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]500 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]501 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]502 0 \
503 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]504 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]505 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
506 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]507 -c "NamedGroup: secp384r1 ( 18 )" \
508 -c "Verifying peer X.509 certificate... ok" \
509 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]510
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]511requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]512requires_config_enabled MBEDTLS_DEBUG_C
513requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]514requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]515requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]516run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
517 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
518 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]519 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]520 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]521 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]522 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]523 -c "Certificate Verify: Signature algorithm ( 0403 )" \
524 -c "NamedGroup: secp521r1 ( 19 )" \
525 -c "Verifying peer X.509 certificate... ok" \
526 -C "received HelloRetryRequest message"
527
528requires_openssl_tls1_3
529requires_config_enabled MBEDTLS_DEBUG_C
530requires_config_enabled MBEDTLS_SSL_CLI_C
531requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
532requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
533run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
534 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
535 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
536 0 \
537 -c "HTTP/1.0 200 ok" \
538 -c "Protocol is TLSv1.3" \
539 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
540 -c "Certificate Verify: Signature algorithm ( 0503 )" \
541 -c "NamedGroup: secp521r1 ( 19 )" \
542 -c "Verifying peer X.509 certificate... ok" \
543 -C "received HelloRetryRequest message"
544
545requires_openssl_tls1_3
546requires_config_enabled MBEDTLS_DEBUG_C
547requires_config_enabled MBEDTLS_SSL_CLI_C
548requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
549requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
550run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
551 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
552 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
553 0 \
554 -c "HTTP/1.0 200 ok" \
555 -c "Protocol is TLSv1.3" \
556 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
557 -c "Certificate Verify: Signature algorithm ( 0603 )" \
558 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]559 -c "Verifying peer X.509 certificate... ok" \
560 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]561
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]562requires_openssl_tls1_3
563requires_config_enabled MBEDTLS_DEBUG_C
564requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]565requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]566requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]567requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]568run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]569 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]570 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]571 0 \
572 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]573 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]574 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
575 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]576 -c "NamedGroup: secp521r1 ( 19 )" \
577 -c "Verifying peer X.509 certificate... ok" \
578 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]579
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]580requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]581requires_config_enabled MBEDTLS_DEBUG_C
582requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]583requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]584requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]585run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
586 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
587 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]588 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]589 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]590 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]591 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]592 -c "Certificate Verify: Signature algorithm ( 0403 )" \
593 -c "NamedGroup: x25519 ( 1d )" \
594 -c "Verifying peer X.509 certificate... ok" \
595 -C "received HelloRetryRequest message"
596
597requires_openssl_tls1_3
598requires_config_enabled MBEDTLS_DEBUG_C
599requires_config_enabled MBEDTLS_SSL_CLI_C
600requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
601requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
602run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
603 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
604 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
605 0 \
606 -c "HTTP/1.0 200 ok" \
607 -c "Protocol is TLSv1.3" \
608 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
609 -c "Certificate Verify: Signature algorithm ( 0503 )" \
610 -c "NamedGroup: x25519 ( 1d )" \
611 -c "Verifying peer X.509 certificate... ok" \
612 -C "received HelloRetryRequest message"
613
614requires_openssl_tls1_3
615requires_config_enabled MBEDTLS_DEBUG_C
616requires_config_enabled MBEDTLS_SSL_CLI_C
617requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
618requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
619run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
620 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
621 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
622 0 \
623 -c "HTTP/1.0 200 ok" \
624 -c "Protocol is TLSv1.3" \
625 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
626 -c "Certificate Verify: Signature algorithm ( 0603 )" \
627 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]628 -c "Verifying peer X.509 certificate... ok" \
629 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]630
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]631requires_openssl_tls1_3
632requires_config_enabled MBEDTLS_DEBUG_C
633requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]634requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]635requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]636requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]637run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]638 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]639 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]640 0 \
641 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]642 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]643 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
644 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]645 -c "NamedGroup: x25519 ( 1d )" \
646 -c "Verifying peer X.509 certificate... ok" \
647 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]648
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]649requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]650requires_config_enabled MBEDTLS_DEBUG_C
651requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]652requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]653requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]654run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
655 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
656 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]657 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]658 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]659 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]660 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]661 -c "Certificate Verify: Signature algorithm ( 0403 )" \
662 -c "NamedGroup: x448 ( 1e )" \
663 -c "Verifying peer X.509 certificate... ok" \
664 -C "received HelloRetryRequest message"
665
666requires_openssl_tls1_3
667requires_config_enabled MBEDTLS_DEBUG_C
668requires_config_enabled MBEDTLS_SSL_CLI_C
669requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
670requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
671run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
672 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
673 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
674 0 \
675 -c "HTTP/1.0 200 ok" \
676 -c "Protocol is TLSv1.3" \
677 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
678 -c "Certificate Verify: Signature algorithm ( 0503 )" \
679 -c "NamedGroup: x448 ( 1e )" \
680 -c "Verifying peer X.509 certificate... ok" \
681 -C "received HelloRetryRequest message"
682
683requires_openssl_tls1_3
684requires_config_enabled MBEDTLS_DEBUG_C
685requires_config_enabled MBEDTLS_SSL_CLI_C
686requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
687requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
688run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
689 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
690 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
691 0 \
692 -c "HTTP/1.0 200 ok" \
693 -c "Protocol is TLSv1.3" \
694 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
695 -c "Certificate Verify: Signature algorithm ( 0603 )" \
696 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]697 -c "Verifying peer X.509 certificate... ok" \
698 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]699
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]700requires_openssl_tls1_3
701requires_config_enabled MBEDTLS_DEBUG_C
702requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]703requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]704requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]705requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]706run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]707 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]708 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]709 0 \
710 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]711 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]712 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
713 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]714 -c "NamedGroup: x448 ( 1e )" \
715 -c "Verifying peer X.509 certificate... ok" \
716 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]717
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]718requires_openssl_tls1_3
719requires_config_enabled MBEDTLS_DEBUG_C
720requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]721requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]722requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]723run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]724 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]725 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]726 0 \
727 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]728 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]729 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
730 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]731 -c "NamedGroup: secp256r1 ( 17 )" \
732 -c "Verifying peer X.509 certificate... ok" \
733 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]734
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]735requires_openssl_tls1_3
736requires_config_enabled MBEDTLS_DEBUG_C
737requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]738requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]739requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]740run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]741 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]742 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]743 0 \
744 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]745 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]746 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
747 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]748 -c "NamedGroup: secp256r1 ( 17 )" \
749 -c "Verifying peer X.509 certificate... ok" \
750 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]751
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]752requires_openssl_tls1_3
753requires_config_enabled MBEDTLS_DEBUG_C
754requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]755requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]756requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]757run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]758 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]759 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]760 0 \
761 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]762 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]763 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
764 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]765 -c "NamedGroup: secp256r1 ( 17 )" \
766 -c "Verifying peer X.509 certificate... ok" \
767 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]768
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]769requires_openssl_tls1_3
770requires_config_enabled MBEDTLS_DEBUG_C
771requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]772requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]773requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]774requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]775run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]776 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]777 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]778 0 \
779 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]780 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]781 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
782 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]783 -c "NamedGroup: secp256r1 ( 17 )" \
784 -c "Verifying peer X.509 certificate... ok" \
785 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]786
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]787requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]788requires_config_enabled MBEDTLS_DEBUG_C
789requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]790requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]791requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]792run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
793 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
794 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]795 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]796 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]797 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]798 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]799 -c "Certificate Verify: Signature algorithm ( 0403 )" \
800 -c "NamedGroup: secp384r1 ( 18 )" \
801 -c "Verifying peer X.509 certificate... ok" \
802 -C "received HelloRetryRequest message"
803
804requires_openssl_tls1_3
805requires_config_enabled MBEDTLS_DEBUG_C
806requires_config_enabled MBEDTLS_SSL_CLI_C
807requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
808requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
809run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
810 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
811 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
812 0 \
813 -c "HTTP/1.0 200 ok" \
814 -c "Protocol is TLSv1.3" \
815 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
816 -c "Certificate Verify: Signature algorithm ( 0503 )" \
817 -c "NamedGroup: secp384r1 ( 18 )" \
818 -c "Verifying peer X.509 certificate... ok" \
819 -C "received HelloRetryRequest message"
820
821requires_openssl_tls1_3
822requires_config_enabled MBEDTLS_DEBUG_C
823requires_config_enabled MBEDTLS_SSL_CLI_C
824requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
825requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
826run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
827 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
828 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
829 0 \
830 -c "HTTP/1.0 200 ok" \
831 -c "Protocol is TLSv1.3" \
832 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
833 -c "Certificate Verify: Signature algorithm ( 0603 )" \
834 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]835 -c "Verifying peer X.509 certificate... ok" \
836 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]837
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]838requires_openssl_tls1_3
839requires_config_enabled MBEDTLS_DEBUG_C
840requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]841requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]842requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]843requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]844run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]845 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]846 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]847 0 \
848 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]849 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]850 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
851 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]852 -c "NamedGroup: secp384r1 ( 18 )" \
853 -c "Verifying peer X.509 certificate... ok" \
854 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]855
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]856requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]857requires_config_enabled MBEDTLS_DEBUG_C
858requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]859requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]860requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]861run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
862 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
863 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]864 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]865 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]866 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]867 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]868 -c "Certificate Verify: Signature algorithm ( 0403 )" \
869 -c "NamedGroup: secp521r1 ( 19 )" \
870 -c "Verifying peer X.509 certificate... ok" \
871 -C "received HelloRetryRequest message"
872
873requires_openssl_tls1_3
874requires_config_enabled MBEDTLS_DEBUG_C
875requires_config_enabled MBEDTLS_SSL_CLI_C
876requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
877requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
878run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
879 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
880 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
881 0 \
882 -c "HTTP/1.0 200 ok" \
883 -c "Protocol is TLSv1.3" \
884 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
885 -c "Certificate Verify: Signature algorithm ( 0503 )" \
886 -c "NamedGroup: secp521r1 ( 19 )" \
887 -c "Verifying peer X.509 certificate... ok" \
888 -C "received HelloRetryRequest message"
889
890requires_openssl_tls1_3
891requires_config_enabled MBEDTLS_DEBUG_C
892requires_config_enabled MBEDTLS_SSL_CLI_C
893requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
894requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
895run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
896 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
897 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
898 0 \
899 -c "HTTP/1.0 200 ok" \
900 -c "Protocol is TLSv1.3" \
901 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
902 -c "Certificate Verify: Signature algorithm ( 0603 )" \
903 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]904 -c "Verifying peer X.509 certificate... ok" \
905 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]906
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]907requires_openssl_tls1_3
908requires_config_enabled MBEDTLS_DEBUG_C
909requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]910requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]911requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]912requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]913run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]914 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]915 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]916 0 \
917 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]918 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]919 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
920 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]921 -c "NamedGroup: secp521r1 ( 19 )" \
922 -c "Verifying peer X.509 certificate... ok" \
923 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]924
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]925requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]926requires_config_enabled MBEDTLS_DEBUG_C
927requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]928requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]929requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]930run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
931 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
932 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]933 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]934 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]935 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]936 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]937 -c "Certificate Verify: Signature algorithm ( 0403 )" \
938 -c "NamedGroup: x25519 ( 1d )" \
939 -c "Verifying peer X.509 certificate... ok" \
940 -C "received HelloRetryRequest message"
941
942requires_openssl_tls1_3
943requires_config_enabled MBEDTLS_DEBUG_C
944requires_config_enabled MBEDTLS_SSL_CLI_C
945requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
946requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
947run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
948 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
949 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
950 0 \
951 -c "HTTP/1.0 200 ok" \
952 -c "Protocol is TLSv1.3" \
953 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
954 -c "Certificate Verify: Signature algorithm ( 0503 )" \
955 -c "NamedGroup: x25519 ( 1d )" \
956 -c "Verifying peer X.509 certificate... ok" \
957 -C "received HelloRetryRequest message"
958
959requires_openssl_tls1_3
960requires_config_enabled MBEDTLS_DEBUG_C
961requires_config_enabled MBEDTLS_SSL_CLI_C
962requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
963requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
964run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
965 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
966 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
967 0 \
968 -c "HTTP/1.0 200 ok" \
969 -c "Protocol is TLSv1.3" \
970 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
971 -c "Certificate Verify: Signature algorithm ( 0603 )" \
972 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]973 -c "Verifying peer X.509 certificate... ok" \
974 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]975
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]976requires_openssl_tls1_3
977requires_config_enabled MBEDTLS_DEBUG_C
978requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]979requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]980requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]981requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]982run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]983 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]984 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]985 0 \
986 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]987 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]988 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
989 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]990 -c "NamedGroup: x25519 ( 1d )" \
991 -c "Verifying peer X.509 certificate... ok" \
992 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]993
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]994requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]995requires_config_enabled MBEDTLS_DEBUG_C
996requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]997requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]998requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]999run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
1000 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1001 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1002 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1003 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1004 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1005 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1006 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1007 -c "NamedGroup: x448 ( 1e )" \
1008 -c "Verifying peer X.509 certificate... ok" \
1009 -C "received HelloRetryRequest message"
1010
1011requires_openssl_tls1_3
1012requires_config_enabled MBEDTLS_DEBUG_C
1013requires_config_enabled MBEDTLS_SSL_CLI_C
1014requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1015requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1016run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
1017 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1018 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
1019 0 \
1020 -c "HTTP/1.0 200 ok" \
1021 -c "Protocol is TLSv1.3" \
1022 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1023 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1024 -c "NamedGroup: x448 ( 1e )" \
1025 -c "Verifying peer X.509 certificate... ok" \
1026 -C "received HelloRetryRequest message"
1027
1028requires_openssl_tls1_3
1029requires_config_enabled MBEDTLS_DEBUG_C
1030requires_config_enabled MBEDTLS_SSL_CLI_C
1031requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1032requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1033run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
1034 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1035 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
1036 0 \
1037 -c "HTTP/1.0 200 ok" \
1038 -c "Protocol is TLSv1.3" \
1039 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1040 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1041 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1042 -c "Verifying peer X.509 certificate... ok" \
1043 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1044
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1045requires_openssl_tls1_3
1046requires_config_enabled MBEDTLS_DEBUG_C
1047requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1048requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1049requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1050requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1051run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1052 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1053 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1054 0 \
1055 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1056 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1057 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1058 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1059 -c "NamedGroup: x448 ( 1e )" \
1060 -c "Verifying peer X.509 certificate... ok" \
1061 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1062
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1063requires_openssl_tls1_3
1064requires_config_enabled MBEDTLS_DEBUG_C
1065requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1066requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1067requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1068run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1069 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1070 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1071 0 \
1072 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1073 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1074 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1075 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1076 -c "NamedGroup: secp256r1 ( 17 )" \
1077 -c "Verifying peer X.509 certificate... ok" \
1078 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1079
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1080requires_openssl_tls1_3
1081requires_config_enabled MBEDTLS_DEBUG_C
1082requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1083requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1084requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1085run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1086 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1087 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1088 0 \
1089 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1090 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1091 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1092 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1093 -c "NamedGroup: secp256r1 ( 17 )" \
1094 -c "Verifying peer X.509 certificate... ok" \
1095 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1096
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1097requires_openssl_tls1_3
1098requires_config_enabled MBEDTLS_DEBUG_C
1099requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1100requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1101requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1102run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1103 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1104 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1105 0 \
1106 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1107 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1108 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1109 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1110 -c "NamedGroup: secp256r1 ( 17 )" \
1111 -c "Verifying peer X.509 certificate... ok" \
1112 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1113
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1114requires_openssl_tls1_3
1115requires_config_enabled MBEDTLS_DEBUG_C
1116requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1117requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1118requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1119requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1120run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1121 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1122 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1123 0 \
1124 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1125 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1126 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1127 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1128 -c "NamedGroup: secp256r1 ( 17 )" \
1129 -c "Verifying peer X.509 certificate... ok" \
1130 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1131
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1132requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1133requires_config_enabled MBEDTLS_DEBUG_C
1134requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1135requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1136requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1137run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
1138 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1139 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1140 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1141 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1142 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1143 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1144 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1145 -c "NamedGroup: secp384r1 ( 18 )" \
1146 -c "Verifying peer X.509 certificate... ok" \
1147 -C "received HelloRetryRequest message"
1148
1149requires_openssl_tls1_3
1150requires_config_enabled MBEDTLS_DEBUG_C
1151requires_config_enabled MBEDTLS_SSL_CLI_C
1152requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1153requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1154run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
1155 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1156 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
1157 0 \
1158 -c "HTTP/1.0 200 ok" \
1159 -c "Protocol is TLSv1.3" \
1160 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1161 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1162 -c "NamedGroup: secp384r1 ( 18 )" \
1163 -c "Verifying peer X.509 certificate... ok" \
1164 -C "received HelloRetryRequest message"
1165
1166requires_openssl_tls1_3
1167requires_config_enabled MBEDTLS_DEBUG_C
1168requires_config_enabled MBEDTLS_SSL_CLI_C
1169requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1170requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1171run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
1172 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1173 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
1174 0 \
1175 -c "HTTP/1.0 200 ok" \
1176 -c "Protocol is TLSv1.3" \
1177 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1178 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1179 -c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1180 -c "Verifying peer X.509 certificate... ok" \
1181 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1182
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1183requires_openssl_tls1_3
1184requires_config_enabled MBEDTLS_DEBUG_C
1185requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1186requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1187requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1188requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1189run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1190 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1191 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1192 0 \
1193 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1194 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1195 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1196 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1197 -c "NamedGroup: secp384r1 ( 18 )" \
1198 -c "Verifying peer X.509 certificate... ok" \
1199 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1200
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1201requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1202requires_config_enabled MBEDTLS_DEBUG_C
1203requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1204requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1205requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1206run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
1207 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1208 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1209 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1210 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1211 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1212 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1213 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1214 -c "NamedGroup: secp521r1 ( 19 )" \
1215 -c "Verifying peer X.509 certificate... ok" \
1216 -C "received HelloRetryRequest message"
1217
1218requires_openssl_tls1_3
1219requires_config_enabled MBEDTLS_DEBUG_C
1220requires_config_enabled MBEDTLS_SSL_CLI_C
1221requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1222requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1223run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
1224 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1225 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
1226 0 \
1227 -c "HTTP/1.0 200 ok" \
1228 -c "Protocol is TLSv1.3" \
1229 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1230 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1231 -c "NamedGroup: secp521r1 ( 19 )" \
1232 -c "Verifying peer X.509 certificate... ok" \
1233 -C "received HelloRetryRequest message"
1234
1235requires_openssl_tls1_3
1236requires_config_enabled MBEDTLS_DEBUG_C
1237requires_config_enabled MBEDTLS_SSL_CLI_C
1238requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1239requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1240run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
1241 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1242 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
1243 0 \
1244 -c "HTTP/1.0 200 ok" \
1245 -c "Protocol is TLSv1.3" \
1246 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1247 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1248 -c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1249 -c "Verifying peer X.509 certificate... ok" \
1250 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1251
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1252requires_openssl_tls1_3
1253requires_config_enabled MBEDTLS_DEBUG_C
1254requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1255requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1256requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1257requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1258run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1259 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1260 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1261 0 \
1262 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1263 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1264 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1265 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1266 -c "NamedGroup: secp521r1 ( 19 )" \
1267 -c "Verifying peer X.509 certificate... ok" \
1268 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1269
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1270requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1271requires_config_enabled MBEDTLS_DEBUG_C
1272requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1273requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1274requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1275run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
1276 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1277 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1278 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1279 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1280 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1281 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1282 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1283 -c "NamedGroup: x25519 ( 1d )" \
1284 -c "Verifying peer X.509 certificate... ok" \
1285 -C "received HelloRetryRequest message"
1286
1287requires_openssl_tls1_3
1288requires_config_enabled MBEDTLS_DEBUG_C
1289requires_config_enabled MBEDTLS_SSL_CLI_C
1290requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1291requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1292run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
1293 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1294 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
1295 0 \
1296 -c "HTTP/1.0 200 ok" \
1297 -c "Protocol is TLSv1.3" \
1298 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1299 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1300 -c "NamedGroup: x25519 ( 1d )" \
1301 -c "Verifying peer X.509 certificate... ok" \
1302 -C "received HelloRetryRequest message"
1303
1304requires_openssl_tls1_3
1305requires_config_enabled MBEDTLS_DEBUG_C
1306requires_config_enabled MBEDTLS_SSL_CLI_C
1307requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1308requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1309run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
1310 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1311 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
1312 0 \
1313 -c "HTTP/1.0 200 ok" \
1314 -c "Protocol is TLSv1.3" \
1315 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1316 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1317 -c "NamedGroup: x25519 ( 1d )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1318 -c "Verifying peer X.509 certificate... ok" \
1319 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1320
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1321requires_openssl_tls1_3
1322requires_config_enabled MBEDTLS_DEBUG_C
1323requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1324requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1325requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1326requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1327run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1328 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1329 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1330 0 \
1331 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1332 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1333 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1334 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1335 -c "NamedGroup: x25519 ( 1d )" \
1336 -c "Verifying peer X.509 certificate... ok" \
1337 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1338
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1339requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1340requires_config_enabled MBEDTLS_DEBUG_C
1341requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1342requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1343requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1344run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
1345 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1346 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1347 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1348 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1349 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1350 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1351 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1352 -c "NamedGroup: x448 ( 1e )" \
1353 -c "Verifying peer X.509 certificate... ok" \
1354 -C "received HelloRetryRequest message"
1355
1356requires_openssl_tls1_3
1357requires_config_enabled MBEDTLS_DEBUG_C
1358requires_config_enabled MBEDTLS_SSL_CLI_C
1359requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1360requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1361run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
1362 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1363 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
1364 0 \
1365 -c "HTTP/1.0 200 ok" \
1366 -c "Protocol is TLSv1.3" \
1367 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1368 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1369 -c "NamedGroup: x448 ( 1e )" \
1370 -c "Verifying peer X.509 certificate... ok" \
1371 -C "received HelloRetryRequest message"
1372
1373requires_openssl_tls1_3
1374requires_config_enabled MBEDTLS_DEBUG_C
1375requires_config_enabled MBEDTLS_SSL_CLI_C
1376requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1377requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1378run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
1379 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1380 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
1381 0 \
1382 -c "HTTP/1.0 200 ok" \
1383 -c "Protocol is TLSv1.3" \
1384 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1385 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1386 -c "NamedGroup: x448 ( 1e )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1387 -c "Verifying peer X.509 certificate... ok" \
1388 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1389
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1390requires_openssl_tls1_3
1391requires_config_enabled MBEDTLS_DEBUG_C
1392requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1393requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1395requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1396run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1397 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1398 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1399 0 \
1400 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1401 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1402 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1403 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1404 -c "NamedGroup: x448 ( 1e )" \
1405 -c "Verifying peer X.509 certificate... ok" \
1406 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1407
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1408requires_openssl_tls1_3
1409requires_config_enabled MBEDTLS_DEBUG_C
1410requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1411requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1412requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1413run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1414 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1415 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1416 0 \
1417 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1418 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1419 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1420 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1421 -c "NamedGroup: secp256r1 ( 17 )" \
1422 -c "Verifying peer X.509 certificate... ok" \
1423 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1424
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1425requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1426requires_config_enabled MBEDTLS_DEBUG_C
1427requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1428requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1429requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1430run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
1431 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1432 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1433 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1434 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1435 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1436 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1437 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1438 -c "NamedGroup: secp256r1 ( 17 )" \
1439 -c "Verifying peer X.509 certificate... ok" \
1440 -C "received HelloRetryRequest message"
1441
1442requires_openssl_tls1_3
1443requires_config_enabled MBEDTLS_DEBUG_C
1444requires_config_enabled MBEDTLS_SSL_CLI_C
1445requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1446requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1447run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
1448 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1449 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
1450 0 \
1451 -c "HTTP/1.0 200 ok" \
1452 -c "Protocol is TLSv1.3" \
1453 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1454 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1455 -c "NamedGroup: secp256r1 ( 17 )" \
1456 -c "Verifying peer X.509 certificate... ok" \
1457 -C "received HelloRetryRequest message"
1458
1459requires_openssl_tls1_3
1460requires_config_enabled MBEDTLS_DEBUG_C
1461requires_config_enabled MBEDTLS_SSL_CLI_C
1462requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1463requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1464requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1465run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
1466 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1467 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
1468 0 \
1469 -c "HTTP/1.0 200 ok" \
1470 -c "Protocol is TLSv1.3" \
1471 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1472 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1473 -c "NamedGroup: secp256r1 ( 17 )" \
1474 -c "Verifying peer X.509 certificate... ok" \
1475 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1476
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1477requires_openssl_tls1_3
1478requires_config_enabled MBEDTLS_DEBUG_C
1479requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1480requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1481requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1482run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1483 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1484 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1485 0 \
1486 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1487 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1488 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1489 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1490 -c "NamedGroup: secp384r1 ( 18 )" \
1491 -c "Verifying peer X.509 certificate... ok" \
1492 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1493
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1494requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1495requires_config_enabled MBEDTLS_DEBUG_C
1496requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1497requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1498requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1499run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
1500 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1501 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1502 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1503 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1504 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1505 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1506 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1507 -c "NamedGroup: secp384r1 ( 18 )" \
1508 -c "Verifying peer X.509 certificate... ok" \
1509 -C "received HelloRetryRequest message"
1510
1511requires_openssl_tls1_3
1512requires_config_enabled MBEDTLS_DEBUG_C
1513requires_config_enabled MBEDTLS_SSL_CLI_C
1514requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1515requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1516run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
1517 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1518 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
1519 0 \
1520 -c "HTTP/1.0 200 ok" \
1521 -c "Protocol is TLSv1.3" \
1522 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1523 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1524 -c "NamedGroup: secp384r1 ( 18 )" \
1525 -c "Verifying peer X.509 certificate... ok" \
1526 -C "received HelloRetryRequest message"
1527
1528requires_openssl_tls1_3
1529requires_config_enabled MBEDTLS_DEBUG_C
1530requires_config_enabled MBEDTLS_SSL_CLI_C
1531requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1532requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1533requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1534run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
1535 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1536 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
1537 0 \
1538 -c "HTTP/1.0 200 ok" \
1539 -c "Protocol is TLSv1.3" \
1540 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1541 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1542 -c "NamedGroup: secp384r1 ( 18 )" \
1543 -c "Verifying peer X.509 certificate... ok" \
1544 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1545
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1546requires_openssl_tls1_3
1547requires_config_enabled MBEDTLS_DEBUG_C
1548requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1549requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1550requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1551run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1552 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1553 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1554 0 \
1555 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1556 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1557 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1558 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1559 -c "NamedGroup: secp521r1 ( 19 )" \
1560 -c "Verifying peer X.509 certificate... ok" \
1561 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1562
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1563requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1564requires_config_enabled MBEDTLS_DEBUG_C
1565requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1566requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1567requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1568run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
1569 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1570 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1571 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1572 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1573 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1574 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1575 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1576 -c "NamedGroup: secp521r1 ( 19 )" \
1577 -c "Verifying peer X.509 certificate... ok" \
1578 -C "received HelloRetryRequest message"
1579
1580requires_openssl_tls1_3
1581requires_config_enabled MBEDTLS_DEBUG_C
1582requires_config_enabled MBEDTLS_SSL_CLI_C
1583requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1584requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1585run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
1586 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1587 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
1588 0 \
1589 -c "HTTP/1.0 200 ok" \
1590 -c "Protocol is TLSv1.3" \
1591 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1592 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1593 -c "NamedGroup: secp521r1 ( 19 )" \
1594 -c "Verifying peer X.509 certificate... ok" \
1595 -C "received HelloRetryRequest message"
1596
1597requires_openssl_tls1_3
1598requires_config_enabled MBEDTLS_DEBUG_C
1599requires_config_enabled MBEDTLS_SSL_CLI_C
1600requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1601requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1602requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1603run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
1604 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1605 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
1606 0 \
1607 -c "HTTP/1.0 200 ok" \
1608 -c "Protocol is TLSv1.3" \
1609 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1610 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1611 -c "NamedGroup: secp521r1 ( 19 )" \
1612 -c "Verifying peer X.509 certificate... ok" \
1613 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1614
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1615requires_openssl_tls1_3
1616requires_config_enabled MBEDTLS_DEBUG_C
1617requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1618requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1619requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1620run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1621 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1622 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1623 0 \
1624 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1625 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1626 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1627 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1628 -c "NamedGroup: x25519 ( 1d )" \
1629 -c "Verifying peer X.509 certificate... ok" \
1630 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1631
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1632requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1633requires_config_enabled MBEDTLS_DEBUG_C
1634requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1635requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1636requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1637run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
1638 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1639 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1640 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1641 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1642 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1643 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1644 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1645 -c "NamedGroup: x25519 ( 1d )" \
1646 -c "Verifying peer X.509 certificate... ok" \
1647 -C "received HelloRetryRequest message"
1648
1649requires_openssl_tls1_3
1650requires_config_enabled MBEDTLS_DEBUG_C
1651requires_config_enabled MBEDTLS_SSL_CLI_C
1652requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1653requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1654run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
1655 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1656 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
1657 0 \
1658 -c "HTTP/1.0 200 ok" \
1659 -c "Protocol is TLSv1.3" \
1660 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1661 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1662 -c "NamedGroup: x25519 ( 1d )" \
1663 -c "Verifying peer X.509 certificate... ok" \
1664 -C "received HelloRetryRequest message"
1665
1666requires_openssl_tls1_3
1667requires_config_enabled MBEDTLS_DEBUG_C
1668requires_config_enabled MBEDTLS_SSL_CLI_C
1669requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1670requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1671requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1672run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
1673 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1674 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
1675 0 \
1676 -c "HTTP/1.0 200 ok" \
1677 -c "Protocol is TLSv1.3" \
1678 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1679 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1680 -c "NamedGroup: x25519 ( 1d )" \
1681 -c "Verifying peer X.509 certificate... ok" \
1682 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1683
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1684requires_openssl_tls1_3
1685requires_config_enabled MBEDTLS_DEBUG_C
1686requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1687requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1688requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]1689run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]1690 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1691 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1692 0 \
1693 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1694 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1695 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1696 -c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1697 -c "NamedGroup: x448 ( 1e )" \
1698 -c "Verifying peer X.509 certificate... ok" \
1699 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1700
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1701requires_openssl_tls1_3
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1702requires_config_enabled MBEDTLS_DEBUG_C
1703requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1704requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1705requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1706run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
1707 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1708 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1709 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1710 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1711 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1712 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1713 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1714 -c "NamedGroup: x448 ( 1e )" \
1715 -c "Verifying peer X.509 certificate... ok" \
1716 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1717
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1718requires_openssl_tls1_3
1719requires_config_enabled MBEDTLS_DEBUG_C
1720requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1721requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1722requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1723run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
1724 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1725 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1726 0 \
1727 -c "HTTP/1.0 200 ok" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]1728 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1729 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1730 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1731 -c "NamedGroup: x448 ( 1e )" \
1732 -c "Verifying peer X.509 certificate... ok" \
1733 -C "received HelloRetryRequest message"
1734
1735requires_openssl_tls1_3
1736requires_config_enabled MBEDTLS_DEBUG_C
1737requires_config_enabled MBEDTLS_SSL_CLI_C
1738requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1739requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1740requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1741run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
1742 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
1743 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
1744 0 \
1745 -c "HTTP/1.0 200 ok" \
1746 -c "Protocol is TLSv1.3" \
1747 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
1748 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1749 -c "NamedGroup: x448 ( 1e )" \
1750 -c "Verifying peer X.509 certificate... ok" \
1751 -C "received HelloRetryRequest message"
1752
1753requires_gnutls_tls1_3
1754requires_gnutls_next_no_ticket
1755requires_gnutls_next_disable_tls13_compat
1756requires_config_enabled MBEDTLS_DEBUG_C
1757requires_config_enabled MBEDTLS_SSL_CLI_C
1758requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1759requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1760run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
1761 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
1762 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
1763 0 \
1764 -c "HTTP/1.0 200 OK" \
1765 -c "Protocol is TLSv1.3" \
1766 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
1767 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1768 -c "NamedGroup: secp256r1 ( 17 )" \
1769 -c "Verifying peer X.509 certificate... ok" \
1770 -C "received HelloRetryRequest message"
1771
1772requires_gnutls_tls1_3
1773requires_gnutls_next_no_ticket
1774requires_gnutls_next_disable_tls13_compat
1775requires_config_enabled MBEDTLS_DEBUG_C
1776requires_config_enabled MBEDTLS_SSL_CLI_C
1777requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1778requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1779run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
1780 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
1781 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
1782 0 \
1783 -c "HTTP/1.0 200 OK" \
1784 -c "Protocol is TLSv1.3" \
1785 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1786 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]1787 -c "NamedGroup: secp256r1 ( 17 )" \
1788 -c "Verifying peer X.509 certificate... ok" \
1789 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]1790
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1791requires_gnutls_tls1_3
1792requires_gnutls_next_no_ticket
1793requires_gnutls_next_disable_tls13_compat
1794requires_config_enabled MBEDTLS_DEBUG_C
1795requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]1796requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]1797requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]1798run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
1799 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
1800 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
1801 0 \
1802 -c "HTTP/1.0 200 OK" \
1803 -c "Protocol is TLSv1.3" \
1804 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
1805 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1806 -c "NamedGroup: secp256r1 ( 17 )" \
1807 -c "Verifying peer X.509 certificate... ok" \
1808 -C "received HelloRetryRequest message"
1809
1810requires_gnutls_tls1_3
1811requires_gnutls_next_no_ticket
1812requires_gnutls_next_disable_tls13_compat
1813requires_config_enabled MBEDTLS_DEBUG_C
1814requires_config_enabled MBEDTLS_SSL_CLI_C
1815requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1816requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1817requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1818run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
1819 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
1820 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
1821 0 \
1822 -c "HTTP/1.0 200 OK" \
1823 -c "Protocol is TLSv1.3" \
1824 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
1825 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1826 -c "NamedGroup: secp256r1 ( 17 )" \
1827 -c "Verifying peer X.509 certificate... ok" \
1828 -C "received HelloRetryRequest message"
1829
1830requires_gnutls_tls1_3
1831requires_gnutls_next_no_ticket
1832requires_gnutls_next_disable_tls13_compat
1833requires_config_enabled MBEDTLS_DEBUG_C
1834requires_config_enabled MBEDTLS_SSL_CLI_C
1835requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1836requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1837run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
1838 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
1839 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
1840 0 \
1841 -c "HTTP/1.0 200 OK" \
1842 -c "Protocol is TLSv1.3" \
1843 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
1844 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1845 -c "NamedGroup: secp384r1 ( 18 )" \
1846 -c "Verifying peer X.509 certificate... ok" \
1847 -C "received HelloRetryRequest message"
1848
1849requires_gnutls_tls1_3
1850requires_gnutls_next_no_ticket
1851requires_gnutls_next_disable_tls13_compat
1852requires_config_enabled MBEDTLS_DEBUG_C
1853requires_config_enabled MBEDTLS_SSL_CLI_C
1854requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1855requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1856run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
1857 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
1858 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
1859 0 \
1860 -c "HTTP/1.0 200 OK" \
1861 -c "Protocol is TLSv1.3" \
1862 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
1863 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1864 -c "NamedGroup: secp384r1 ( 18 )" \
1865 -c "Verifying peer X.509 certificate... ok" \
1866 -C "received HelloRetryRequest message"
1867
1868requires_gnutls_tls1_3
1869requires_gnutls_next_no_ticket
1870requires_gnutls_next_disable_tls13_compat
1871requires_config_enabled MBEDTLS_DEBUG_C
1872requires_config_enabled MBEDTLS_SSL_CLI_C
1873requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1874requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1875run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
1876 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
1877 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
1878 0 \
1879 -c "HTTP/1.0 200 OK" \
1880 -c "Protocol is TLSv1.3" \
1881 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
1882 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1883 -c "NamedGroup: secp384r1 ( 18 )" \
1884 -c "Verifying peer X.509 certificate... ok" \
1885 -C "received HelloRetryRequest message"
1886
1887requires_gnutls_tls1_3
1888requires_gnutls_next_no_ticket
1889requires_gnutls_next_disable_tls13_compat
1890requires_config_enabled MBEDTLS_DEBUG_C
1891requires_config_enabled MBEDTLS_SSL_CLI_C
1892requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1893requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1894requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1895run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
1896 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
1897 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
1898 0 \
1899 -c "HTTP/1.0 200 OK" \
1900 -c "Protocol is TLSv1.3" \
1901 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
1902 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1903 -c "NamedGroup: secp384r1 ( 18 )" \
1904 -c "Verifying peer X.509 certificate... ok" \
1905 -C "received HelloRetryRequest message"
1906
1907requires_gnutls_tls1_3
1908requires_gnutls_next_no_ticket
1909requires_gnutls_next_disable_tls13_compat
1910requires_config_enabled MBEDTLS_DEBUG_C
1911requires_config_enabled MBEDTLS_SSL_CLI_C
1912requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1913requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1914run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
1915 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
1916 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
1917 0 \
1918 -c "HTTP/1.0 200 OK" \
1919 -c "Protocol is TLSv1.3" \
1920 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
1921 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1922 -c "NamedGroup: secp521r1 ( 19 )" \
1923 -c "Verifying peer X.509 certificate... ok" \
1924 -C "received HelloRetryRequest message"
1925
1926requires_gnutls_tls1_3
1927requires_gnutls_next_no_ticket
1928requires_gnutls_next_disable_tls13_compat
1929requires_config_enabled MBEDTLS_DEBUG_C
1930requires_config_enabled MBEDTLS_SSL_CLI_C
1931requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1932requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1933run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
1934 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
1935 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
1936 0 \
1937 -c "HTTP/1.0 200 OK" \
1938 -c "Protocol is TLSv1.3" \
1939 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
1940 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1941 -c "NamedGroup: secp521r1 ( 19 )" \
1942 -c "Verifying peer X.509 certificate... ok" \
1943 -C "received HelloRetryRequest message"
1944
1945requires_gnutls_tls1_3
1946requires_gnutls_next_no_ticket
1947requires_gnutls_next_disable_tls13_compat
1948requires_config_enabled MBEDTLS_DEBUG_C
1949requires_config_enabled MBEDTLS_SSL_CLI_C
1950requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1951requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1952run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
1953 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
1954 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
1955 0 \
1956 -c "HTTP/1.0 200 OK" \
1957 -c "Protocol is TLSv1.3" \
1958 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
1959 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1960 -c "NamedGroup: secp521r1 ( 19 )" \
1961 -c "Verifying peer X.509 certificate... ok" \
1962 -C "received HelloRetryRequest message"
1963
1964requires_gnutls_tls1_3
1965requires_gnutls_next_no_ticket
1966requires_gnutls_next_disable_tls13_compat
1967requires_config_enabled MBEDTLS_DEBUG_C
1968requires_config_enabled MBEDTLS_SSL_CLI_C
1969requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1970requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1971requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
1972run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
1973 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
1974 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
1975 0 \
1976 -c "HTTP/1.0 200 OK" \
1977 -c "Protocol is TLSv1.3" \
1978 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
1979 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1980 -c "NamedGroup: secp521r1 ( 19 )" \
1981 -c "Verifying peer X.509 certificate... ok" \
1982 -C "received HelloRetryRequest message"
1983
1984requires_gnutls_tls1_3
1985requires_gnutls_next_no_ticket
1986requires_gnutls_next_disable_tls13_compat
1987requires_config_enabled MBEDTLS_DEBUG_C
1988requires_config_enabled MBEDTLS_SSL_CLI_C
1989requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
1990requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
1991run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
1992 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
1993 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
1994 0 \
1995 -c "HTTP/1.0 200 OK" \
1996 -c "Protocol is TLSv1.3" \
1997 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
1998 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1999 -c "NamedGroup: x25519 ( 1d )" \
2000 -c "Verifying peer X.509 certificate... ok" \
2001 -C "received HelloRetryRequest message"
2002
2003requires_gnutls_tls1_3
2004requires_gnutls_next_no_ticket
2005requires_gnutls_next_disable_tls13_compat
2006requires_config_enabled MBEDTLS_DEBUG_C
2007requires_config_enabled MBEDTLS_SSL_CLI_C
2008requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2009requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2010run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
2011 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
2012 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
2013 0 \
2014 -c "HTTP/1.0 200 OK" \
2015 -c "Protocol is TLSv1.3" \
2016 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
2017 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2018 -c "NamedGroup: x25519 ( 1d )" \
2019 -c "Verifying peer X.509 certificate... ok" \
2020 -C "received HelloRetryRequest message"
2021
2022requires_gnutls_tls1_3
2023requires_gnutls_next_no_ticket
2024requires_gnutls_next_disable_tls13_compat
2025requires_config_enabled MBEDTLS_DEBUG_C
2026requires_config_enabled MBEDTLS_SSL_CLI_C
2027requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2028requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2029run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
2030 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
2031 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
2032 0 \
2033 -c "HTTP/1.0 200 OK" \
2034 -c "Protocol is TLSv1.3" \
2035 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
2036 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2037 -c "NamedGroup: x25519 ( 1d )" \
2038 -c "Verifying peer X.509 certificate... ok" \
2039 -C "received HelloRetryRequest message"
2040
2041requires_gnutls_tls1_3
2042requires_gnutls_next_no_ticket
2043requires_gnutls_next_disable_tls13_compat
2044requires_config_enabled MBEDTLS_DEBUG_C
2045requires_config_enabled MBEDTLS_SSL_CLI_C
2046requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2047requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2048requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2049run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
2050 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2051 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
2052 0 \
2053 -c "HTTP/1.0 200 OK" \
2054 -c "Protocol is TLSv1.3" \
2055 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
2056 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2057 -c "NamedGroup: x25519 ( 1d )" \
2058 -c "Verifying peer X.509 certificate... ok" \
2059 -C "received HelloRetryRequest message"
2060
2061requires_gnutls_tls1_3
2062requires_gnutls_next_no_ticket
2063requires_gnutls_next_disable_tls13_compat
2064requires_config_enabled MBEDTLS_DEBUG_C
2065requires_config_enabled MBEDTLS_SSL_CLI_C
2066requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2067requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2068run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
2069 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2070 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
2071 0 \
2072 -c "HTTP/1.0 200 OK" \
2073 -c "Protocol is TLSv1.3" \
2074 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
2075 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2076 -c "NamedGroup: x448 ( 1e )" \
2077 -c "Verifying peer X.509 certificate... ok" \
2078 -C "received HelloRetryRequest message"
2079
2080requires_gnutls_tls1_3
2081requires_gnutls_next_no_ticket
2082requires_gnutls_next_disable_tls13_compat
2083requires_config_enabled MBEDTLS_DEBUG_C
2084requires_config_enabled MBEDTLS_SSL_CLI_C
2085requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2086requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2087run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
2088 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
2089 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
2090 0 \
2091 -c "HTTP/1.0 200 OK" \
2092 -c "Protocol is TLSv1.3" \
2093 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
2094 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2095 -c "NamedGroup: x448 ( 1e )" \
2096 -c "Verifying peer X.509 certificate... ok" \
2097 -C "received HelloRetryRequest message"
2098
2099requires_gnutls_tls1_3
2100requires_gnutls_next_no_ticket
2101requires_gnutls_next_disable_tls13_compat
2102requires_config_enabled MBEDTLS_DEBUG_C
2103requires_config_enabled MBEDTLS_SSL_CLI_C
2104requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2105requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2106run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
2107 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
2108 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
2109 0 \
2110 -c "HTTP/1.0 200 OK" \
2111 -c "Protocol is TLSv1.3" \
2112 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
2113 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2114 -c "NamedGroup: x448 ( 1e )" \
2115 -c "Verifying peer X.509 certificate... ok" \
2116 -C "received HelloRetryRequest message"
2117
2118requires_gnutls_tls1_3
2119requires_gnutls_next_no_ticket
2120requires_gnutls_next_disable_tls13_compat
2121requires_config_enabled MBEDTLS_DEBUG_C
2122requires_config_enabled MBEDTLS_SSL_CLI_C
2123requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2124requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2125requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2126run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
2127 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2128 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
2129 0 \
2130 -c "HTTP/1.0 200 OK" \
2131 -c "Protocol is TLSv1.3" \
2132 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
2133 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2134 -c "NamedGroup: x448 ( 1e )" \
2135 -c "Verifying peer X.509 certificate... ok" \
2136 -C "received HelloRetryRequest message"
2137
2138requires_gnutls_tls1_3
2139requires_gnutls_next_no_ticket
2140requires_gnutls_next_disable_tls13_compat
2141requires_config_enabled MBEDTLS_DEBUG_C
2142requires_config_enabled MBEDTLS_SSL_CLI_C
2143requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2144requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2145run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
2146 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2147 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
2148 0 \
2149 -c "HTTP/1.0 200 OK" \
2150 -c "Protocol is TLSv1.3" \
2151 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2152 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2153 -c "NamedGroup: secp256r1 ( 17 )" \
2154 -c "Verifying peer X.509 certificate... ok" \
2155 -C "received HelloRetryRequest message"
2156
2157requires_gnutls_tls1_3
2158requires_gnutls_next_no_ticket
2159requires_gnutls_next_disable_tls13_compat
2160requires_config_enabled MBEDTLS_DEBUG_C
2161requires_config_enabled MBEDTLS_SSL_CLI_C
2162requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2163requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2164run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
2165 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
2166 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
2167 0 \
2168 -c "HTTP/1.0 200 OK" \
2169 -c "Protocol is TLSv1.3" \
2170 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2171 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2172 -c "NamedGroup: secp256r1 ( 17 )" \
2173 -c "Verifying peer X.509 certificate... ok" \
2174 -C "received HelloRetryRequest message"
2175
2176requires_gnutls_tls1_3
2177requires_gnutls_next_no_ticket
2178requires_gnutls_next_disable_tls13_compat
2179requires_config_enabled MBEDTLS_DEBUG_C
2180requires_config_enabled MBEDTLS_SSL_CLI_C
2181requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2182requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2183run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
2184 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
2185 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
2186 0 \
2187 -c "HTTP/1.0 200 OK" \
2188 -c "Protocol is TLSv1.3" \
2189 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2190 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2191 -c "NamedGroup: secp256r1 ( 17 )" \
2192 -c "Verifying peer X.509 certificate... ok" \
2193 -C "received HelloRetryRequest message"
2194
2195requires_gnutls_tls1_3
2196requires_gnutls_next_no_ticket
2197requires_gnutls_next_disable_tls13_compat
2198requires_config_enabled MBEDTLS_DEBUG_C
2199requires_config_enabled MBEDTLS_SSL_CLI_C
2200requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2201requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2202requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2203run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
2204 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2205 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
2206 0 \
2207 -c "HTTP/1.0 200 OK" \
2208 -c "Protocol is TLSv1.3" \
2209 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2210 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2211 -c "NamedGroup: secp256r1 ( 17 )" \
2212 -c "Verifying peer X.509 certificate... ok" \
2213 -C "received HelloRetryRequest message"
2214
2215requires_gnutls_tls1_3
2216requires_gnutls_next_no_ticket
2217requires_gnutls_next_disable_tls13_compat
2218requires_config_enabled MBEDTLS_DEBUG_C
2219requires_config_enabled MBEDTLS_SSL_CLI_C
2220requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2221requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2222run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
2223 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2224 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
2225 0 \
2226 -c "HTTP/1.0 200 OK" \
2227 -c "Protocol is TLSv1.3" \
2228 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2229 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2230 -c "NamedGroup: secp384r1 ( 18 )" \
2231 -c "Verifying peer X.509 certificate... ok" \
2232 -C "received HelloRetryRequest message"
2233
2234requires_gnutls_tls1_3
2235requires_gnutls_next_no_ticket
2236requires_gnutls_next_disable_tls13_compat
2237requires_config_enabled MBEDTLS_DEBUG_C
2238requires_config_enabled MBEDTLS_SSL_CLI_C
2239requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2240requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2241run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
2242 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
2243 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
2244 0 \
2245 -c "HTTP/1.0 200 OK" \
2246 -c "Protocol is TLSv1.3" \
2247 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2248 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2249 -c "NamedGroup: secp384r1 ( 18 )" \
2250 -c "Verifying peer X.509 certificate... ok" \
2251 -C "received HelloRetryRequest message"
2252
2253requires_gnutls_tls1_3
2254requires_gnutls_next_no_ticket
2255requires_gnutls_next_disable_tls13_compat
2256requires_config_enabled MBEDTLS_DEBUG_C
2257requires_config_enabled MBEDTLS_SSL_CLI_C
2258requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2259requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2260run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
2261 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
2262 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
2263 0 \
2264 -c "HTTP/1.0 200 OK" \
2265 -c "Protocol is TLSv1.3" \
2266 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2267 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2268 -c "NamedGroup: secp384r1 ( 18 )" \
2269 -c "Verifying peer X.509 certificate... ok" \
2270 -C "received HelloRetryRequest message"
2271
2272requires_gnutls_tls1_3
2273requires_gnutls_next_no_ticket
2274requires_gnutls_next_disable_tls13_compat
2275requires_config_enabled MBEDTLS_DEBUG_C
2276requires_config_enabled MBEDTLS_SSL_CLI_C
2277requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2278requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2279requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2280run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
2281 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2282 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
2283 0 \
2284 -c "HTTP/1.0 200 OK" \
2285 -c "Protocol is TLSv1.3" \
2286 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2287 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2288 -c "NamedGroup: secp384r1 ( 18 )" \
2289 -c "Verifying peer X.509 certificate... ok" \
2290 -C "received HelloRetryRequest message"
2291
2292requires_gnutls_tls1_3
2293requires_gnutls_next_no_ticket
2294requires_gnutls_next_disable_tls13_compat
2295requires_config_enabled MBEDTLS_DEBUG_C
2296requires_config_enabled MBEDTLS_SSL_CLI_C
2297requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2298requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2299run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
2300 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2301 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
2302 0 \
2303 -c "HTTP/1.0 200 OK" \
2304 -c "Protocol is TLSv1.3" \
2305 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2306 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2307 -c "NamedGroup: secp521r1 ( 19 )" \
2308 -c "Verifying peer X.509 certificate... ok" \
2309 -C "received HelloRetryRequest message"
2310
2311requires_gnutls_tls1_3
2312requires_gnutls_next_no_ticket
2313requires_gnutls_next_disable_tls13_compat
2314requires_config_enabled MBEDTLS_DEBUG_C
2315requires_config_enabled MBEDTLS_SSL_CLI_C
2316requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2317requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2318run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
2319 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
2320 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
2321 0 \
2322 -c "HTTP/1.0 200 OK" \
2323 -c "Protocol is TLSv1.3" \
2324 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2325 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2326 -c "NamedGroup: secp521r1 ( 19 )" \
2327 -c "Verifying peer X.509 certificate... ok" \
2328 -C "received HelloRetryRequest message"
2329
2330requires_gnutls_tls1_3
2331requires_gnutls_next_no_ticket
2332requires_gnutls_next_disable_tls13_compat
2333requires_config_enabled MBEDTLS_DEBUG_C
2334requires_config_enabled MBEDTLS_SSL_CLI_C
2335requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2336requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2337run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
2338 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
2339 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
2340 0 \
2341 -c "HTTP/1.0 200 OK" \
2342 -c "Protocol is TLSv1.3" \
2343 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2344 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2345 -c "NamedGroup: secp521r1 ( 19 )" \
2346 -c "Verifying peer X.509 certificate... ok" \
2347 -C "received HelloRetryRequest message"
2348
2349requires_gnutls_tls1_3
2350requires_gnutls_next_no_ticket
2351requires_gnutls_next_disable_tls13_compat
2352requires_config_enabled MBEDTLS_DEBUG_C
2353requires_config_enabled MBEDTLS_SSL_CLI_C
2354requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2355requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2356requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2357run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
2358 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2359 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
2360 0 \
2361 -c "HTTP/1.0 200 OK" \
2362 -c "Protocol is TLSv1.3" \
2363 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2364 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2365 -c "NamedGroup: secp521r1 ( 19 )" \
2366 -c "Verifying peer X.509 certificate... ok" \
2367 -C "received HelloRetryRequest message"
2368
2369requires_gnutls_tls1_3
2370requires_gnutls_next_no_ticket
2371requires_gnutls_next_disable_tls13_compat
2372requires_config_enabled MBEDTLS_DEBUG_C
2373requires_config_enabled MBEDTLS_SSL_CLI_C
2374requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2375requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2376run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
2377 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2378 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
2379 0 \
2380 -c "HTTP/1.0 200 OK" \
2381 -c "Protocol is TLSv1.3" \
2382 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2383 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2384 -c "NamedGroup: x25519 ( 1d )" \
2385 -c "Verifying peer X.509 certificate... ok" \
2386 -C "received HelloRetryRequest message"
2387
2388requires_gnutls_tls1_3
2389requires_gnutls_next_no_ticket
2390requires_gnutls_next_disable_tls13_compat
2391requires_config_enabled MBEDTLS_DEBUG_C
2392requires_config_enabled MBEDTLS_SSL_CLI_C
2393requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2394requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2395run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
2396 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
2397 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
2398 0 \
2399 -c "HTTP/1.0 200 OK" \
2400 -c "Protocol is TLSv1.3" \
2401 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2402 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2403 -c "NamedGroup: x25519 ( 1d )" \
2404 -c "Verifying peer X.509 certificate... ok" \
2405 -C "received HelloRetryRequest message"
2406
2407requires_gnutls_tls1_3
2408requires_gnutls_next_no_ticket
2409requires_gnutls_next_disable_tls13_compat
2410requires_config_enabled MBEDTLS_DEBUG_C
2411requires_config_enabled MBEDTLS_SSL_CLI_C
2412requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2413requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2414run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
2415 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
2416 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
2417 0 \
2418 -c "HTTP/1.0 200 OK" \
2419 -c "Protocol is TLSv1.3" \
2420 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2421 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2422 -c "NamedGroup: x25519 ( 1d )" \
2423 -c "Verifying peer X.509 certificate... ok" \
2424 -C "received HelloRetryRequest message"
2425
2426requires_gnutls_tls1_3
2427requires_gnutls_next_no_ticket
2428requires_gnutls_next_disable_tls13_compat
2429requires_config_enabled MBEDTLS_DEBUG_C
2430requires_config_enabled MBEDTLS_SSL_CLI_C
2431requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2432requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2433requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2434run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
2435 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2436 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
2437 0 \
2438 -c "HTTP/1.0 200 OK" \
2439 -c "Protocol is TLSv1.3" \
2440 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2441 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2442 -c "NamedGroup: x25519 ( 1d )" \
2443 -c "Verifying peer X.509 certificate... ok" \
2444 -C "received HelloRetryRequest message"
2445
2446requires_gnutls_tls1_3
2447requires_gnutls_next_no_ticket
2448requires_gnutls_next_disable_tls13_compat
2449requires_config_enabled MBEDTLS_DEBUG_C
2450requires_config_enabled MBEDTLS_SSL_CLI_C
2451requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2452requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2453run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
2454 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2455 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
2456 0 \
2457 -c "HTTP/1.0 200 OK" \
2458 -c "Protocol is TLSv1.3" \
2459 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2460 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2461 -c "NamedGroup: x448 ( 1e )" \
2462 -c "Verifying peer X.509 certificate... ok" \
2463 -C "received HelloRetryRequest message"
2464
2465requires_gnutls_tls1_3
2466requires_gnutls_next_no_ticket
2467requires_gnutls_next_disable_tls13_compat
2468requires_config_enabled MBEDTLS_DEBUG_C
2469requires_config_enabled MBEDTLS_SSL_CLI_C
2470requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2471requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2472run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
2473 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
2474 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
2475 0 \
2476 -c "HTTP/1.0 200 OK" \
2477 -c "Protocol is TLSv1.3" \
2478 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2479 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2480 -c "NamedGroup: x448 ( 1e )" \
2481 -c "Verifying peer X.509 certificate... ok" \
2482 -C "received HelloRetryRequest message"
2483
2484requires_gnutls_tls1_3
2485requires_gnutls_next_no_ticket
2486requires_gnutls_next_disable_tls13_compat
2487requires_config_enabled MBEDTLS_DEBUG_C
2488requires_config_enabled MBEDTLS_SSL_CLI_C
2489requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2490requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2491run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
2492 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
2493 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
2494 0 \
2495 -c "HTTP/1.0 200 OK" \
2496 -c "Protocol is TLSv1.3" \
2497 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2498 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2499 -c "NamedGroup: x448 ( 1e )" \
2500 -c "Verifying peer X.509 certificate... ok" \
2501 -C "received HelloRetryRequest message"
2502
2503requires_gnutls_tls1_3
2504requires_gnutls_next_no_ticket
2505requires_gnutls_next_disable_tls13_compat
2506requires_config_enabled MBEDTLS_DEBUG_C
2507requires_config_enabled MBEDTLS_SSL_CLI_C
2508requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2509requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2510requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2511run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
2512 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2513 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
2514 0 \
2515 -c "HTTP/1.0 200 OK" \
2516 -c "Protocol is TLSv1.3" \
2517 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
2518 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2519 -c "NamedGroup: x448 ( 1e )" \
2520 -c "Verifying peer X.509 certificate... ok" \
2521 -C "received HelloRetryRequest message"
2522
2523requires_gnutls_tls1_3
2524requires_gnutls_next_no_ticket
2525requires_gnutls_next_disable_tls13_compat
2526requires_config_enabled MBEDTLS_DEBUG_C
2527requires_config_enabled MBEDTLS_SSL_CLI_C
2528requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2529requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2530run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
2531 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2532 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
2533 0 \
2534 -c "HTTP/1.0 200 OK" \
2535 -c "Protocol is TLSv1.3" \
2536 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2537 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2538 -c "NamedGroup: secp256r1 ( 17 )" \
2539 -c "Verifying peer X.509 certificate... ok" \
2540 -C "received HelloRetryRequest message"
2541
2542requires_gnutls_tls1_3
2543requires_gnutls_next_no_ticket
2544requires_gnutls_next_disable_tls13_compat
2545requires_config_enabled MBEDTLS_DEBUG_C
2546requires_config_enabled MBEDTLS_SSL_CLI_C
2547requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2548requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2549run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
2550 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
2551 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
2552 0 \
2553 -c "HTTP/1.0 200 OK" \
2554 -c "Protocol is TLSv1.3" \
2555 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2556 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2557 -c "NamedGroup: secp256r1 ( 17 )" \
2558 -c "Verifying peer X.509 certificate... ok" \
2559 -C "received HelloRetryRequest message"
2560
2561requires_gnutls_tls1_3
2562requires_gnutls_next_no_ticket
2563requires_gnutls_next_disable_tls13_compat
2564requires_config_enabled MBEDTLS_DEBUG_C
2565requires_config_enabled MBEDTLS_SSL_CLI_C
2566requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2567requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2568run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
2569 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
2570 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
2571 0 \
2572 -c "HTTP/1.0 200 OK" \
2573 -c "Protocol is TLSv1.3" \
2574 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2575 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2576 -c "NamedGroup: secp256r1 ( 17 )" \
2577 -c "Verifying peer X.509 certificate... ok" \
2578 -C "received HelloRetryRequest message"
2579
2580requires_gnutls_tls1_3
2581requires_gnutls_next_no_ticket
2582requires_gnutls_next_disable_tls13_compat
2583requires_config_enabled MBEDTLS_DEBUG_C
2584requires_config_enabled MBEDTLS_SSL_CLI_C
2585requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2586requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2587requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2588run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
2589 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2590 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
2591 0 \
2592 -c "HTTP/1.0 200 OK" \
2593 -c "Protocol is TLSv1.3" \
2594 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2595 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2596 -c "NamedGroup: secp256r1 ( 17 )" \
2597 -c "Verifying peer X.509 certificate... ok" \
2598 -C "received HelloRetryRequest message"
2599
2600requires_gnutls_tls1_3
2601requires_gnutls_next_no_ticket
2602requires_gnutls_next_disable_tls13_compat
2603requires_config_enabled MBEDTLS_DEBUG_C
2604requires_config_enabled MBEDTLS_SSL_CLI_C
2605requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2606requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2607run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
2608 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2609 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
2610 0 \
2611 -c "HTTP/1.0 200 OK" \
2612 -c "Protocol is TLSv1.3" \
2613 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2614 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2615 -c "NamedGroup: secp384r1 ( 18 )" \
2616 -c "Verifying peer X.509 certificate... ok" \
2617 -C "received HelloRetryRequest message"
2618
2619requires_gnutls_tls1_3
2620requires_gnutls_next_no_ticket
2621requires_gnutls_next_disable_tls13_compat
2622requires_config_enabled MBEDTLS_DEBUG_C
2623requires_config_enabled MBEDTLS_SSL_CLI_C
2624requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2625requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2626run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
2627 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
2628 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
2629 0 \
2630 -c "HTTP/1.0 200 OK" \
2631 -c "Protocol is TLSv1.3" \
2632 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2633 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2634 -c "NamedGroup: secp384r1 ( 18 )" \
2635 -c "Verifying peer X.509 certificate... ok" \
2636 -C "received HelloRetryRequest message"
2637
2638requires_gnutls_tls1_3
2639requires_gnutls_next_no_ticket
2640requires_gnutls_next_disable_tls13_compat
2641requires_config_enabled MBEDTLS_DEBUG_C
2642requires_config_enabled MBEDTLS_SSL_CLI_C
2643requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2644requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2645run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
2646 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
2647 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
2648 0 \
2649 -c "HTTP/1.0 200 OK" \
2650 -c "Protocol is TLSv1.3" \
2651 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2652 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2653 -c "NamedGroup: secp384r1 ( 18 )" \
2654 -c "Verifying peer X.509 certificate... ok" \
2655 -C "received HelloRetryRequest message"
2656
2657requires_gnutls_tls1_3
2658requires_gnutls_next_no_ticket
2659requires_gnutls_next_disable_tls13_compat
2660requires_config_enabled MBEDTLS_DEBUG_C
2661requires_config_enabled MBEDTLS_SSL_CLI_C
2662requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2663requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2664requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2665run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
2666 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2667 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
2668 0 \
2669 -c "HTTP/1.0 200 OK" \
2670 -c "Protocol is TLSv1.3" \
2671 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2672 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2673 -c "NamedGroup: secp384r1 ( 18 )" \
2674 -c "Verifying peer X.509 certificate... ok" \
2675 -C "received HelloRetryRequest message"
2676
2677requires_gnutls_tls1_3
2678requires_gnutls_next_no_ticket
2679requires_gnutls_next_disable_tls13_compat
2680requires_config_enabled MBEDTLS_DEBUG_C
2681requires_config_enabled MBEDTLS_SSL_CLI_C
2682requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2683requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2684run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
2685 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2686 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
2687 0 \
2688 -c "HTTP/1.0 200 OK" \
2689 -c "Protocol is TLSv1.3" \
2690 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2691 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2692 -c "NamedGroup: secp521r1 ( 19 )" \
2693 -c "Verifying peer X.509 certificate... ok" \
2694 -C "received HelloRetryRequest message"
2695
2696requires_gnutls_tls1_3
2697requires_gnutls_next_no_ticket
2698requires_gnutls_next_disable_tls13_compat
2699requires_config_enabled MBEDTLS_DEBUG_C
2700requires_config_enabled MBEDTLS_SSL_CLI_C
2701requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2702requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2703run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
2704 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
2705 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
2706 0 \
2707 -c "HTTP/1.0 200 OK" \
2708 -c "Protocol is TLSv1.3" \
2709 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2710 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2711 -c "NamedGroup: secp521r1 ( 19 )" \
2712 -c "Verifying peer X.509 certificate... ok" \
2713 -C "received HelloRetryRequest message"
2714
2715requires_gnutls_tls1_3
2716requires_gnutls_next_no_ticket
2717requires_gnutls_next_disable_tls13_compat
2718requires_config_enabled MBEDTLS_DEBUG_C
2719requires_config_enabled MBEDTLS_SSL_CLI_C
2720requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2721requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2722run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
2723 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
2724 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
2725 0 \
2726 -c "HTTP/1.0 200 OK" \
2727 -c "Protocol is TLSv1.3" \
2728 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2729 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2730 -c "NamedGroup: secp521r1 ( 19 )" \
2731 -c "Verifying peer X.509 certificate... ok" \
2732 -C "received HelloRetryRequest message"
2733
2734requires_gnutls_tls1_3
2735requires_gnutls_next_no_ticket
2736requires_gnutls_next_disable_tls13_compat
2737requires_config_enabled MBEDTLS_DEBUG_C
2738requires_config_enabled MBEDTLS_SSL_CLI_C
2739requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2740requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2741requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2742run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
2743 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2744 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
2745 0 \
2746 -c "HTTP/1.0 200 OK" \
2747 -c "Protocol is TLSv1.3" \
2748 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2749 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2750 -c "NamedGroup: secp521r1 ( 19 )" \
2751 -c "Verifying peer X.509 certificate... ok" \
2752 -C "received HelloRetryRequest message"
2753
2754requires_gnutls_tls1_3
2755requires_gnutls_next_no_ticket
2756requires_gnutls_next_disable_tls13_compat
2757requires_config_enabled MBEDTLS_DEBUG_C
2758requires_config_enabled MBEDTLS_SSL_CLI_C
2759requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2760requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2761run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
2762 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2763 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
2764 0 \
2765 -c "HTTP/1.0 200 OK" \
2766 -c "Protocol is TLSv1.3" \
2767 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2768 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2769 -c "NamedGroup: x25519 ( 1d )" \
2770 -c "Verifying peer X.509 certificate... ok" \
2771 -C "received HelloRetryRequest message"
2772
2773requires_gnutls_tls1_3
2774requires_gnutls_next_no_ticket
2775requires_gnutls_next_disable_tls13_compat
2776requires_config_enabled MBEDTLS_DEBUG_C
2777requires_config_enabled MBEDTLS_SSL_CLI_C
2778requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2779requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2780run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
2781 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
2782 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
2783 0 \
2784 -c "HTTP/1.0 200 OK" \
2785 -c "Protocol is TLSv1.3" \
2786 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2787 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2788 -c "NamedGroup: x25519 ( 1d )" \
2789 -c "Verifying peer X.509 certificate... ok" \
2790 -C "received HelloRetryRequest message"
2791
2792requires_gnutls_tls1_3
2793requires_gnutls_next_no_ticket
2794requires_gnutls_next_disable_tls13_compat
2795requires_config_enabled MBEDTLS_DEBUG_C
2796requires_config_enabled MBEDTLS_SSL_CLI_C
2797requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2798requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2799run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
2800 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
2801 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
2802 0 \
2803 -c "HTTP/1.0 200 OK" \
2804 -c "Protocol is TLSv1.3" \
2805 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2806 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2807 -c "NamedGroup: x25519 ( 1d )" \
2808 -c "Verifying peer X.509 certificate... ok" \
2809 -C "received HelloRetryRequest message"
2810
2811requires_gnutls_tls1_3
2812requires_gnutls_next_no_ticket
2813requires_gnutls_next_disable_tls13_compat
2814requires_config_enabled MBEDTLS_DEBUG_C
2815requires_config_enabled MBEDTLS_SSL_CLI_C
2816requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2817requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2818requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2819run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
2820 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2821 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
2822 0 \
2823 -c "HTTP/1.0 200 OK" \
2824 -c "Protocol is TLSv1.3" \
2825 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2826 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2827 -c "NamedGroup: x25519 ( 1d )" \
2828 -c "Verifying peer X.509 certificate... ok" \
2829 -C "received HelloRetryRequest message"
2830
2831requires_gnutls_tls1_3
2832requires_gnutls_next_no_ticket
2833requires_gnutls_next_disable_tls13_compat
2834requires_config_enabled MBEDTLS_DEBUG_C
2835requires_config_enabled MBEDTLS_SSL_CLI_C
2836requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2837requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2838run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
2839 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2840 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
2841 0 \
2842 -c "HTTP/1.0 200 OK" \
2843 -c "Protocol is TLSv1.3" \
2844 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2845 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2846 -c "NamedGroup: x448 ( 1e )" \
2847 -c "Verifying peer X.509 certificate... ok" \
2848 -C "received HelloRetryRequest message"
2849
2850requires_gnutls_tls1_3
2851requires_gnutls_next_no_ticket
2852requires_gnutls_next_disable_tls13_compat
2853requires_config_enabled MBEDTLS_DEBUG_C
2854requires_config_enabled MBEDTLS_SSL_CLI_C
2855requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2856requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2857run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
2858 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
2859 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
2860 0 \
2861 -c "HTTP/1.0 200 OK" \
2862 -c "Protocol is TLSv1.3" \
2863 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2864 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2865 -c "NamedGroup: x448 ( 1e )" \
2866 -c "Verifying peer X.509 certificate... ok" \
2867 -C "received HelloRetryRequest message"
2868
2869requires_gnutls_tls1_3
2870requires_gnutls_next_no_ticket
2871requires_gnutls_next_disable_tls13_compat
2872requires_config_enabled MBEDTLS_DEBUG_C
2873requires_config_enabled MBEDTLS_SSL_CLI_C
2874requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2875requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2876run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
2877 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
2878 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
2879 0 \
2880 -c "HTTP/1.0 200 OK" \
2881 -c "Protocol is TLSv1.3" \
2882 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2883 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2884 -c "NamedGroup: x448 ( 1e )" \
2885 -c "Verifying peer X.509 certificate... ok" \
2886 -C "received HelloRetryRequest message"
2887
2888requires_gnutls_tls1_3
2889requires_gnutls_next_no_ticket
2890requires_gnutls_next_disable_tls13_compat
2891requires_config_enabled MBEDTLS_DEBUG_C
2892requires_config_enabled MBEDTLS_SSL_CLI_C
2893requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2894requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2895requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2896run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
2897 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2898 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
2899 0 \
2900 -c "HTTP/1.0 200 OK" \
2901 -c "Protocol is TLSv1.3" \
2902 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
2903 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2904 -c "NamedGroup: x448 ( 1e )" \
2905 -c "Verifying peer X.509 certificate... ok" \
2906 -C "received HelloRetryRequest message"
2907
2908requires_gnutls_tls1_3
2909requires_gnutls_next_no_ticket
2910requires_gnutls_next_disable_tls13_compat
2911requires_config_enabled MBEDTLS_DEBUG_C
2912requires_config_enabled MBEDTLS_SSL_CLI_C
2913requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2914requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2915run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
2916 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2917 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
2918 0 \
2919 -c "HTTP/1.0 200 OK" \
2920 -c "Protocol is TLSv1.3" \
2921 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2922 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2923 -c "NamedGroup: secp256r1 ( 17 )" \
2924 -c "Verifying peer X.509 certificate... ok" \
2925 -C "received HelloRetryRequest message"
2926
2927requires_gnutls_tls1_3
2928requires_gnutls_next_no_ticket
2929requires_gnutls_next_disable_tls13_compat
2930requires_config_enabled MBEDTLS_DEBUG_C
2931requires_config_enabled MBEDTLS_SSL_CLI_C
2932requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2933requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2934run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
2935 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
2936 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
2937 0 \
2938 -c "HTTP/1.0 200 OK" \
2939 -c "Protocol is TLSv1.3" \
2940 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2941 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2942 -c "NamedGroup: secp256r1 ( 17 )" \
2943 -c "Verifying peer X.509 certificate... ok" \
2944 -C "received HelloRetryRequest message"
2945
2946requires_gnutls_tls1_3
2947requires_gnutls_next_no_ticket
2948requires_gnutls_next_disable_tls13_compat
2949requires_config_enabled MBEDTLS_DEBUG_C
2950requires_config_enabled MBEDTLS_SSL_CLI_C
2951requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2952requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2953run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
2954 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
2955 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
2956 0 \
2957 -c "HTTP/1.0 200 OK" \
2958 -c "Protocol is TLSv1.3" \
2959 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2960 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2961 -c "NamedGroup: secp256r1 ( 17 )" \
2962 -c "Verifying peer X.509 certificate... ok" \
2963 -C "received HelloRetryRequest message"
2964
2965requires_gnutls_tls1_3
2966requires_gnutls_next_no_ticket
2967requires_gnutls_next_disable_tls13_compat
2968requires_config_enabled MBEDTLS_DEBUG_C
2969requires_config_enabled MBEDTLS_SSL_CLI_C
2970requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2971requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2972requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
2973run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
2974 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2975 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
2976 0 \
2977 -c "HTTP/1.0 200 OK" \
2978 -c "Protocol is TLSv1.3" \
2979 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2980 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2981 -c "NamedGroup: secp256r1 ( 17 )" \
2982 -c "Verifying peer X.509 certificate... ok" \
2983 -C "received HelloRetryRequest message"
2984
2985requires_gnutls_tls1_3
2986requires_gnutls_next_no_ticket
2987requires_gnutls_next_disable_tls13_compat
2988requires_config_enabled MBEDTLS_DEBUG_C
2989requires_config_enabled MBEDTLS_SSL_CLI_C
2990requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
2991requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
2992run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
2993 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
2994 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
2995 0 \
2996 -c "HTTP/1.0 200 OK" \
2997 -c "Protocol is TLSv1.3" \
2998 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2999 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3000 -c "NamedGroup: secp384r1 ( 18 )" \
3001 -c "Verifying peer X.509 certificate... ok" \
3002 -C "received HelloRetryRequest message"
3003
3004requires_gnutls_tls1_3
3005requires_gnutls_next_no_ticket
3006requires_gnutls_next_disable_tls13_compat
3007requires_config_enabled MBEDTLS_DEBUG_C
3008requires_config_enabled MBEDTLS_SSL_CLI_C
3009requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3010requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3011run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
3012 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
3013 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
3014 0 \
3015 -c "HTTP/1.0 200 OK" \
3016 -c "Protocol is TLSv1.3" \
3017 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3018 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3019 -c "NamedGroup: secp384r1 ( 18 )" \
3020 -c "Verifying peer X.509 certificate... ok" \
3021 -C "received HelloRetryRequest message"
3022
3023requires_gnutls_tls1_3
3024requires_gnutls_next_no_ticket
3025requires_gnutls_next_disable_tls13_compat
3026requires_config_enabled MBEDTLS_DEBUG_C
3027requires_config_enabled MBEDTLS_SSL_CLI_C
3028requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3029requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3030run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
3031 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
3032 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
3033 0 \
3034 -c "HTTP/1.0 200 OK" \
3035 -c "Protocol is TLSv1.3" \
3036 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3037 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3038 -c "NamedGroup: secp384r1 ( 18 )" \
3039 -c "Verifying peer X.509 certificate... ok" \
3040 -C "received HelloRetryRequest message"
3041
3042requires_gnutls_tls1_3
3043requires_gnutls_next_no_ticket
3044requires_gnutls_next_disable_tls13_compat
3045requires_config_enabled MBEDTLS_DEBUG_C
3046requires_config_enabled MBEDTLS_SSL_CLI_C
3047requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3048requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3049requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3050run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
3051 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
3052 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
3053 0 \
3054 -c "HTTP/1.0 200 OK" \
3055 -c "Protocol is TLSv1.3" \
3056 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3057 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3058 -c "NamedGroup: secp384r1 ( 18 )" \
3059 -c "Verifying peer X.509 certificate... ok" \
3060 -C "received HelloRetryRequest message"
3061
3062requires_gnutls_tls1_3
3063requires_gnutls_next_no_ticket
3064requires_gnutls_next_disable_tls13_compat
3065requires_config_enabled MBEDTLS_DEBUG_C
3066requires_config_enabled MBEDTLS_SSL_CLI_C
3067requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3068requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3069run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
3070 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
3071 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
3072 0 \
3073 -c "HTTP/1.0 200 OK" \
3074 -c "Protocol is TLSv1.3" \
3075 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3076 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3077 -c "NamedGroup: secp521r1 ( 19 )" \
3078 -c "Verifying peer X.509 certificate... ok" \
3079 -C "received HelloRetryRequest message"
3080
3081requires_gnutls_tls1_3
3082requires_gnutls_next_no_ticket
3083requires_gnutls_next_disable_tls13_compat
3084requires_config_enabled MBEDTLS_DEBUG_C
3085requires_config_enabled MBEDTLS_SSL_CLI_C
3086requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3087requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3088run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
3089 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
3090 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
3091 0 \
3092 -c "HTTP/1.0 200 OK" \
3093 -c "Protocol is TLSv1.3" \
3094 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3095 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3096 -c "NamedGroup: secp521r1 ( 19 )" \
3097 -c "Verifying peer X.509 certificate... ok" \
3098 -C "received HelloRetryRequest message"
3099
3100requires_gnutls_tls1_3
3101requires_gnutls_next_no_ticket
3102requires_gnutls_next_disable_tls13_compat
3103requires_config_enabled MBEDTLS_DEBUG_C
3104requires_config_enabled MBEDTLS_SSL_CLI_C
3105requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3106requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3107run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
3108 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
3109 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
3110 0 \
3111 -c "HTTP/1.0 200 OK" \
3112 -c "Protocol is TLSv1.3" \
3113 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3114 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3115 -c "NamedGroup: secp521r1 ( 19 )" \
3116 -c "Verifying peer X.509 certificate... ok" \
3117 -C "received HelloRetryRequest message"
3118
3119requires_gnutls_tls1_3
3120requires_gnutls_next_no_ticket
3121requires_gnutls_next_disable_tls13_compat
3122requires_config_enabled MBEDTLS_DEBUG_C
3123requires_config_enabled MBEDTLS_SSL_CLI_C
3124requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3125requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3126requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3127run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
3128 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
3129 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
3130 0 \
3131 -c "HTTP/1.0 200 OK" \
3132 -c "Protocol is TLSv1.3" \
3133 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3134 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3135 -c "NamedGroup: secp521r1 ( 19 )" \
3136 -c "Verifying peer X.509 certificate... ok" \
3137 -C "received HelloRetryRequest message"
3138
3139requires_gnutls_tls1_3
3140requires_gnutls_next_no_ticket
3141requires_gnutls_next_disable_tls13_compat
3142requires_config_enabled MBEDTLS_DEBUG_C
3143requires_config_enabled MBEDTLS_SSL_CLI_C
3144requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3145requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3146run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
3147 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
3148 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
3149 0 \
3150 -c "HTTP/1.0 200 OK" \
3151 -c "Protocol is TLSv1.3" \
3152 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3153 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3154 -c "NamedGroup: x25519 ( 1d )" \
3155 -c "Verifying peer X.509 certificate... ok" \
3156 -C "received HelloRetryRequest message"
3157
3158requires_gnutls_tls1_3
3159requires_gnutls_next_no_ticket
3160requires_gnutls_next_disable_tls13_compat
3161requires_config_enabled MBEDTLS_DEBUG_C
3162requires_config_enabled MBEDTLS_SSL_CLI_C
3163requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3164requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3165run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
3166 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
3167 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
3168 0 \
3169 -c "HTTP/1.0 200 OK" \
3170 -c "Protocol is TLSv1.3" \
3171 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3172 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3173 -c "NamedGroup: x25519 ( 1d )" \
3174 -c "Verifying peer X.509 certificate... ok" \
3175 -C "received HelloRetryRequest message"
3176
3177requires_gnutls_tls1_3
3178requires_gnutls_next_no_ticket
3179requires_gnutls_next_disable_tls13_compat
3180requires_config_enabled MBEDTLS_DEBUG_C
3181requires_config_enabled MBEDTLS_SSL_CLI_C
3182requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3183requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3184run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
3185 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
3186 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
3187 0 \
3188 -c "HTTP/1.0 200 OK" \
3189 -c "Protocol is TLSv1.3" \
3190 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3191 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3192 -c "NamedGroup: x25519 ( 1d )" \
3193 -c "Verifying peer X.509 certificate... ok" \
3194 -C "received HelloRetryRequest message"
3195
3196requires_gnutls_tls1_3
3197requires_gnutls_next_no_ticket
3198requires_gnutls_next_disable_tls13_compat
3199requires_config_enabled MBEDTLS_DEBUG_C
3200requires_config_enabled MBEDTLS_SSL_CLI_C
3201requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3202requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3203requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3204run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
3205 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
3206 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
3207 0 \
3208 -c "HTTP/1.0 200 OK" \
3209 -c "Protocol is TLSv1.3" \
3210 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3211 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3212 -c "NamedGroup: x25519 ( 1d )" \
3213 -c "Verifying peer X.509 certificate... ok" \
3214 -C "received HelloRetryRequest message"
3215
3216requires_gnutls_tls1_3
3217requires_gnutls_next_no_ticket
3218requires_gnutls_next_disable_tls13_compat
3219requires_config_enabled MBEDTLS_DEBUG_C
3220requires_config_enabled MBEDTLS_SSL_CLI_C
3221requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3222requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3223run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
3224 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
3225 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
3226 0 \
3227 -c "HTTP/1.0 200 OK" \
3228 -c "Protocol is TLSv1.3" \
3229 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3230 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3231 -c "NamedGroup: x448 ( 1e )" \
3232 -c "Verifying peer X.509 certificate... ok" \
3233 -C "received HelloRetryRequest message"
3234
3235requires_gnutls_tls1_3
3236requires_gnutls_next_no_ticket
3237requires_gnutls_next_disable_tls13_compat
3238requires_config_enabled MBEDTLS_DEBUG_C
3239requires_config_enabled MBEDTLS_SSL_CLI_C
3240requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3241requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3242run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
3243 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
3244 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
3245 0 \
3246 -c "HTTP/1.0 200 OK" \
3247 -c "Protocol is TLSv1.3" \
3248 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3249 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3250 -c "NamedGroup: x448 ( 1e )" \
3251 -c "Verifying peer X.509 certificate... ok" \
3252 -C "received HelloRetryRequest message"
3253
3254requires_gnutls_tls1_3
3255requires_gnutls_next_no_ticket
3256requires_gnutls_next_disable_tls13_compat
3257requires_config_enabled MBEDTLS_DEBUG_C
3258requires_config_enabled MBEDTLS_SSL_CLI_C
3259requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3260requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3261run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
3262 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
3263 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
3264 0 \
3265 -c "HTTP/1.0 200 OK" \
3266 -c "Protocol is TLSv1.3" \
3267 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3268 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3269 -c "NamedGroup: x448 ( 1e )" \
3270 -c "Verifying peer X.509 certificate... ok" \
3271 -C "received HelloRetryRequest message"
3272
3273requires_gnutls_tls1_3
3274requires_gnutls_next_no_ticket
3275requires_gnutls_next_disable_tls13_compat
3276requires_config_enabled MBEDTLS_DEBUG_C
3277requires_config_enabled MBEDTLS_SSL_CLI_C
3278requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3279requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3280requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
3281run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
3282 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
3283 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
3284 0 \
3285 -c "HTTP/1.0 200 OK" \
3286 -c "Protocol is TLSv1.3" \
3287 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
3288 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3289 -c "NamedGroup: x448 ( 1e )" \
3290 -c "Verifying peer X.509 certificate... ok" \
3291 -C "received HelloRetryRequest message"
3292
3293requires_gnutls_tls1_3
3294requires_gnutls_next_no_ticket
3295requires_gnutls_next_disable_tls13_compat
3296requires_config_enabled MBEDTLS_DEBUG_C
3297requires_config_enabled MBEDTLS_SSL_CLI_C
3298requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3299requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3300run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
3301 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
3302 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
3303 0 \
3304 -c "HTTP/1.0 200 OK" \
3305 -c "Protocol is TLSv1.3" \
3306 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3307 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3308 -c "NamedGroup: secp256r1 ( 17 )" \
3309 -c "Verifying peer X.509 certificate... ok" \
3310 -C "received HelloRetryRequest message"
3311
3312requires_gnutls_tls1_3
3313requires_gnutls_next_no_ticket
3314requires_gnutls_next_disable_tls13_compat
3315requires_config_enabled MBEDTLS_DEBUG_C
3316requires_config_enabled MBEDTLS_SSL_CLI_C
3317requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3318requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3319run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3320 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3321 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3322 0 \
3323 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3324 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3325 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3326 -c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3327 -c "NamedGroup: secp256r1 ( 17 )" \
3328 -c "Verifying peer X.509 certificate... ok" \
3329 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3330
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3331requires_gnutls_tls1_3
3332requires_gnutls_next_no_ticket
3333requires_gnutls_next_disable_tls13_compat
3334requires_config_enabled MBEDTLS_DEBUG_C
3335requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3336requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3337requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3338run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3339 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3340 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3341 0 \
3342 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3343 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3344 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3345 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3346 -c "NamedGroup: secp256r1 ( 17 )" \
3347 -c "Verifying peer X.509 certificate... ok" \
3348 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3349
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3350requires_gnutls_tls1_3
3351requires_gnutls_next_no_ticket
3352requires_gnutls_next_disable_tls13_compat
3353requires_config_enabled MBEDTLS_DEBUG_C
3354requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3355requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3356requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3357requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3358run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3359 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3360 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3361 0 \
3362 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3363 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3364 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3365 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3366 -c "NamedGroup: secp256r1 ( 17 )" \
3367 -c "Verifying peer X.509 certificate... ok" \
3368 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3369
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3370requires_gnutls_tls1_3
3371requires_gnutls_next_no_ticket
3372requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3373requires_config_enabled MBEDTLS_DEBUG_C
3374requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3375requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3376requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3377run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
3378 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
3379 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3380 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3381 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3382 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3383 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3384 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3385 -c "NamedGroup: secp384r1 ( 18 )" \
3386 -c "Verifying peer X.509 certificate... ok" \
3387 -C "received HelloRetryRequest message"
3388
3389requires_gnutls_tls1_3
3390requires_gnutls_next_no_ticket
3391requires_gnutls_next_disable_tls13_compat
3392requires_config_enabled MBEDTLS_DEBUG_C
3393requires_config_enabled MBEDTLS_SSL_CLI_C
3394requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3395requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3396run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
3397 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
3398 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
3399 0 \
3400 -c "HTTP/1.0 200 OK" \
3401 -c "Protocol is TLSv1.3" \
3402 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3403 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3404 -c "NamedGroup: secp384r1 ( 18 )" \
3405 -c "Verifying peer X.509 certificate... ok" \
3406 -C "received HelloRetryRequest message"
3407
3408requires_gnutls_tls1_3
3409requires_gnutls_next_no_ticket
3410requires_gnutls_next_disable_tls13_compat
3411requires_config_enabled MBEDTLS_DEBUG_C
3412requires_config_enabled MBEDTLS_SSL_CLI_C
3413requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3414requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3415run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
3416 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
3417 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
3418 0 \
3419 -c "HTTP/1.0 200 OK" \
3420 -c "Protocol is TLSv1.3" \
3421 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3422 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3423 -c "NamedGroup: secp384r1 ( 18 )" \
3424 -c "Verifying peer X.509 certificate... ok" \
3425 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3426
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3427requires_gnutls_tls1_3
3428requires_gnutls_next_no_ticket
3429requires_gnutls_next_disable_tls13_compat
3430requires_config_enabled MBEDTLS_DEBUG_C
3431requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3432requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3433requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3434requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3435run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3436 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3437 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3438 0 \
3439 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3440 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3441 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3442 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3443 -c "NamedGroup: secp384r1 ( 18 )" \
3444 -c "Verifying peer X.509 certificate... ok" \
3445 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3446
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3447requires_gnutls_tls1_3
3448requires_gnutls_next_no_ticket
3449requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3450requires_config_enabled MBEDTLS_DEBUG_C
3451requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3452requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3453requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3454run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
3455 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
3456 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3457 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3458 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3459 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3460 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3461 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3462 -c "NamedGroup: secp521r1 ( 19 )" \
3463 -c "Verifying peer X.509 certificate... ok" \
3464 -C "received HelloRetryRequest message"
3465
3466requires_gnutls_tls1_3
3467requires_gnutls_next_no_ticket
3468requires_gnutls_next_disable_tls13_compat
3469requires_config_enabled MBEDTLS_DEBUG_C
3470requires_config_enabled MBEDTLS_SSL_CLI_C
3471requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3472requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3473run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
3474 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
3475 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
3476 0 \
3477 -c "HTTP/1.0 200 OK" \
3478 -c "Protocol is TLSv1.3" \
3479 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3480 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3481 -c "NamedGroup: secp521r1 ( 19 )" \
3482 -c "Verifying peer X.509 certificate... ok" \
3483 -C "received HelloRetryRequest message"
3484
3485requires_gnutls_tls1_3
3486requires_gnutls_next_no_ticket
3487requires_gnutls_next_disable_tls13_compat
3488requires_config_enabled MBEDTLS_DEBUG_C
3489requires_config_enabled MBEDTLS_SSL_CLI_C
3490requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3491requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3492run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
3493 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
3494 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
3495 0 \
3496 -c "HTTP/1.0 200 OK" \
3497 -c "Protocol is TLSv1.3" \
3498 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3499 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3500 -c "NamedGroup: secp521r1 ( 19 )" \
3501 -c "Verifying peer X.509 certificate... ok" \
3502 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3503
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3504requires_gnutls_tls1_3
3505requires_gnutls_next_no_ticket
3506requires_gnutls_next_disable_tls13_compat
3507requires_config_enabled MBEDTLS_DEBUG_C
3508requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3509requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3510requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3511requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3512run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3513 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3514 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3515 0 \
3516 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3517 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3518 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3519 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3520 -c "NamedGroup: secp521r1 ( 19 )" \
3521 -c "Verifying peer X.509 certificate... ok" \
3522 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3523
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3524requires_gnutls_tls1_3
3525requires_gnutls_next_no_ticket
3526requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3527requires_config_enabled MBEDTLS_DEBUG_C
3528requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3529requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3530requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3531run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
3532 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
3533 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3534 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3535 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3536 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3537 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3538 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3539 -c "NamedGroup: x25519 ( 1d )" \
3540 -c "Verifying peer X.509 certificate... ok" \
3541 -C "received HelloRetryRequest message"
3542
3543requires_gnutls_tls1_3
3544requires_gnutls_next_no_ticket
3545requires_gnutls_next_disable_tls13_compat
3546requires_config_enabled MBEDTLS_DEBUG_C
3547requires_config_enabled MBEDTLS_SSL_CLI_C
3548requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3549requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3550run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
3551 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
3552 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
3553 0 \
3554 -c "HTTP/1.0 200 OK" \
3555 -c "Protocol is TLSv1.3" \
3556 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3557 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3558 -c "NamedGroup: x25519 ( 1d )" \
3559 -c "Verifying peer X.509 certificate... ok" \
3560 -C "received HelloRetryRequest message"
3561
3562requires_gnutls_tls1_3
3563requires_gnutls_next_no_ticket
3564requires_gnutls_next_disable_tls13_compat
3565requires_config_enabled MBEDTLS_DEBUG_C
3566requires_config_enabled MBEDTLS_SSL_CLI_C
3567requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3568requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3569run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
3570 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
3571 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
3572 0 \
3573 -c "HTTP/1.0 200 OK" \
3574 -c "Protocol is TLSv1.3" \
3575 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3576 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3577 -c "NamedGroup: x25519 ( 1d )" \
3578 -c "Verifying peer X.509 certificate... ok" \
3579 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3580
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3581requires_gnutls_tls1_3
3582requires_gnutls_next_no_ticket
3583requires_gnutls_next_disable_tls13_compat
3584requires_config_enabled MBEDTLS_DEBUG_C
3585requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3586requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3587requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3588requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3589run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3590 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3591 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3592 0 \
3593 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3594 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3595 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3596 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3597 -c "NamedGroup: x25519 ( 1d )" \
3598 -c "Verifying peer X.509 certificate... ok" \
3599 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3600
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3601requires_gnutls_tls1_3
3602requires_gnutls_next_no_ticket
3603requires_gnutls_next_disable_tls13_compat
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3604requires_config_enabled MBEDTLS_DEBUG_C
3605requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3606requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3607requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3608run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
3609 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
3610 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3611 0 \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3612 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3613 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3614 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron9d0a3e82022-04-05 16:13:38 +0200[diff] [blame]3615 -c "Certificate Verify: Signature algorithm ( 0403 )" \
3616 -c "NamedGroup: x448 ( 1e )" \
3617 -c "Verifying peer X.509 certificate... ok" \
3618 -C "received HelloRetryRequest message"
3619
3620requires_gnutls_tls1_3
3621requires_gnutls_next_no_ticket
3622requires_gnutls_next_disable_tls13_compat
3623requires_config_enabled MBEDTLS_DEBUG_C
3624requires_config_enabled MBEDTLS_SSL_CLI_C
3625requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3626requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3627run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
3628 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS" \
3629 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
3630 0 \
3631 -c "HTTP/1.0 200 OK" \
3632 -c "Protocol is TLSv1.3" \
3633 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3634 -c "Certificate Verify: Signature algorithm ( 0503 )" \
3635 -c "NamedGroup: x448 ( 1e )" \
3636 -c "Verifying peer X.509 certificate... ok" \
3637 -C "received HelloRetryRequest message"
3638
3639requires_gnutls_tls1_3
3640requires_gnutls_next_no_ticket
3641requires_gnutls_next_disable_tls13_compat
3642requires_config_enabled MBEDTLS_DEBUG_C
3643requires_config_enabled MBEDTLS_SSL_CLI_C
3644requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3645requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3646run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
3647 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS" \
3648 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
3649 0 \
3650 -c "HTTP/1.0 200 OK" \
3651 -c "Protocol is TLSv1.3" \
3652 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3653 -c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3654 -c "NamedGroup: x448 ( 1e )" \
3655 -c "Verifying peer X.509 certificate... ok" \
3656 -C "received HelloRetryRequest message"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame]3657
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3658requires_gnutls_tls1_3
3659requires_gnutls_next_no_ticket
3660requires_gnutls_next_disable_tls13_compat
3661requires_config_enabled MBEDTLS_DEBUG_C
3662requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6f135e12021-12-08 16:57:54 +0100[diff] [blame]3663requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cronae937252021-12-10 09:55:15 +0100[diff] [blame]3664requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3665requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3666run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +0100[diff] [blame]3667 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3668 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3669 0 \
3670 -c "HTTP/1.0 200 OK" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +0100[diff] [blame]3671 -c "Protocol is TLSv1.3" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3672 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]3673 -c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu7de79852022-03-23 16:50:47 +0800[diff] [blame]3674 -c "NamedGroup: x448 ( 1e )" \
3675 -c "Verifying peer X.509 certificate... ok" \
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]3676 -C "received HelloRetryRequest message"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]3677
3678requires_openssl_tls1_3
3679requires_config_enabled MBEDTLS_DEBUG_C
3680requires_config_enabled MBEDTLS_SSL_CLI_C
3681requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3682requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]3683run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3684 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3685 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]3686 0 \
3687 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3688 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]3689 -c "NamedGroup: secp256r1 ( 17 )" \
3690 -c "NamedGroup: secp384r1 ( 18 )" \
3691 -c "Verifying peer X.509 certificate... ok" \
3692 -c "received HelloRetryRequest message" \
3693 -c "selected_group ( 24 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]3694
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]3695requires_openssl_tls1_3
3696requires_config_enabled MBEDTLS_DEBUG_C
3697requires_config_enabled MBEDTLS_SSL_CLI_C
3698requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3699requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]3700run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3701 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3702 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]3703 0 \
3704 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3705 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]3706 -c "NamedGroup: secp256r1 ( 17 )" \
3707 -c "NamedGroup: secp521r1 ( 19 )" \
3708 -c "Verifying peer X.509 certificate... ok" \
3709 -c "received HelloRetryRequest message" \
3710 -c "selected_group ( 25 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]3711
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]3712requires_openssl_tls1_3
3713requires_config_enabled MBEDTLS_DEBUG_C
3714requires_config_enabled MBEDTLS_SSL_CLI_C
3715requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3716requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]3717run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3718 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3719 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]3720 0 \
3721 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3722 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]3723 -c "NamedGroup: secp256r1 ( 17 )" \
3724 -c "NamedGroup: x25519 ( 1d )" \
3725 -c "Verifying peer X.509 certificate... ok" \
3726 -c "received HelloRetryRequest message" \
3727 -c "selected_group ( 29 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]3728
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]3729requires_openssl_tls1_3
3730requires_config_enabled MBEDTLS_DEBUG_C
3731requires_config_enabled MBEDTLS_SSL_CLI_C
3732requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3733requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]3734run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]3735 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3736 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]3737 0 \
3738 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3739 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]3740 -c "NamedGroup: secp256r1 ( 17 )" \
3741 -c "NamedGroup: x448 ( 1e )" \
3742 -c "Verifying peer X.509 certificate... ok" \
3743 -c "received HelloRetryRequest message" \
3744 -c "selected_group ( 30 )"
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]3745
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3746requires_openssl_tls1_3
3747requires_config_enabled MBEDTLS_DEBUG_C
3748requires_config_enabled MBEDTLS_SSL_CLI_C
3749requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3750requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3751run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
3752 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3753 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3754 0 \
3755 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3756 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3757 -c "NamedGroup: secp384r1 ( 18 )" \
3758 -c "NamedGroup: secp256r1 ( 17 )" \
3759 -c "Verifying peer X.509 certificate... ok" \
3760 -c "received HelloRetryRequest message" \
3761 -c "selected_group ( 23 )"
3762
3763requires_openssl_tls1_3
3764requires_config_enabled MBEDTLS_DEBUG_C
3765requires_config_enabled MBEDTLS_SSL_CLI_C
3766requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3767requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3768run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
3769 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3770 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3771 0 \
3772 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3773 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3774 -c "NamedGroup: secp384r1 ( 18 )" \
3775 -c "NamedGroup: secp521r1 ( 19 )" \
3776 -c "Verifying peer X.509 certificate... ok" \
3777 -c "received HelloRetryRequest message" \
3778 -c "selected_group ( 25 )"
3779
3780requires_openssl_tls1_3
3781requires_config_enabled MBEDTLS_DEBUG_C
3782requires_config_enabled MBEDTLS_SSL_CLI_C
3783requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3784requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3785run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
3786 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3787 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3788 0 \
3789 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3790 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3791 -c "NamedGroup: secp384r1 ( 18 )" \
3792 -c "NamedGroup: x25519 ( 1d )" \
3793 -c "Verifying peer X.509 certificate... ok" \
3794 -c "received HelloRetryRequest message" \
3795 -c "selected_group ( 29 )"
3796
3797requires_openssl_tls1_3
3798requires_config_enabled MBEDTLS_DEBUG_C
3799requires_config_enabled MBEDTLS_SSL_CLI_C
3800requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3801requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3802run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
3803 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3804 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3805 0 \
3806 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3807 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3808 -c "NamedGroup: secp384r1 ( 18 )" \
3809 -c "NamedGroup: x448 ( 1e )" \
3810 -c "Verifying peer X.509 certificate... ok" \
3811 -c "received HelloRetryRequest message" \
3812 -c "selected_group ( 30 )"
3813
3814requires_openssl_tls1_3
3815requires_config_enabled MBEDTLS_DEBUG_C
3816requires_config_enabled MBEDTLS_SSL_CLI_C
3817requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3818requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3819run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
3820 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3821 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3822 0 \
3823 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3824 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3825 -c "NamedGroup: secp521r1 ( 19 )" \
3826 -c "NamedGroup: secp256r1 ( 17 )" \
3827 -c "Verifying peer X.509 certificate... ok" \
3828 -c "received HelloRetryRequest message" \
3829 -c "selected_group ( 23 )"
3830
3831requires_openssl_tls1_3
3832requires_config_enabled MBEDTLS_DEBUG_C
3833requires_config_enabled MBEDTLS_SSL_CLI_C
3834requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3835requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3836run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
3837 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3838 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3839 0 \
3840 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3841 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3842 -c "NamedGroup: secp521r1 ( 19 )" \
3843 -c "NamedGroup: secp384r1 ( 18 )" \
3844 -c "Verifying peer X.509 certificate... ok" \
3845 -c "received HelloRetryRequest message" \
3846 -c "selected_group ( 24 )"
3847
3848requires_openssl_tls1_3
3849requires_config_enabled MBEDTLS_DEBUG_C
3850requires_config_enabled MBEDTLS_SSL_CLI_C
3851requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3852requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3853run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
3854 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3855 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3856 0 \
3857 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3858 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3859 -c "NamedGroup: secp521r1 ( 19 )" \
3860 -c "NamedGroup: x25519 ( 1d )" \
3861 -c "Verifying peer X.509 certificate... ok" \
3862 -c "received HelloRetryRequest message" \
3863 -c "selected_group ( 29 )"
3864
3865requires_openssl_tls1_3
3866requires_config_enabled MBEDTLS_DEBUG_C
3867requires_config_enabled MBEDTLS_SSL_CLI_C
3868requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3869requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3870run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
3871 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3872 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3873 0 \
3874 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3875 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3876 -c "NamedGroup: secp521r1 ( 19 )" \
3877 -c "NamedGroup: x448 ( 1e )" \
3878 -c "Verifying peer X.509 certificate... ok" \
3879 -c "received HelloRetryRequest message" \
3880 -c "selected_group ( 30 )"
3881
3882requires_openssl_tls1_3
3883requires_config_enabled MBEDTLS_DEBUG_C
3884requires_config_enabled MBEDTLS_SSL_CLI_C
3885requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3886requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3887run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
3888 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3889 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3890 0 \
3891 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3892 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3893 -c "NamedGroup: x25519 ( 1d )" \
3894 -c "NamedGroup: secp256r1 ( 17 )" \
3895 -c "Verifying peer X.509 certificate... ok" \
3896 -c "received HelloRetryRequest message" \
3897 -c "selected_group ( 23 )"
3898
3899requires_openssl_tls1_3
3900requires_config_enabled MBEDTLS_DEBUG_C
3901requires_config_enabled MBEDTLS_SSL_CLI_C
3902requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3903requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3904run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
3905 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3906 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3907 0 \
3908 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3909 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3910 -c "NamedGroup: x25519 ( 1d )" \
3911 -c "NamedGroup: secp384r1 ( 18 )" \
3912 -c "Verifying peer X.509 certificate... ok" \
3913 -c "received HelloRetryRequest message" \
3914 -c "selected_group ( 24 )"
3915
3916requires_openssl_tls1_3
3917requires_config_enabled MBEDTLS_DEBUG_C
3918requires_config_enabled MBEDTLS_SSL_CLI_C
3919requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3920requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3921run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
3922 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3923 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3924 0 \
3925 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3926 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3927 -c "NamedGroup: x25519 ( 1d )" \
3928 -c "NamedGroup: secp521r1 ( 19 )" \
3929 -c "Verifying peer X.509 certificate... ok" \
3930 -c "received HelloRetryRequest message" \
3931 -c "selected_group ( 25 )"
3932
3933requires_openssl_tls1_3
3934requires_config_enabled MBEDTLS_DEBUG_C
3935requires_config_enabled MBEDTLS_SSL_CLI_C
3936requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3937requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3938run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
3939 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3940 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3941 0 \
3942 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3943 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3944 -c "NamedGroup: x25519 ( 1d )" \
3945 -c "NamedGroup: x448 ( 1e )" \
3946 -c "Verifying peer X.509 certificate... ok" \
3947 -c "received HelloRetryRequest message" \
3948 -c "selected_group ( 30 )"
3949
3950requires_openssl_tls1_3
3951requires_config_enabled MBEDTLS_DEBUG_C
3952requires_config_enabled MBEDTLS_SSL_CLI_C
3953requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3954requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3955run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
3956 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3957 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3958 0 \
3959 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3960 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3961 -c "NamedGroup: x448 ( 1e )" \
3962 -c "NamedGroup: secp256r1 ( 17 )" \
3963 -c "Verifying peer X.509 certificate... ok" \
3964 -c "received HelloRetryRequest message" \
3965 -c "selected_group ( 23 )"
3966
3967requires_openssl_tls1_3
3968requires_config_enabled MBEDTLS_DEBUG_C
3969requires_config_enabled MBEDTLS_SSL_CLI_C
3970requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3971requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3972run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
3973 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3974 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3975 0 \
3976 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3977 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3978 -c "NamedGroup: x448 ( 1e )" \
3979 -c "NamedGroup: secp384r1 ( 18 )" \
3980 -c "Verifying peer X.509 certificate... ok" \
3981 -c "received HelloRetryRequest message" \
3982 -c "selected_group ( 24 )"
3983
3984requires_openssl_tls1_3
3985requires_config_enabled MBEDTLS_DEBUG_C
3986requires_config_enabled MBEDTLS_SSL_CLI_C
3987requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
3988requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
3989run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
3990 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3991 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3992 0 \
3993 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]3994 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]3995 -c "NamedGroup: x448 ( 1e )" \
3996 -c "NamedGroup: secp521r1 ( 19 )" \
3997 -c "Verifying peer X.509 certificate... ok" \
3998 -c "received HelloRetryRequest message" \
3999 -c "selected_group ( 25 )"
4000
4001requires_openssl_tls1_3
4002requires_config_enabled MBEDTLS_DEBUG_C
4003requires_config_enabled MBEDTLS_SSL_CLI_C
4004requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4005requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4006run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
4007 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4008 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4009 0 \
4010 -c "HTTP/1.0 200 ok" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4011 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4012 -c "NamedGroup: x448 ( 1e )" \
4013 -c "NamedGroup: x25519 ( 1d )" \
4014 -c "Verifying peer X.509 certificate... ok" \
4015 -c "received HelloRetryRequest message" \
4016 -c "selected_group ( 29 )"
4017
4018requires_gnutls_tls1_3
4019requires_gnutls_next_no_ticket
4020requires_gnutls_next_disable_tls13_compat
4021requires_config_enabled MBEDTLS_DEBUG_C
4022requires_config_enabled MBEDTLS_SSL_CLI_C
4023requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4024requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4025run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
4026 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4027 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4028 0 \
4029 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4030 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4031 -c "NamedGroup: secp256r1 ( 17 )" \
4032 -c "NamedGroup: secp384r1 ( 18 )" \
4033 -c "Verifying peer X.509 certificate... ok" \
4034 -c "received HelloRetryRequest message" \
4035 -c "selected_group ( 24 )"
4036
4037requires_gnutls_tls1_3
4038requires_gnutls_next_no_ticket
4039requires_gnutls_next_disable_tls13_compat
4040requires_config_enabled MBEDTLS_DEBUG_C
4041requires_config_enabled MBEDTLS_SSL_CLI_C
4042requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4043requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4044run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
4045 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4046 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4047 0 \
4048 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4049 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4050 -c "NamedGroup: secp256r1 ( 17 )" \
4051 -c "NamedGroup: secp521r1 ( 19 )" \
4052 -c "Verifying peer X.509 certificate... ok" \
4053 -c "received HelloRetryRequest message" \
4054 -c "selected_group ( 25 )"
4055
4056requires_gnutls_tls1_3
4057requires_gnutls_next_no_ticket
4058requires_gnutls_next_disable_tls13_compat
4059requires_config_enabled MBEDTLS_DEBUG_C
4060requires_config_enabled MBEDTLS_SSL_CLI_C
4061requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4062requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4063run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
4064 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4065 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4066 0 \
4067 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4068 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4069 -c "NamedGroup: secp256r1 ( 17 )" \
4070 -c "NamedGroup: x25519 ( 1d )" \
4071 -c "Verifying peer X.509 certificate... ok" \
4072 -c "received HelloRetryRequest message" \
4073 -c "selected_group ( 29 )"
4074
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]4075requires_gnutls_tls1_3
4076requires_gnutls_next_no_ticket
4077requires_gnutls_next_disable_tls13_compat
4078requires_config_enabled MBEDTLS_DEBUG_C
4079requires_config_enabled MBEDTLS_SSL_CLI_C
4080requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4081requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
XiaokangQian8031ba72022-03-22 12:53:45 +0000[diff] [blame]4082run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]4083 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4084 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian83f81882022-03-17 06:26:36 +0000[diff] [blame]4085 0 \
4086 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4087 -c "Protocol is TLSv1.3" \
XiaokangQiana1931442022-03-25 11:58:22 +0000[diff] [blame]4088 -c "NamedGroup: secp256r1 ( 17 )" \
4089 -c "NamedGroup: x448 ( 1e )" \
4090 -c "Verifying peer X.509 certificate... ok" \
4091 -c "received HelloRetryRequest message" \
4092 -c "selected_group ( 30 )"
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4093
4094requires_gnutls_tls1_3
4095requires_gnutls_next_no_ticket
4096requires_gnutls_next_disable_tls13_compat
4097requires_config_enabled MBEDTLS_DEBUG_C
4098requires_config_enabled MBEDTLS_SSL_CLI_C
4099requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4100requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4101run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
4102 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4103 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4104 0 \
4105 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4106 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4107 -c "NamedGroup: secp384r1 ( 18 )" \
4108 -c "NamedGroup: secp256r1 ( 17 )" \
4109 -c "Verifying peer X.509 certificate... ok" \
4110 -c "received HelloRetryRequest message" \
4111 -c "selected_group ( 23 )"
4112
4113requires_gnutls_tls1_3
4114requires_gnutls_next_no_ticket
4115requires_gnutls_next_disable_tls13_compat
4116requires_config_enabled MBEDTLS_DEBUG_C
4117requires_config_enabled MBEDTLS_SSL_CLI_C
4118requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4119requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4120run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
4121 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4122 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4123 0 \
4124 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4125 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4126 -c "NamedGroup: secp384r1 ( 18 )" \
4127 -c "NamedGroup: secp521r1 ( 19 )" \
4128 -c "Verifying peer X.509 certificate... ok" \
4129 -c "received HelloRetryRequest message" \
4130 -c "selected_group ( 25 )"
4131
4132requires_gnutls_tls1_3
4133requires_gnutls_next_no_ticket
4134requires_gnutls_next_disable_tls13_compat
4135requires_config_enabled MBEDTLS_DEBUG_C
4136requires_config_enabled MBEDTLS_SSL_CLI_C
4137requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4138requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4139run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
4140 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4141 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4142 0 \
4143 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4144 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4145 -c "NamedGroup: secp384r1 ( 18 )" \
4146 -c "NamedGroup: x25519 ( 1d )" \
4147 -c "Verifying peer X.509 certificate... ok" \
4148 -c "received HelloRetryRequest message" \
4149 -c "selected_group ( 29 )"
4150
4151requires_gnutls_tls1_3
4152requires_gnutls_next_no_ticket
4153requires_gnutls_next_disable_tls13_compat
4154requires_config_enabled MBEDTLS_DEBUG_C
4155requires_config_enabled MBEDTLS_SSL_CLI_C
4156requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4157requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4158run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
4159 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4160 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4161 0 \
4162 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4163 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4164 -c "NamedGroup: secp384r1 ( 18 )" \
4165 -c "NamedGroup: x448 ( 1e )" \
4166 -c "Verifying peer X.509 certificate... ok" \
4167 -c "received HelloRetryRequest message" \
4168 -c "selected_group ( 30 )"
4169
4170requires_gnutls_tls1_3
4171requires_gnutls_next_no_ticket
4172requires_gnutls_next_disable_tls13_compat
4173requires_config_enabled MBEDTLS_DEBUG_C
4174requires_config_enabled MBEDTLS_SSL_CLI_C
4175requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4176requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4177run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
4178 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4179 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4180 0 \
4181 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4182 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4183 -c "NamedGroup: secp521r1 ( 19 )" \
4184 -c "NamedGroup: secp256r1 ( 17 )" \
4185 -c "Verifying peer X.509 certificate... ok" \
4186 -c "received HelloRetryRequest message" \
4187 -c "selected_group ( 23 )"
4188
4189requires_gnutls_tls1_3
4190requires_gnutls_next_no_ticket
4191requires_gnutls_next_disable_tls13_compat
4192requires_config_enabled MBEDTLS_DEBUG_C
4193requires_config_enabled MBEDTLS_SSL_CLI_C
4194requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4195requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4196run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
4197 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4198 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4199 0 \
4200 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4201 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4202 -c "NamedGroup: secp521r1 ( 19 )" \
4203 -c "NamedGroup: secp384r1 ( 18 )" \
4204 -c "Verifying peer X.509 certificate... ok" \
4205 -c "received HelloRetryRequest message" \
4206 -c "selected_group ( 24 )"
4207
4208requires_gnutls_tls1_3
4209requires_gnutls_next_no_ticket
4210requires_gnutls_next_disable_tls13_compat
4211requires_config_enabled MBEDTLS_DEBUG_C
4212requires_config_enabled MBEDTLS_SSL_CLI_C
4213requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4214requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4215run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
4216 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4217 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4218 0 \
4219 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4220 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4221 -c "NamedGroup: secp521r1 ( 19 )" \
4222 -c "NamedGroup: x25519 ( 1d )" \
4223 -c "Verifying peer X.509 certificate... ok" \
4224 -c "received HelloRetryRequest message" \
4225 -c "selected_group ( 29 )"
4226
4227requires_gnutls_tls1_3
4228requires_gnutls_next_no_ticket
4229requires_gnutls_next_disable_tls13_compat
4230requires_config_enabled MBEDTLS_DEBUG_C
4231requires_config_enabled MBEDTLS_SSL_CLI_C
4232requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4233requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4234run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
4235 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4236 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4237 0 \
4238 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4239 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4240 -c "NamedGroup: secp521r1 ( 19 )" \
4241 -c "NamedGroup: x448 ( 1e )" \
4242 -c "Verifying peer X.509 certificate... ok" \
4243 -c "received HelloRetryRequest message" \
4244 -c "selected_group ( 30 )"
4245
4246requires_gnutls_tls1_3
4247requires_gnutls_next_no_ticket
4248requires_gnutls_next_disable_tls13_compat
4249requires_config_enabled MBEDTLS_DEBUG_C
4250requires_config_enabled MBEDTLS_SSL_CLI_C
4251requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4252requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4253run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
4254 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4255 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4256 0 \
4257 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4258 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4259 -c "NamedGroup: x25519 ( 1d )" \
4260 -c "NamedGroup: secp256r1 ( 17 )" \
4261 -c "Verifying peer X.509 certificate... ok" \
4262 -c "received HelloRetryRequest message" \
4263 -c "selected_group ( 23 )"
4264
4265requires_gnutls_tls1_3
4266requires_gnutls_next_no_ticket
4267requires_gnutls_next_disable_tls13_compat
4268requires_config_enabled MBEDTLS_DEBUG_C
4269requires_config_enabled MBEDTLS_SSL_CLI_C
4270requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4271requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4272run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
4273 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4274 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4275 0 \
4276 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4277 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4278 -c "NamedGroup: x25519 ( 1d )" \
4279 -c "NamedGroup: secp384r1 ( 18 )" \
4280 -c "Verifying peer X.509 certificate... ok" \
4281 -c "received HelloRetryRequest message" \
4282 -c "selected_group ( 24 )"
4283
4284requires_gnutls_tls1_3
4285requires_gnutls_next_no_ticket
4286requires_gnutls_next_disable_tls13_compat
4287requires_config_enabled MBEDTLS_DEBUG_C
4288requires_config_enabled MBEDTLS_SSL_CLI_C
4289requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4290requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4291run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
4292 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4293 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4294 0 \
4295 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4296 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4297 -c "NamedGroup: x25519 ( 1d )" \
4298 -c "NamedGroup: secp521r1 ( 19 )" \
4299 -c "Verifying peer X.509 certificate... ok" \
4300 -c "received HelloRetryRequest message" \
4301 -c "selected_group ( 25 )"
4302
4303requires_gnutls_tls1_3
4304requires_gnutls_next_no_ticket
4305requires_gnutls_next_disable_tls13_compat
4306requires_config_enabled MBEDTLS_DEBUG_C
4307requires_config_enabled MBEDTLS_SSL_CLI_C
4308requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4309requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4310run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
4311 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X448:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4312 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4313 0 \
4314 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4315 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4316 -c "NamedGroup: x25519 ( 1d )" \
4317 -c "NamedGroup: x448 ( 1e )" \
4318 -c "Verifying peer X.509 certificate... ok" \
4319 -c "received HelloRetryRequest message" \
4320 -c "selected_group ( 30 )"
4321
4322requires_gnutls_tls1_3
4323requires_gnutls_next_no_ticket
4324requires_gnutls_next_disable_tls13_compat
4325requires_config_enabled MBEDTLS_DEBUG_C
4326requires_config_enabled MBEDTLS_SSL_CLI_C
4327requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4328requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4329run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
4330 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP256R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4331 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4332 0 \
4333 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4334 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4335 -c "NamedGroup: x448 ( 1e )" \
4336 -c "NamedGroup: secp256r1 ( 17 )" \
4337 -c "Verifying peer X.509 certificate... ok" \
4338 -c "received HelloRetryRequest message" \
4339 -c "selected_group ( 23 )"
4340
4341requires_gnutls_tls1_3
4342requires_gnutls_next_no_ticket
4343requires_gnutls_next_disable_tls13_compat
4344requires_config_enabled MBEDTLS_DEBUG_C
4345requires_config_enabled MBEDTLS_SSL_CLI_C
4346requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4347requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4348run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
4349 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP384R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4350 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4351 0 \
4352 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4353 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4354 -c "NamedGroup: x448 ( 1e )" \
4355 -c "NamedGroup: secp384r1 ( 18 )" \
4356 -c "Verifying peer X.509 certificate... ok" \
4357 -c "received HelloRetryRequest message" \
4358 -c "selected_group ( 24 )"
4359
4360requires_gnutls_tls1_3
4361requires_gnutls_next_no_ticket
4362requires_gnutls_next_disable_tls13_compat
4363requires_config_enabled MBEDTLS_DEBUG_C
4364requires_config_enabled MBEDTLS_SSL_CLI_C
4365requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4366requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4367run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
4368 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-SECP521R1:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4369 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4370 0 \
4371 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4372 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4373 -c "NamedGroup: x448 ( 1e )" \
4374 -c "NamedGroup: secp521r1 ( 19 )" \
4375 -c "Verifying peer X.509 certificate... ok" \
4376 -c "received HelloRetryRequest message" \
4377 -c "selected_group ( 25 )"
4378
4379requires_gnutls_tls1_3
4380requires_gnutls_next_no_ticket
4381requires_gnutls_next_disable_tls13_compat
4382requires_config_enabled MBEDTLS_DEBUG_C
4383requires_config_enabled MBEDTLS_SSL_CLI_C
4384requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
4385requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
4386run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
4387 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+GROUP-X25519:+MAC-ALL:+SIGN-ALL:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4388 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 ca_file=data_files/test-ca2.crt sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4389 0 \
4390 -c "HTTP/1.0 200 OK" \
Ronald Crondf5f8682022-04-05 16:01:03 +0200[diff] [blame]4391 -c "Protocol is TLSv1.3" \
XiaokangQian2e17fb82022-03-28 03:30:05 +0000[diff] [blame]4392 -c "NamedGroup: x448 ( 1e )" \
4393 -c "NamedGroup: x25519 ( 1d )" \
4394 -c "Verifying peer X.509 certificate... ok" \
4395 -c "received HelloRetryRequest message" \
4396 -c "selected_group ( 29 )"