Blame - tests/opt-testcases/tls13-compat.sh - mirror/mbed-tls

blob: a78ec382e86ec5810ac7af4d4bdd0c2913a409e0 [file] [log] [blame]

XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1	#!/bin/sh
				2
				3	# tls13-compat.sh
				4	#
				5	# Copyright The Mbed TLS Contributors
				6	# SPDX-License-Identifier: Apache-2.0
				7	#
				8	# Licensed under the Apache License, Version 2.0 (the "License"); you may
				9	# not use this file except in compliance with the License.
				10	# You may obtain a copy of the License at
				11	#
				12	# http://www.apache.org/licenses/LICENSE-2.0
				13	#
				14	# Unless required by applicable law or agreed to in writing, software
				15	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				16	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				17	# See the License for the specific language governing permissions and
				18	# limitations under the License.
				19	#
				20	# Purpose
				21	#
				22	# List TLS1.3 compat test cases. They are generated by
Ronald Cron	bc5adf4	2022-10-04 11:06:14 +0200	[diff] [blame]	23	# `./tests/scripts/generate_tls13_compat_tests.py -a -o ./tests/opt-testcases/tls13-compat.sh`.
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	24	#
				25	# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
				26	# AND REGENERATE THIS FILE.
				27	#
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	28	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	29	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	30	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	31	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	32	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	33	requires_openssl_tls1_3
				34	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	35	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	36	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	37	0 \
				38	-s "Protocol is TLSv1.3" \
				39	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				40	-s "received signature algorithm: 0x403" \
				41	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	42	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	43	-C "received HelloRetryRequest message"
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	44
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	45	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	46	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	47	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	48	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	49	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	50	requires_openssl_tls1_3
				51	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	52	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	53	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	54	0 \
				55	-s "Protocol is TLSv1.3" \
				56	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				57	-s "received signature algorithm: 0x503" \
				58	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	59	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	60	-C "received HelloRetryRequest message"
				61
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	62	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	63	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	64	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	65	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	66	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	67	requires_openssl_tls1_3
				68	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	69	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	70	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	71	0 \
				72	-s "Protocol is TLSv1.3" \
				73	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				74	-s "received signature algorithm: 0x603" \
				75	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	76	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	77	-C "received HelloRetryRequest message"
				78
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	79	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	80	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	81	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	82	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				83	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	84	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	85	requires_openssl_tls1_3
				86	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	87	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	88	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	89	0 \
				90	-s "Protocol is TLSv1.3" \
				91	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				92	-s "received signature algorithm: 0x804" \
				93	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	94	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	95	-C "received HelloRetryRequest message"
				96
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	97	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	98	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	99	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	100	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	101	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	102	requires_openssl_tls1_3
				103	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	104	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	105	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	106	0 \
				107	-s "Protocol is TLSv1.3" \
				108	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				109	-s "received signature algorithm: 0x403" \
				110	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	111	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	112	-C "received HelloRetryRequest message"
				113
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	114	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	115	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	116	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	117	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	118	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	119	requires_openssl_tls1_3
				120	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	121	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	122	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	123	0 \
				124	-s "Protocol is TLSv1.3" \
				125	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				126	-s "received signature algorithm: 0x503" \
				127	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	128	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	129	-C "received HelloRetryRequest message"
				130
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	131	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	132	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	133	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	134	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	135	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	136	requires_openssl_tls1_3
				137	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	138	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	139	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	140	0 \
				141	-s "Protocol is TLSv1.3" \
				142	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				143	-s "received signature algorithm: 0x603" \
				144	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	145	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	146	-C "received HelloRetryRequest message"
				147
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	148	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	149	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	150	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	151	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				152	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	153	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	154	requires_openssl_tls1_3
				155	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	156	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	157	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	158	0 \
				159	-s "Protocol is TLSv1.3" \
				160	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				161	-s "received signature algorithm: 0x804" \
				162	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	163	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	164	-C "received HelloRetryRequest message"
				165
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	166	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	167	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	168	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	169	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	170	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	171	requires_openssl_tls1_3
				172	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	173	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	174	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	175	0 \
				176	-s "Protocol is TLSv1.3" \
				177	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				178	-s "received signature algorithm: 0x403" \
				179	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	180	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	181	-C "received HelloRetryRequest message"
				182
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	183	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	184	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	185	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	186	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	187	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	188	requires_openssl_tls1_3
				189	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	190	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	191	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	192	0 \
				193	-s "Protocol is TLSv1.3" \
				194	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				195	-s "received signature algorithm: 0x503" \
				196	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	197	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	198	-C "received HelloRetryRequest message"
				199
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	200	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	201	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	202	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	203	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	204	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	205	requires_openssl_tls1_3
				206	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	207	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	208	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	209	0 \
				210	-s "Protocol is TLSv1.3" \
				211	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				212	-s "received signature algorithm: 0x603" \
				213	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	214	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	215	-C "received HelloRetryRequest message"
				216
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	217	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	218	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	219	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	220	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				221	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	222	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	223	requires_openssl_tls1_3
				224	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	225	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	226	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	227	0 \
				228	-s "Protocol is TLSv1.3" \
				229	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				230	-s "received signature algorithm: 0x804" \
				231	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	232	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	233	-C "received HelloRetryRequest message"
				234
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	235	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	236	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	237	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	238	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	239	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	240	requires_openssl_tls1_3
				241	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	242	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	243	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	244	0 \
				245	-s "Protocol is TLSv1.3" \
				246	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				247	-s "received signature algorithm: 0x403" \
				248	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	249	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	250	-C "received HelloRetryRequest message"
				251
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	252	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	253	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	254	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	255	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	256	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	257	requires_openssl_tls1_3
				258	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	259	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	260	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	261	0 \
				262	-s "Protocol is TLSv1.3" \
				263	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				264	-s "received signature algorithm: 0x503" \
				265	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	266	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	267	-C "received HelloRetryRequest message"
				268
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	269	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	270	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	271	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	272	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	273	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	274	requires_openssl_tls1_3
				275	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	276	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	277	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	278	0 \
				279	-s "Protocol is TLSv1.3" \
				280	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				281	-s "received signature algorithm: 0x603" \
				282	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	283	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	284	-C "received HelloRetryRequest message"
				285
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	286	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	287	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	288	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	289	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				290	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	291	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	292	requires_openssl_tls1_3
				293	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	294	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	295	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	296	0 \
				297	-s "Protocol is TLSv1.3" \
				298	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				299	-s "received signature algorithm: 0x804" \
				300	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	301	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	302	-C "received HelloRetryRequest message"
				303
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	304	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	305	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	306	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	307	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	308	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	309	requires_openssl_tls1_3
				310	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	311	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	312	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	313	0 \
				314	-s "Protocol is TLSv1.3" \
				315	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				316	-s "received signature algorithm: 0x403" \
				317	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	318	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	319	-C "received HelloRetryRequest message"
				320
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	321	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	322	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	323	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	324	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	325	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	326	requires_openssl_tls1_3
				327	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	328	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	329	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	330	0 \
				331	-s "Protocol is TLSv1.3" \
				332	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				333	-s "received signature algorithm: 0x503" \
				334	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	335	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	336	-C "received HelloRetryRequest message"
				337
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	338	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	339	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	340	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	341	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	342	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	343	requires_openssl_tls1_3
				344	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	345	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	346	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	347	0 \
				348	-s "Protocol is TLSv1.3" \
				349	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				350	-s "received signature algorithm: 0x603" \
				351	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	352	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	353	-C "received HelloRetryRequest message"
				354
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	355	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	356	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	357	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	358	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				359	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	360	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	361	requires_openssl_tls1_3
				362	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	363	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	364	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	365	0 \
				366	-s "Protocol is TLSv1.3" \
				367	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				368	-s "received signature algorithm: 0x804" \
				369	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	370	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	371	-C "received HelloRetryRequest message"
				372
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	373	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	374	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	375	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	376	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	377	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	378	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	379	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				380	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				381	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
				382	0 \
				383	-s "Protocol is TLSv1.3" \
				384	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				385	-s "received signature algorithm: 0x403" \
				386	-s "got named group: ffdhe2048(0100)" \
				387	-s "Certificate verification was skipped" \
				388	-C "received HelloRetryRequest message"
				389
				390	requires_config_enabled MBEDTLS_SSL_SRV_C
				391	requires_config_enabled MBEDTLS_DEBUG_C
				392	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				393	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	394	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	395	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	396	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				397	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				398	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
				399	0 \
				400	-s "Protocol is TLSv1.3" \
				401	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				402	-s "received signature algorithm: 0x503" \
				403	-s "got named group: ffdhe2048(0100)" \
				404	-s "Certificate verification was skipped" \
				405	-C "received HelloRetryRequest message"
				406
				407	requires_config_enabled MBEDTLS_SSL_SRV_C
				408	requires_config_enabled MBEDTLS_DEBUG_C
				409	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				410	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	411	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	412	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	413	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				414	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				415	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
				416	0 \
				417	-s "Protocol is TLSv1.3" \
				418	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				419	-s "received signature algorithm: 0x603" \
				420	-s "got named group: ffdhe2048(0100)" \
				421	-s "Certificate verification was skipped" \
				422	-C "received HelloRetryRequest message"
				423
				424	requires_config_enabled MBEDTLS_SSL_SRV_C
				425	requires_config_enabled MBEDTLS_DEBUG_C
				426	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				427	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				428	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	429	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	430	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	431	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				432	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				433	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
				434	0 \
				435	-s "Protocol is TLSv1.3" \
				436	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				437	-s "received signature algorithm: 0x804" \
				438	-s "got named group: ffdhe2048(0100)" \
				439	-s "Certificate verification was skipped" \
				440	-C "received HelloRetryRequest message"
				441
				442	requires_config_enabled MBEDTLS_SSL_SRV_C
				443	requires_config_enabled MBEDTLS_DEBUG_C
				444	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				445	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	446	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	447	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	448	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	449	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				450	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				451	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
				452	0 \
				453	-s "Protocol is TLSv1.3" \
				454	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				455	-s "received signature algorithm: 0x403" \
				456	-s "got named group: ffdhe8192(0104)" \
				457	-s "Certificate verification was skipped" \
				458	-C "received HelloRetryRequest message"
				459
				460	requires_config_enabled MBEDTLS_SSL_SRV_C
				461	requires_config_enabled MBEDTLS_DEBUG_C
				462	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				463	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	464	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	465	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	466	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	467	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				468	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				469	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
				470	0 \
				471	-s "Protocol is TLSv1.3" \
				472	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				473	-s "received signature algorithm: 0x503" \
				474	-s "got named group: ffdhe8192(0104)" \
				475	-s "Certificate verification was skipped" \
				476	-C "received HelloRetryRequest message"
				477
				478	requires_config_enabled MBEDTLS_SSL_SRV_C
				479	requires_config_enabled MBEDTLS_DEBUG_C
				480	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				481	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	482	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	483	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	484	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	485	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				486	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				487	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
				488	0 \
				489	-s "Protocol is TLSv1.3" \
				490	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				491	-s "received signature algorithm: 0x603" \
				492	-s "got named group: ffdhe8192(0104)" \
				493	-s "Certificate verification was skipped" \
				494	-C "received HelloRetryRequest message"
				495
				496	requires_config_enabled MBEDTLS_SSL_SRV_C
				497	requires_config_enabled MBEDTLS_DEBUG_C
				498	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				499	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				500	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	501	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	502	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	503	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	504	run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				505	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				506	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
				507	0 \
				508	-s "Protocol is TLSv1.3" \
				509	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				510	-s "received signature algorithm: 0x804" \
				511	-s "got named group: ffdhe8192(0104)" \
				512	-s "Certificate verification was skipped" \
				513	-C "received HelloRetryRequest message"
				514
				515	requires_config_enabled MBEDTLS_SSL_SRV_C
				516	requires_config_enabled MBEDTLS_DEBUG_C
				517	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				518	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	519	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	520	requires_openssl_tls1_3
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	521	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	522	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	523	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	524	0 \
				525	-s "Protocol is TLSv1.3" \
				526	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				527	-s "received signature algorithm: 0x403" \
				528	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	529	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	530	-C "received HelloRetryRequest message"
				531
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	532	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	533	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	534	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	535	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	536	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	537	requires_openssl_tls1_3
				538	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	539	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	540	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	541	0 \
				542	-s "Protocol is TLSv1.3" \
				543	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				544	-s "received signature algorithm: 0x503" \
				545	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	546	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	547	-C "received HelloRetryRequest message"
				548
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	549	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	550	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	551	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	552	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	553	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	554	requires_openssl_tls1_3
				555	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	556	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	557	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	558	0 \
				559	-s "Protocol is TLSv1.3" \
				560	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				561	-s "received signature algorithm: 0x603" \
				562	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	563	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	564	-C "received HelloRetryRequest message"
				565
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	566	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	567	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	568	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	569	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				570	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	571	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	572	requires_openssl_tls1_3
				573	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	574	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	575	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	576	0 \
				577	-s "Protocol is TLSv1.3" \
				578	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				579	-s "received signature algorithm: 0x804" \
				580	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	581	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	582	-C "received HelloRetryRequest message"
				583
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	584	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	585	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	586	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	587	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	588	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	589	requires_openssl_tls1_3
				590	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	591	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	592	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	593	0 \
				594	-s "Protocol is TLSv1.3" \
				595	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				596	-s "received signature algorithm: 0x403" \
				597	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	598	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	599	-C "received HelloRetryRequest message"
				600
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	601	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	602	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	603	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	604	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	605	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	606	requires_openssl_tls1_3
				607	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	608	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	609	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	610	0 \
				611	-s "Protocol is TLSv1.3" \
				612	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				613	-s "received signature algorithm: 0x503" \
				614	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	615	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	616	-C "received HelloRetryRequest message"
				617
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	618	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	619	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	620	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	621	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	622	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	623	requires_openssl_tls1_3
				624	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	625	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	626	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	627	0 \
				628	-s "Protocol is TLSv1.3" \
				629	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				630	-s "received signature algorithm: 0x603" \
				631	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	632	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	633	-C "received HelloRetryRequest message"
				634
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	635	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	636	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	637	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	638	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				639	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	640	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	641	requires_openssl_tls1_3
				642	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	643	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	644	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	645	0 \
				646	-s "Protocol is TLSv1.3" \
				647	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				648	-s "received signature algorithm: 0x804" \
				649	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	650	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	651	-C "received HelloRetryRequest message"
				652
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	653	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	654	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	655	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	656	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	657	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	658	requires_openssl_tls1_3
				659	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	660	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	661	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	662	0 \
				663	-s "Protocol is TLSv1.3" \
				664	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				665	-s "received signature algorithm: 0x403" \
				666	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	667	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	668	-C "received HelloRetryRequest message"
				669
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	670	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	671	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	672	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	673	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	674	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	675	requires_openssl_tls1_3
				676	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	677	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	678	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	679	0 \
				680	-s "Protocol is TLSv1.3" \
				681	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				682	-s "received signature algorithm: 0x503" \
				683	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	684	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	685	-C "received HelloRetryRequest message"
				686
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	687	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	688	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	689	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	690	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	691	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	692	requires_openssl_tls1_3
				693	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	694	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	695	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	696	0 \
				697	-s "Protocol is TLSv1.3" \
				698	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				699	-s "received signature algorithm: 0x603" \
				700	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	701	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	702	-C "received HelloRetryRequest message"
				703
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	704	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	705	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	706	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	707	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				708	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	709	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	710	requires_openssl_tls1_3
				711	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	712	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	713	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	714	0 \
				715	-s "Protocol is TLSv1.3" \
				716	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				717	-s "received signature algorithm: 0x804" \
				718	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	719	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	720	-C "received HelloRetryRequest message"
				721
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	722	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	723	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	724	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	725	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	726	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	727	requires_openssl_tls1_3
				728	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	729	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	730	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	731	0 \
				732	-s "Protocol is TLSv1.3" \
				733	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				734	-s "received signature algorithm: 0x403" \
				735	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	736	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	737	-C "received HelloRetryRequest message"
				738
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	739	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	740	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	741	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	742	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	743	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	744	requires_openssl_tls1_3
				745	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	746	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	747	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	748	0 \
				749	-s "Protocol is TLSv1.3" \
				750	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				751	-s "received signature algorithm: 0x503" \
				752	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	753	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	754	-C "received HelloRetryRequest message"
				755
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	756	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	757	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	758	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	759	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	760	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	761	requires_openssl_tls1_3
				762	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	763	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	764	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	765	0 \
				766	-s "Protocol is TLSv1.3" \
				767	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				768	-s "received signature algorithm: 0x603" \
				769	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	770	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	771	-C "received HelloRetryRequest message"
				772
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	773	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	774	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	775	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	776	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				777	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	778	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	779	requires_openssl_tls1_3
				780	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	781	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	782	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	783	0 \
				784	-s "Protocol is TLSv1.3" \
				785	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				786	-s "received signature algorithm: 0x804" \
				787	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	788	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	789	-C "received HelloRetryRequest message"
				790
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	791	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	792	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	793	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	794	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	795	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	796	requires_openssl_tls1_3
				797	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	798	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	799	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	800	0 \
				801	-s "Protocol is TLSv1.3" \
				802	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				803	-s "received signature algorithm: 0x403" \
				804	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	805	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	806	-C "received HelloRetryRequest message"
				807
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	808	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	809	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	810	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	811	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	812	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	813	requires_openssl_tls1_3
				814	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	815	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	816	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	817	0 \
				818	-s "Protocol is TLSv1.3" \
				819	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				820	-s "received signature algorithm: 0x503" \
				821	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	822	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	823	-C "received HelloRetryRequest message"
				824
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	825	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	826	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	827	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	828	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	829	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	830	requires_openssl_tls1_3
				831	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	832	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	833	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	834	0 \
				835	-s "Protocol is TLSv1.3" \
				836	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				837	-s "received signature algorithm: 0x603" \
				838	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	839	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	840	-C "received HelloRetryRequest message"
				841
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	842	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	843	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	844	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	845	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				846	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	847	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	848	requires_openssl_tls1_3
				849	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	850	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	851	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	852	0 \
				853	-s "Protocol is TLSv1.3" \
				854	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				855	-s "received signature algorithm: 0x804" \
				856	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	857	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	858	-C "received HelloRetryRequest message"
				859
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	860	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	861	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	862	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	863	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	864	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	865	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	866	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
				867	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				868	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
				869	0 \
				870	-s "Protocol is TLSv1.3" \
				871	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				872	-s "received signature algorithm: 0x403" \
				873	-s "got named group: ffdhe2048(0100)" \
				874	-s "Certificate verification was skipped" \
				875	-C "received HelloRetryRequest message"
				876
				877	requires_config_enabled MBEDTLS_SSL_SRV_C
				878	requires_config_enabled MBEDTLS_DEBUG_C
				879	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				880	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	881	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	882	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	883	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
				884	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				885	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
				886	0 \
				887	-s "Protocol is TLSv1.3" \
				888	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				889	-s "received signature algorithm: 0x503" \
				890	-s "got named group: ffdhe2048(0100)" \
				891	-s "Certificate verification was skipped" \
				892	-C "received HelloRetryRequest message"
				893
				894	requires_config_enabled MBEDTLS_SSL_SRV_C
				895	requires_config_enabled MBEDTLS_DEBUG_C
				896	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				897	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	898	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	899	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	900	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
				901	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				902	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
				903	0 \
				904	-s "Protocol is TLSv1.3" \
				905	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				906	-s "received signature algorithm: 0x603" \
				907	-s "got named group: ffdhe2048(0100)" \
				908	-s "Certificate verification was skipped" \
				909	-C "received HelloRetryRequest message"
				910
				911	requires_config_enabled MBEDTLS_SSL_SRV_C
				912	requires_config_enabled MBEDTLS_DEBUG_C
				913	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				914	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				915	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	916	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	917	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	918	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
				919	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				920	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
				921	0 \
				922	-s "Protocol is TLSv1.3" \
				923	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				924	-s "received signature algorithm: 0x804" \
				925	-s "got named group: ffdhe2048(0100)" \
				926	-s "Certificate verification was skipped" \
				927	-C "received HelloRetryRequest message"
				928
				929	requires_config_enabled MBEDTLS_SSL_SRV_C
				930	requires_config_enabled MBEDTLS_DEBUG_C
				931	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				932	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	933	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	934	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	935	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	936	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
				937	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				938	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
				939	0 \
				940	-s "Protocol is TLSv1.3" \
				941	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				942	-s "received signature algorithm: 0x403" \
				943	-s "got named group: ffdhe8192(0104)" \
				944	-s "Certificate verification was skipped" \
				945	-C "received HelloRetryRequest message"
				946
				947	requires_config_enabled MBEDTLS_SSL_SRV_C
				948	requires_config_enabled MBEDTLS_DEBUG_C
				949	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				950	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	951	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	952	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	953	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	954	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
				955	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				956	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
				957	0 \
				958	-s "Protocol is TLSv1.3" \
				959	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				960	-s "received signature algorithm: 0x503" \
				961	-s "got named group: ffdhe8192(0104)" \
				962	-s "Certificate verification was skipped" \
				963	-C "received HelloRetryRequest message"
				964
				965	requires_config_enabled MBEDTLS_SSL_SRV_C
				966	requires_config_enabled MBEDTLS_DEBUG_C
				967	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				968	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	969	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	970	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	971	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	972	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
				973	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				974	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
				975	0 \
				976	-s "Protocol is TLSv1.3" \
				977	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				978	-s "received signature algorithm: 0x603" \
				979	-s "got named group: ffdhe8192(0104)" \
				980	-s "Certificate verification was skipped" \
				981	-C "received HelloRetryRequest message"
				982
				983	requires_config_enabled MBEDTLS_SSL_SRV_C
				984	requires_config_enabled MBEDTLS_DEBUG_C
				985	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				986	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				987	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	988	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	989	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	990	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	991	run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
				992	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				993	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
				994	0 \
				995	-s "Protocol is TLSv1.3" \
				996	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				997	-s "received signature algorithm: 0x804" \
				998	-s "got named group: ffdhe8192(0104)" \
				999	-s "Certificate verification was skipped" \
				1000	-C "received HelloRetryRequest message"
				1001
				1002	requires_config_enabled MBEDTLS_SSL_SRV_C
				1003	requires_config_enabled MBEDTLS_DEBUG_C
				1004	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1005	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1006	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1007	requires_openssl_tls1_3
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1008	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1009	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1010	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1011	0 \
				1012	-s "Protocol is TLSv1.3" \
				1013	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1014	-s "received signature algorithm: 0x403" \
				1015	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1016	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1017	-C "received HelloRetryRequest message"
				1018
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1019	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1020	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1021	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1022	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1023	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1024	requires_openssl_tls1_3
				1025	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1026	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1027	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1028	0 \
				1029	-s "Protocol is TLSv1.3" \
				1030	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1031	-s "received signature algorithm: 0x503" \
				1032	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1033	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1034	-C "received HelloRetryRequest message"
				1035
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1036	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1037	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1038	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1039	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1040	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1041	requires_openssl_tls1_3
				1042	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1043	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1044	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1045	0 \
				1046	-s "Protocol is TLSv1.3" \
				1047	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1048	-s "received signature algorithm: 0x603" \
				1049	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1050	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1051	-C "received HelloRetryRequest message"
				1052
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1053	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1054	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1055	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1056	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1057	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1058	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1059	requires_openssl_tls1_3
				1060	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1061	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1062	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1063	0 \
				1064	-s "Protocol is TLSv1.3" \
				1065	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1066	-s "received signature algorithm: 0x804" \
				1067	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1068	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1069	-C "received HelloRetryRequest message"
				1070
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1071	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1072	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1073	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1074	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1075	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1076	requires_openssl_tls1_3
				1077	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1078	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1079	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1080	0 \
				1081	-s "Protocol is TLSv1.3" \
				1082	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1083	-s "received signature algorithm: 0x403" \
				1084	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1085	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1086	-C "received HelloRetryRequest message"
				1087
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1088	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1089	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1090	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1091	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1092	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1093	requires_openssl_tls1_3
				1094	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1095	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1096	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1097	0 \
				1098	-s "Protocol is TLSv1.3" \
				1099	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1100	-s "received signature algorithm: 0x503" \
				1101	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1102	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1103	-C "received HelloRetryRequest message"
				1104
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1105	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1106	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1107	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1108	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1109	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1110	requires_openssl_tls1_3
				1111	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1112	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1113	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1114	0 \
				1115	-s "Protocol is TLSv1.3" \
				1116	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1117	-s "received signature algorithm: 0x603" \
				1118	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1119	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1120	-C "received HelloRetryRequest message"
				1121
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1122	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1123	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1124	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1125	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1126	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1127	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1128	requires_openssl_tls1_3
				1129	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1130	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1131	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1132	0 \
				1133	-s "Protocol is TLSv1.3" \
				1134	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1135	-s "received signature algorithm: 0x804" \
				1136	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1137	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1138	-C "received HelloRetryRequest message"
				1139
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1140	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1141	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1142	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1143	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1144	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1145	requires_openssl_tls1_3
				1146	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1147	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1148	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1149	0 \
				1150	-s "Protocol is TLSv1.3" \
				1151	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1152	-s "received signature algorithm: 0x403" \
				1153	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1154	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1155	-C "received HelloRetryRequest message"
				1156
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1157	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1158	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1159	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1160	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1161	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1162	requires_openssl_tls1_3
				1163	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1164	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1165	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1166	0 \
				1167	-s "Protocol is TLSv1.3" \
				1168	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1169	-s "received signature algorithm: 0x503" \
				1170	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1171	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1172	-C "received HelloRetryRequest message"
				1173
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1174	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1175	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1176	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1177	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1178	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1179	requires_openssl_tls1_3
				1180	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1181	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1182	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1183	0 \
				1184	-s "Protocol is TLSv1.3" \
				1185	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1186	-s "received signature algorithm: 0x603" \
				1187	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1188	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1189	-C "received HelloRetryRequest message"
				1190
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1191	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1192	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1193	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1194	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1195	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1196	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1197	requires_openssl_tls1_3
				1198	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1199	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1200	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1201	0 \
				1202	-s "Protocol is TLSv1.3" \
				1203	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1204	-s "received signature algorithm: 0x804" \
				1205	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1206	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1207	-C "received HelloRetryRequest message"
				1208
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1209	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1210	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1211	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1212	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1213	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1214	requires_openssl_tls1_3
				1215	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1216	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1217	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1218	0 \
				1219	-s "Protocol is TLSv1.3" \
				1220	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1221	-s "received signature algorithm: 0x403" \
				1222	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1223	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1224	-C "received HelloRetryRequest message"
				1225
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1226	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1227	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1228	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1229	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1230	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1231	requires_openssl_tls1_3
				1232	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1233	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1234	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1235	0 \
				1236	-s "Protocol is TLSv1.3" \
				1237	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1238	-s "received signature algorithm: 0x503" \
				1239	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1240	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1241	-C "received HelloRetryRequest message"
				1242
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1243	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1244	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1245	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1246	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1247	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1248	requires_openssl_tls1_3
				1249	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1250	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1251	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1252	0 \
				1253	-s "Protocol is TLSv1.3" \
				1254	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1255	-s "received signature algorithm: 0x603" \
				1256	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1257	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1258	-C "received HelloRetryRequest message"
				1259
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1260	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1261	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1262	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1263	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1264	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1265	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1266	requires_openssl_tls1_3
				1267	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1268	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1269	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1270	0 \
				1271	-s "Protocol is TLSv1.3" \
				1272	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1273	-s "received signature algorithm: 0x804" \
				1274	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1275	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1276	-C "received HelloRetryRequest message"
				1277
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1278	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1279	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1280	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1281	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1282	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1283	requires_openssl_tls1_3
				1284	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1285	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1286	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1287	0 \
				1288	-s "Protocol is TLSv1.3" \
				1289	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1290	-s "received signature algorithm: 0x403" \
				1291	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1292	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1293	-C "received HelloRetryRequest message"
				1294
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1295	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1296	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1297	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1298	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1299	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1300	requires_openssl_tls1_3
				1301	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1302	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1303	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1304	0 \
				1305	-s "Protocol is TLSv1.3" \
				1306	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1307	-s "received signature algorithm: 0x503" \
				1308	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1309	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1310	-C "received HelloRetryRequest message"
				1311
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1312	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1313	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1314	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1315	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1316	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1317	requires_openssl_tls1_3
				1318	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1319	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1320	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1321	0 \
				1322	-s "Protocol is TLSv1.3" \
				1323	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1324	-s "received signature algorithm: 0x603" \
				1325	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1326	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1327	-C "received HelloRetryRequest message"
				1328
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1329	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1330	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1331	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1332	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1333	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1334	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1335	requires_openssl_tls1_3
				1336	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1337	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1338	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1339	0 \
				1340	-s "Protocol is TLSv1.3" \
				1341	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1342	-s "received signature algorithm: 0x804" \
				1343	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1344	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1345	-C "received HelloRetryRequest message"
				1346
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1347	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1348	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1349	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1350	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1351	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1352	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1353	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				1354	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1355	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
				1356	0 \
				1357	-s "Protocol is TLSv1.3" \
				1358	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1359	-s "received signature algorithm: 0x403" \
				1360	-s "got named group: ffdhe2048(0100)" \
				1361	-s "Certificate verification was skipped" \
				1362	-C "received HelloRetryRequest message"
				1363
				1364	requires_config_enabled MBEDTLS_SSL_SRV_C
				1365	requires_config_enabled MBEDTLS_DEBUG_C
				1366	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1367	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1368	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1369	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1370	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				1371	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1372	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
				1373	0 \
				1374	-s "Protocol is TLSv1.3" \
				1375	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1376	-s "received signature algorithm: 0x503" \
				1377	-s "got named group: ffdhe2048(0100)" \
				1378	-s "Certificate verification was skipped" \
				1379	-C "received HelloRetryRequest message"
				1380
				1381	requires_config_enabled MBEDTLS_SSL_SRV_C
				1382	requires_config_enabled MBEDTLS_DEBUG_C
				1383	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1384	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1385	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1386	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1387	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				1388	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1389	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
				1390	0 \
				1391	-s "Protocol is TLSv1.3" \
				1392	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1393	-s "received signature algorithm: 0x603" \
				1394	-s "got named group: ffdhe2048(0100)" \
				1395	-s "Certificate verification was skipped" \
				1396	-C "received HelloRetryRequest message"
				1397
				1398	requires_config_enabled MBEDTLS_SSL_SRV_C
				1399	requires_config_enabled MBEDTLS_DEBUG_C
				1400	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1401	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1402	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1403	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1404	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1405	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				1406	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1407	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
				1408	0 \
				1409	-s "Protocol is TLSv1.3" \
				1410	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1411	-s "received signature algorithm: 0x804" \
				1412	-s "got named group: ffdhe2048(0100)" \
				1413	-s "Certificate verification was skipped" \
				1414	-C "received HelloRetryRequest message"
				1415
				1416	requires_config_enabled MBEDTLS_SSL_SRV_C
				1417	requires_config_enabled MBEDTLS_DEBUG_C
				1418	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1419	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1420	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1421	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	1422	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1423	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				1424	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1425	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
				1426	0 \
				1427	-s "Protocol is TLSv1.3" \
				1428	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1429	-s "received signature algorithm: 0x403" \
				1430	-s "got named group: ffdhe8192(0104)" \
				1431	-s "Certificate verification was skipped" \
				1432	-C "received HelloRetryRequest message"
				1433
				1434	requires_config_enabled MBEDTLS_SSL_SRV_C
				1435	requires_config_enabled MBEDTLS_DEBUG_C
				1436	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1437	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1438	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1439	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	1440	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1441	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				1442	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1443	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
				1444	0 \
				1445	-s "Protocol is TLSv1.3" \
				1446	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1447	-s "received signature algorithm: 0x503" \
				1448	-s "got named group: ffdhe8192(0104)" \
				1449	-s "Certificate verification was skipped" \
				1450	-C "received HelloRetryRequest message"
				1451
				1452	requires_config_enabled MBEDTLS_SSL_SRV_C
				1453	requires_config_enabled MBEDTLS_DEBUG_C
				1454	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1455	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1456	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1457	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	1458	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1459	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				1460	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1461	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
				1462	0 \
				1463	-s "Protocol is TLSv1.3" \
				1464	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1465	-s "received signature algorithm: 0x603" \
				1466	-s "got named group: ffdhe8192(0104)" \
				1467	-s "Certificate verification was skipped" \
				1468	-C "received HelloRetryRequest message"
				1469
				1470	requires_config_enabled MBEDTLS_SSL_SRV_C
				1471	requires_config_enabled MBEDTLS_DEBUG_C
				1472	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1473	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1474	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1475	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1476	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	1477	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1478	run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				1479	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1480	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
				1481	0 \
				1482	-s "Protocol is TLSv1.3" \
				1483	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				1484	-s "received signature algorithm: 0x804" \
				1485	-s "got named group: ffdhe8192(0104)" \
				1486	-s "Certificate verification was skipped" \
				1487	-C "received HelloRetryRequest message"
				1488
				1489	requires_config_enabled MBEDTLS_SSL_SRV_C
				1490	requires_config_enabled MBEDTLS_DEBUG_C
				1491	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1492	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1493	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1494	requires_openssl_tls1_3
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1495	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1496	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1497	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1498	0 \
				1499	-s "Protocol is TLSv1.3" \
				1500	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1501	-s "received signature algorithm: 0x403" \
				1502	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1503	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1504	-C "received HelloRetryRequest message"
				1505
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1506	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1507	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1508	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1509	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1510	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1511	requires_openssl_tls1_3
				1512	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1513	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1514	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1515	0 \
				1516	-s "Protocol is TLSv1.3" \
				1517	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1518	-s "received signature algorithm: 0x503" \
				1519	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1520	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1521	-C "received HelloRetryRequest message"
				1522
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1523	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1524	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1525	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1526	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1527	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1528	requires_openssl_tls1_3
				1529	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1530	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1531	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1532	0 \
				1533	-s "Protocol is TLSv1.3" \
				1534	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1535	-s "received signature algorithm: 0x603" \
				1536	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1537	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1538	-C "received HelloRetryRequest message"
				1539
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1540	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1541	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1542	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1543	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1544	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1545	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1546	requires_openssl_tls1_3
				1547	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1548	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1549	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1550	0 \
				1551	-s "Protocol is TLSv1.3" \
				1552	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1553	-s "received signature algorithm: 0x804" \
				1554	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1555	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1556	-C "received HelloRetryRequest message"
				1557
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1558	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1559	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1560	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1561	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1562	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1563	requires_openssl_tls1_3
				1564	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1565	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1566	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1567	0 \
				1568	-s "Protocol is TLSv1.3" \
				1569	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1570	-s "received signature algorithm: 0x403" \
				1571	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1572	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1573	-C "received HelloRetryRequest message"
				1574
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1575	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1576	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1577	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1578	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1579	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1580	requires_openssl_tls1_3
				1581	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1582	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1583	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1584	0 \
				1585	-s "Protocol is TLSv1.3" \
				1586	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1587	-s "received signature algorithm: 0x503" \
				1588	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1589	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1590	-C "received HelloRetryRequest message"
				1591
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1592	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1593	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1594	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1595	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1596	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1597	requires_openssl_tls1_3
				1598	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1599	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1600	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1601	0 \
				1602	-s "Protocol is TLSv1.3" \
				1603	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1604	-s "received signature algorithm: 0x603" \
				1605	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1606	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1607	-C "received HelloRetryRequest message"
				1608
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1609	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1610	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1611	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1612	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1613	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1614	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1615	requires_openssl_tls1_3
				1616	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1617	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1618	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1619	0 \
				1620	-s "Protocol is TLSv1.3" \
				1621	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1622	-s "received signature algorithm: 0x804" \
				1623	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1624	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1625	-C "received HelloRetryRequest message"
				1626
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1627	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1628	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1629	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1630	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1631	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1632	requires_openssl_tls1_3
				1633	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1634	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1635	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1636	0 \
				1637	-s "Protocol is TLSv1.3" \
				1638	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1639	-s "received signature algorithm: 0x403" \
				1640	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1641	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1642	-C "received HelloRetryRequest message"
				1643
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1644	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1645	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1646	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1647	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1648	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1649	requires_openssl_tls1_3
				1650	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1651	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1652	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1653	0 \
				1654	-s "Protocol is TLSv1.3" \
				1655	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1656	-s "received signature algorithm: 0x503" \
				1657	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1658	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1659	-C "received HelloRetryRequest message"
				1660
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1661	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1662	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1663	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1664	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1665	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1666	requires_openssl_tls1_3
				1667	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1668	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1669	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1670	0 \
				1671	-s "Protocol is TLSv1.3" \
				1672	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1673	-s "received signature algorithm: 0x603" \
				1674	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1675	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1676	-C "received HelloRetryRequest message"
				1677
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1678	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1679	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1680	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1681	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1682	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1683	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1684	requires_openssl_tls1_3
				1685	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1686	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1687	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1688	0 \
				1689	-s "Protocol is TLSv1.3" \
				1690	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1691	-s "received signature algorithm: 0x804" \
				1692	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1693	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1694	-C "received HelloRetryRequest message"
				1695
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1696	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1697	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1698	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1699	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1700	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1701	requires_openssl_tls1_3
				1702	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1703	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1704	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1705	0 \
				1706	-s "Protocol is TLSv1.3" \
				1707	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1708	-s "received signature algorithm: 0x403" \
				1709	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1710	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1711	-C "received HelloRetryRequest message"
				1712
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1713	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1714	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1715	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1716	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1717	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1718	requires_openssl_tls1_3
				1719	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1720	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1721	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1722	0 \
				1723	-s "Protocol is TLSv1.3" \
				1724	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1725	-s "received signature algorithm: 0x503" \
				1726	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1727	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1728	-C "received HelloRetryRequest message"
				1729
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1730	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1731	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1732	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1733	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1734	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1735	requires_openssl_tls1_3
				1736	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1737	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1738	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1739	0 \
				1740	-s "Protocol is TLSv1.3" \
				1741	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1742	-s "received signature algorithm: 0x603" \
				1743	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1744	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1745	-C "received HelloRetryRequest message"
				1746
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1747	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1748	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1749	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1750	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1751	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1752	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1753	requires_openssl_tls1_3
				1754	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1755	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1756	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1757	0 \
				1758	-s "Protocol is TLSv1.3" \
				1759	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1760	-s "received signature algorithm: 0x804" \
				1761	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1762	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1763	-C "received HelloRetryRequest message"
				1764
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1765	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1766	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1767	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1768	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1769	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1770	requires_openssl_tls1_3
				1771	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1772	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1773	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1774	0 \
				1775	-s "Protocol is TLSv1.3" \
				1776	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1777	-s "received signature algorithm: 0x403" \
				1778	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1779	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1780	-C "received HelloRetryRequest message"
				1781
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1782	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1783	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1784	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1785	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1786	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1787	requires_openssl_tls1_3
				1788	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1789	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1790	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1791	0 \
				1792	-s "Protocol is TLSv1.3" \
				1793	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1794	-s "received signature algorithm: 0x503" \
				1795	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1796	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1797	-C "received HelloRetryRequest message"
				1798
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1799	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1800	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1801	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1802	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1803	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1804	requires_openssl_tls1_3
				1805	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1806	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1807	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1808	0 \
				1809	-s "Protocol is TLSv1.3" \
				1810	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1811	-s "received signature algorithm: 0x603" \
				1812	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1813	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1814	-C "received HelloRetryRequest message"
				1815
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1816	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1817	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1818	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1819	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1820	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1821	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1822	requires_openssl_tls1_3
				1823	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1824	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1825	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1826	0 \
				1827	-s "Protocol is TLSv1.3" \
				1828	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1829	-s "received signature algorithm: 0x804" \
				1830	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1831	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1832	-C "received HelloRetryRequest message"
				1833
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1834	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1835	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1836	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1837	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1838	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1839	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1840	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				1841	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1842	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
				1843	0 \
				1844	-s "Protocol is TLSv1.3" \
				1845	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1846	-s "received signature algorithm: 0x403" \
				1847	-s "got named group: ffdhe2048(0100)" \
				1848	-s "Certificate verification was skipped" \
				1849	-C "received HelloRetryRequest message"
				1850
				1851	requires_config_enabled MBEDTLS_SSL_SRV_C
				1852	requires_config_enabled MBEDTLS_DEBUG_C
				1853	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1854	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1855	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1856	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1857	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				1858	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1859	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
				1860	0 \
				1861	-s "Protocol is TLSv1.3" \
				1862	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1863	-s "received signature algorithm: 0x503" \
				1864	-s "got named group: ffdhe2048(0100)" \
				1865	-s "Certificate verification was skipped" \
				1866	-C "received HelloRetryRequest message"
				1867
				1868	requires_config_enabled MBEDTLS_SSL_SRV_C
				1869	requires_config_enabled MBEDTLS_DEBUG_C
				1870	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1871	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1872	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1873	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1874	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				1875	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1876	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
				1877	0 \
				1878	-s "Protocol is TLSv1.3" \
				1879	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1880	-s "received signature algorithm: 0x603" \
				1881	-s "got named group: ffdhe2048(0100)" \
				1882	-s "Certificate verification was skipped" \
				1883	-C "received HelloRetryRequest message"
				1884
				1885	requires_config_enabled MBEDTLS_SSL_SRV_C
				1886	requires_config_enabled MBEDTLS_DEBUG_C
				1887	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1888	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1889	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1890	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1891	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1892	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				1893	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1894	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
				1895	0 \
				1896	-s "Protocol is TLSv1.3" \
				1897	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1898	-s "received signature algorithm: 0x804" \
				1899	-s "got named group: ffdhe2048(0100)" \
				1900	-s "Certificate verification was skipped" \
				1901	-C "received HelloRetryRequest message"
				1902
				1903	requires_config_enabled MBEDTLS_SSL_SRV_C
				1904	requires_config_enabled MBEDTLS_DEBUG_C
				1905	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1906	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1907	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1908	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	1909	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1910	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				1911	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1912	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
				1913	0 \
				1914	-s "Protocol is TLSv1.3" \
				1915	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1916	-s "received signature algorithm: 0x403" \
				1917	-s "got named group: ffdhe8192(0104)" \
				1918	-s "Certificate verification was skipped" \
				1919	-C "received HelloRetryRequest message"
				1920
				1921	requires_config_enabled MBEDTLS_SSL_SRV_C
				1922	requires_config_enabled MBEDTLS_DEBUG_C
				1923	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1924	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1925	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1926	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	1927	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1928	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				1929	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1930	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
				1931	0 \
				1932	-s "Protocol is TLSv1.3" \
				1933	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1934	-s "received signature algorithm: 0x503" \
				1935	-s "got named group: ffdhe8192(0104)" \
				1936	-s "Certificate verification was skipped" \
				1937	-C "received HelloRetryRequest message"
				1938
				1939	requires_config_enabled MBEDTLS_SSL_SRV_C
				1940	requires_config_enabled MBEDTLS_DEBUG_C
				1941	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1942	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1943	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1944	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	1945	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1946	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				1947	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1948	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
				1949	0 \
				1950	-s "Protocol is TLSv1.3" \
				1951	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1952	-s "received signature algorithm: 0x603" \
				1953	-s "got named group: ffdhe8192(0104)" \
				1954	-s "Certificate verification was skipped" \
				1955	-C "received HelloRetryRequest message"
				1956
				1957	requires_config_enabled MBEDTLS_SSL_SRV_C
				1958	requires_config_enabled MBEDTLS_DEBUG_C
				1959	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1960	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				1961	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1962	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	1963	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	1964	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1965	run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				1966	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				1967	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
				1968	0 \
				1969	-s "Protocol is TLSv1.3" \
				1970	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				1971	-s "received signature algorithm: 0x804" \
				1972	-s "got named group: ffdhe8192(0104)" \
				1973	-s "Certificate verification was skipped" \
				1974	-C "received HelloRetryRequest message"
				1975
				1976	requires_config_enabled MBEDTLS_SSL_SRV_C
				1977	requires_config_enabled MBEDTLS_DEBUG_C
				1978	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				1979	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1980	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	1981	requires_openssl_tls1_3
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1982	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	1983	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	1984	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1985	0 \
				1986	-s "Protocol is TLSv1.3" \
				1987	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				1988	-s "received signature algorithm: 0x403" \
				1989	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	1990	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1991	-C "received HelloRetryRequest message"
				1992
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	1993	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	1994	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	1995	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1996	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	1997	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	1998	requires_openssl_tls1_3
				1999	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2000	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2001	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2002	0 \
				2003	-s "Protocol is TLSv1.3" \
				2004	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2005	-s "received signature algorithm: 0x503" \
				2006	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2007	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2008	-C "received HelloRetryRequest message"
				2009
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2010	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2011	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2012	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2013	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2014	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2015	requires_openssl_tls1_3
				2016	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2017	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2018	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2019	0 \
				2020	-s "Protocol is TLSv1.3" \
				2021	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2022	-s "received signature algorithm: 0x603" \
				2023	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2024	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2025	-C "received HelloRetryRequest message"
				2026
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2027	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2028	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2029	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2030	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2031	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2032	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2033	requires_openssl_tls1_3
				2034	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2035	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2036	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2037	0 \
				2038	-s "Protocol is TLSv1.3" \
				2039	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2040	-s "received signature algorithm: 0x804" \
				2041	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2042	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2043	-C "received HelloRetryRequest message"
				2044
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2045	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2046	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2047	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2048	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2049	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2050	requires_openssl_tls1_3
				2051	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2052	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2053	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2054	0 \
				2055	-s "Protocol is TLSv1.3" \
				2056	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2057	-s "received signature algorithm: 0x403" \
				2058	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2059	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2060	-C "received HelloRetryRequest message"
				2061
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2062	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2063	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2064	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2065	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2066	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2067	requires_openssl_tls1_3
				2068	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2069	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2070	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2071	0 \
				2072	-s "Protocol is TLSv1.3" \
				2073	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2074	-s "received signature algorithm: 0x503" \
				2075	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2076	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2077	-C "received HelloRetryRequest message"
				2078
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2079	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2080	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2081	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2082	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2083	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2084	requires_openssl_tls1_3
				2085	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2086	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2087	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2088	0 \
				2089	-s "Protocol is TLSv1.3" \
				2090	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2091	-s "received signature algorithm: 0x603" \
				2092	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2093	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2094	-C "received HelloRetryRequest message"
				2095
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2096	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2097	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2098	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2099	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2100	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2101	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2102	requires_openssl_tls1_3
				2103	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2104	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2105	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2106	0 \
				2107	-s "Protocol is TLSv1.3" \
				2108	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2109	-s "received signature algorithm: 0x804" \
				2110	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2111	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2112	-C "received HelloRetryRequest message"
				2113
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2114	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2115	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2116	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2117	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2118	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2119	requires_openssl_tls1_3
				2120	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2121	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2122	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2123	0 \
				2124	-s "Protocol is TLSv1.3" \
				2125	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2126	-s "received signature algorithm: 0x403" \
				2127	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2128	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2129	-C "received HelloRetryRequest message"
				2130
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2131	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2132	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2133	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2134	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2135	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2136	requires_openssl_tls1_3
				2137	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2138	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2139	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2140	0 \
				2141	-s "Protocol is TLSv1.3" \
				2142	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2143	-s "received signature algorithm: 0x503" \
				2144	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2145	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2146	-C "received HelloRetryRequest message"
				2147
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2148	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2149	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2150	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2151	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2152	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2153	requires_openssl_tls1_3
				2154	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2155	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2156	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2157	0 \
				2158	-s "Protocol is TLSv1.3" \
				2159	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2160	-s "received signature algorithm: 0x603" \
				2161	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2162	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2163	-C "received HelloRetryRequest message"
				2164
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2165	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2166	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2167	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2168	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2169	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2170	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2171	requires_openssl_tls1_3
				2172	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2173	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2174	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2175	0 \
				2176	-s "Protocol is TLSv1.3" \
				2177	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2178	-s "received signature algorithm: 0x804" \
				2179	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2180	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2181	-C "received HelloRetryRequest message"
				2182
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2183	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2184	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2185	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2186	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2187	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2188	requires_openssl_tls1_3
				2189	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2190	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2191	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2192	0 \
				2193	-s "Protocol is TLSv1.3" \
				2194	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2195	-s "received signature algorithm: 0x403" \
				2196	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2197	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2198	-C "received HelloRetryRequest message"
				2199
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2200	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2201	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2202	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2203	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2204	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2205	requires_openssl_tls1_3
				2206	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2207	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2208	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2209	0 \
				2210	-s "Protocol is TLSv1.3" \
				2211	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2212	-s "received signature algorithm: 0x503" \
				2213	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2214	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2215	-C "received HelloRetryRequest message"
				2216
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2217	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2218	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2219	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2220	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2221	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2222	requires_openssl_tls1_3
				2223	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2224	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2225	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2226	0 \
				2227	-s "Protocol is TLSv1.3" \
				2228	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2229	-s "received signature algorithm: 0x603" \
				2230	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2231	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2232	-C "received HelloRetryRequest message"
				2233
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2234	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2235	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2236	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2237	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2238	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2239	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2240	requires_openssl_tls1_3
				2241	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2242	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2243	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2244	0 \
				2245	-s "Protocol is TLSv1.3" \
				2246	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2247	-s "received signature algorithm: 0x804" \
				2248	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2249	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2250	-C "received HelloRetryRequest message"
				2251
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2252	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2253	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2254	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2255	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2256	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2257	requires_openssl_tls1_3
				2258	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2259	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2260	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2261	0 \
				2262	-s "Protocol is TLSv1.3" \
				2263	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2264	-s "received signature algorithm: 0x403" \
				2265	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2266	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2267	-C "received HelloRetryRequest message"
				2268
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2269	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2270	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2271	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2272	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2273	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2274	requires_openssl_tls1_3
				2275	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2276	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2277	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2278	0 \
				2279	-s "Protocol is TLSv1.3" \
				2280	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2281	-s "received signature algorithm: 0x503" \
				2282	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2283	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2284	-C "received HelloRetryRequest message"
				2285
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2286	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2287	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2288	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2289	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2290	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2291	requires_openssl_tls1_3
				2292	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2293	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2294	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2295	0 \
				2296	-s "Protocol is TLSv1.3" \
				2297	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2298	-s "received signature algorithm: 0x603" \
				2299	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2300	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2301	-C "received HelloRetryRequest message"
				2302
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2303	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2304	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2305	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2306	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2307	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2308	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2309	requires_openssl_tls1_3
				2310	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2311	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2312	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2313	0 \
				2314	-s "Protocol is TLSv1.3" \
				2315	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2316	-s "received signature algorithm: 0x804" \
				2317	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2318	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2319	-C "received HelloRetryRequest message"
				2320
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2321	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2322	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2323	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2324	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2325	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	2326	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2327	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				2328	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2329	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3" \
				2330	0 \
				2331	-s "Protocol is TLSv1.3" \
				2332	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2333	-s "received signature algorithm: 0x403" \
				2334	-s "got named group: ffdhe2048(0100)" \
				2335	-s "Certificate verification was skipped" \
				2336	-C "received HelloRetryRequest message"
				2337
				2338	requires_config_enabled MBEDTLS_SSL_SRV_C
				2339	requires_config_enabled MBEDTLS_DEBUG_C
				2340	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2341	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2342	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	2343	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2344	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				2345	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2346	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3" \
				2347	0 \
				2348	-s "Protocol is TLSv1.3" \
				2349	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2350	-s "received signature algorithm: 0x503" \
				2351	-s "got named group: ffdhe2048(0100)" \
				2352	-s "Certificate verification was skipped" \
				2353	-C "received HelloRetryRequest message"
				2354
				2355	requires_config_enabled MBEDTLS_SSL_SRV_C
				2356	requires_config_enabled MBEDTLS_DEBUG_C
				2357	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2358	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2359	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	2360	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2361	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				2362	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2363	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3" \
				2364	0 \
				2365	-s "Protocol is TLSv1.3" \
				2366	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2367	-s "received signature algorithm: 0x603" \
				2368	-s "got named group: ffdhe2048(0100)" \
				2369	-s "Certificate verification was skipped" \
				2370	-C "received HelloRetryRequest message"
				2371
				2372	requires_config_enabled MBEDTLS_SSL_SRV_C
				2373	requires_config_enabled MBEDTLS_DEBUG_C
				2374	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2375	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2376	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2377	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	2378	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2379	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				2380	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2381	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3" \
				2382	0 \
				2383	-s "Protocol is TLSv1.3" \
				2384	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2385	-s "received signature algorithm: 0x804" \
				2386	-s "got named group: ffdhe2048(0100)" \
				2387	-s "Certificate verification was skipped" \
				2388	-C "received HelloRetryRequest message"
				2389
				2390	requires_config_enabled MBEDTLS_SSL_SRV_C
				2391	requires_config_enabled MBEDTLS_DEBUG_C
				2392	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2393	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2394	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	2395	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	2396	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2397	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				2398	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2399	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3" \
				2400	0 \
				2401	-s "Protocol is TLSv1.3" \
				2402	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2403	-s "received signature algorithm: 0x403" \
				2404	-s "got named group: ffdhe8192(0104)" \
				2405	-s "Certificate verification was skipped" \
				2406	-C "received HelloRetryRequest message"
				2407
				2408	requires_config_enabled MBEDTLS_SSL_SRV_C
				2409	requires_config_enabled MBEDTLS_DEBUG_C
				2410	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2411	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2412	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	2413	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	2414	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2415	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				2416	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2417	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3" \
				2418	0 \
				2419	-s "Protocol is TLSv1.3" \
				2420	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2421	-s "received signature algorithm: 0x503" \
				2422	-s "got named group: ffdhe8192(0104)" \
				2423	-s "Certificate verification was skipped" \
				2424	-C "received HelloRetryRequest message"
				2425
				2426	requires_config_enabled MBEDTLS_SSL_SRV_C
				2427	requires_config_enabled MBEDTLS_DEBUG_C
				2428	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2429	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2430	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	2431	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	2432	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2433	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				2434	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2435	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3" \
				2436	0 \
				2437	-s "Protocol is TLSv1.3" \
				2438	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2439	-s "received signature algorithm: 0x603" \
				2440	-s "got named group: ffdhe8192(0104)" \
				2441	-s "Certificate verification was skipped" \
				2442	-C "received HelloRetryRequest message"
				2443
				2444	requires_config_enabled MBEDTLS_SSL_SRV_C
				2445	requires_config_enabled MBEDTLS_DEBUG_C
				2446	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2447	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2448	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2449	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	2450	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	2451	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2452	run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				2453	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2454	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca_cat12.crt -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3" \
				2455	0 \
				2456	-s "Protocol is TLSv1.3" \
				2457	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				2458	-s "received signature algorithm: 0x804" \
				2459	-s "got named group: ffdhe8192(0104)" \
				2460	-s "Certificate verification was skipped" \
				2461	-C "received HelloRetryRequest message"
				2462
				2463	requires_config_enabled MBEDTLS_SSL_SRV_C
				2464	requires_config_enabled MBEDTLS_DEBUG_C
				2465	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2466	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2467	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2468	requires_gnutls_tls1_3
				2469	requires_gnutls_next_no_ticket
				2470	requires_gnutls_next_disable_tls13_compat
				2471	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2472	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2473	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2474	0 \
				2475	-s "Protocol is TLSv1.3" \
				2476	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2477	-s "received signature algorithm: 0x403" \
				2478	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2479	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2480	-C "received HelloRetryRequest message"
				2481
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2482	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2483	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2484	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2485	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2486	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2487	requires_gnutls_tls1_3
				2488	requires_gnutls_next_no_ticket
				2489	requires_gnutls_next_disable_tls13_compat
				2490	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2491	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2492	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2493	0 \
				2494	-s "Protocol is TLSv1.3" \
				2495	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2496	-s "received signature algorithm: 0x503" \
				2497	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2498	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2499	-C "received HelloRetryRequest message"
				2500
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2501	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2502	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2503	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2504	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2505	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2506	requires_gnutls_tls1_3
				2507	requires_gnutls_next_no_ticket
				2508	requires_gnutls_next_disable_tls13_compat
				2509	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2510	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2511	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2512	0 \
				2513	-s "Protocol is TLSv1.3" \
				2514	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2515	-s "received signature algorithm: 0x603" \
				2516	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2517	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2518	-C "received HelloRetryRequest message"
				2519
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2520	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2521	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2522	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2523	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2524	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2525	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2526	requires_gnutls_tls1_3
				2527	requires_gnutls_next_no_ticket
				2528	requires_gnutls_next_disable_tls13_compat
				2529	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2530	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2531	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2532	0 \
				2533	-s "Protocol is TLSv1.3" \
				2534	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2535	-s "received signature algorithm: 0x804" \
				2536	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2537	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2538	-C "received HelloRetryRequest message"
				2539
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2540	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2541	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2542	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2543	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2544	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2545	requires_gnutls_tls1_3
				2546	requires_gnutls_next_no_ticket
				2547	requires_gnutls_next_disable_tls13_compat
				2548	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2549	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2550	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2551	0 \
				2552	-s "Protocol is TLSv1.3" \
				2553	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2554	-s "received signature algorithm: 0x403" \
				2555	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2556	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2557	-C "received HelloRetryRequest message"
				2558
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2559	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2560	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2561	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2562	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2563	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2564	requires_gnutls_tls1_3
				2565	requires_gnutls_next_no_ticket
				2566	requires_gnutls_next_disable_tls13_compat
				2567	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2568	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2569	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2570	0 \
				2571	-s "Protocol is TLSv1.3" \
				2572	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2573	-s "received signature algorithm: 0x503" \
				2574	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2575	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2576	-C "received HelloRetryRequest message"
				2577
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2578	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2579	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2580	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2581	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2582	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2583	requires_gnutls_tls1_3
				2584	requires_gnutls_next_no_ticket
				2585	requires_gnutls_next_disable_tls13_compat
				2586	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2587	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2588	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2589	0 \
				2590	-s "Protocol is TLSv1.3" \
				2591	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2592	-s "received signature algorithm: 0x603" \
				2593	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2594	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2595	-C "received HelloRetryRequest message"
				2596
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2597	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2598	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2599	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2600	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2601	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2602	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2603	requires_gnutls_tls1_3
				2604	requires_gnutls_next_no_ticket
				2605	requires_gnutls_next_disable_tls13_compat
				2606	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2607	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2608	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2609	0 \
				2610	-s "Protocol is TLSv1.3" \
				2611	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2612	-s "received signature algorithm: 0x804" \
				2613	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2614	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2615	-C "received HelloRetryRequest message"
				2616
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2617	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2618	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2619	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2620	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2621	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2622	requires_gnutls_tls1_3
				2623	requires_gnutls_next_no_ticket
				2624	requires_gnutls_next_disable_tls13_compat
				2625	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2626	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2627	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2628	0 \
				2629	-s "Protocol is TLSv1.3" \
				2630	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2631	-s "received signature algorithm: 0x403" \
				2632	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2633	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2634	-C "received HelloRetryRequest message"
				2635
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2636	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2637	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2638	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2639	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2640	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2641	requires_gnutls_tls1_3
				2642	requires_gnutls_next_no_ticket
				2643	requires_gnutls_next_disable_tls13_compat
				2644	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2645	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2646	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2647	0 \
				2648	-s "Protocol is TLSv1.3" \
				2649	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2650	-s "received signature algorithm: 0x503" \
				2651	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2652	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2653	-C "received HelloRetryRequest message"
				2654
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2655	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2656	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2657	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2658	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2659	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2660	requires_gnutls_tls1_3
				2661	requires_gnutls_next_no_ticket
				2662	requires_gnutls_next_disable_tls13_compat
				2663	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2664	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2665	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2666	0 \
				2667	-s "Protocol is TLSv1.3" \
				2668	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2669	-s "received signature algorithm: 0x603" \
				2670	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2671	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2672	-C "received HelloRetryRequest message"
				2673
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2674	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2675	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2676	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2677	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2678	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2679	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2680	requires_gnutls_tls1_3
				2681	requires_gnutls_next_no_ticket
				2682	requires_gnutls_next_disable_tls13_compat
				2683	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2684	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2685	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2686	0 \
				2687	-s "Protocol is TLSv1.3" \
				2688	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2689	-s "received signature algorithm: 0x804" \
				2690	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2691	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2692	-C "received HelloRetryRequest message"
				2693
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2694	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2695	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2696	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2697	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2698	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2699	requires_gnutls_tls1_3
				2700	requires_gnutls_next_no_ticket
				2701	requires_gnutls_next_disable_tls13_compat
				2702	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2703	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2704	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2705	0 \
				2706	-s "Protocol is TLSv1.3" \
				2707	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2708	-s "received signature algorithm: 0x403" \
				2709	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2710	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2711	-C "received HelloRetryRequest message"
				2712
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2713	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2714	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2715	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2716	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2717	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2718	requires_gnutls_tls1_3
				2719	requires_gnutls_next_no_ticket
				2720	requires_gnutls_next_disable_tls13_compat
				2721	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2722	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2723	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2724	0 \
				2725	-s "Protocol is TLSv1.3" \
				2726	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2727	-s "received signature algorithm: 0x503" \
				2728	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2729	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2730	-C "received HelloRetryRequest message"
				2731
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2732	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2733	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2734	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2735	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2736	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2737	requires_gnutls_tls1_3
				2738	requires_gnutls_next_no_ticket
				2739	requires_gnutls_next_disable_tls13_compat
				2740	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2741	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2742	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2743	0 \
				2744	-s "Protocol is TLSv1.3" \
				2745	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2746	-s "received signature algorithm: 0x603" \
				2747	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2748	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2749	-C "received HelloRetryRequest message"
				2750
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2751	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2752	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2753	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2754	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2755	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2756	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2757	requires_gnutls_tls1_3
				2758	requires_gnutls_next_no_ticket
				2759	requires_gnutls_next_disable_tls13_compat
				2760	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2761	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2762	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2763	0 \
				2764	-s "Protocol is TLSv1.3" \
				2765	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2766	-s "received signature algorithm: 0x804" \
				2767	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2768	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2769	-C "received HelloRetryRequest message"
				2770
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2771	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2772	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2773	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2774	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2775	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2776	requires_gnutls_tls1_3
				2777	requires_gnutls_next_no_ticket
				2778	requires_gnutls_next_disable_tls13_compat
				2779	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2780	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2781	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2782	0 \
				2783	-s "Protocol is TLSv1.3" \
				2784	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2785	-s "received signature algorithm: 0x403" \
				2786	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2787	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2788	-C "received HelloRetryRequest message"
				2789
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2790	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2791	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2792	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2793	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2794	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2795	requires_gnutls_tls1_3
				2796	requires_gnutls_next_no_ticket
				2797	requires_gnutls_next_disable_tls13_compat
				2798	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2799	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2800	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2801	0 \
				2802	-s "Protocol is TLSv1.3" \
				2803	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2804	-s "received signature algorithm: 0x503" \
				2805	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2806	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2807	-C "received HelloRetryRequest message"
				2808
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2809	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2810	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2811	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2812	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2813	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2814	requires_gnutls_tls1_3
				2815	requires_gnutls_next_no_ticket
				2816	requires_gnutls_next_disable_tls13_compat
				2817	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2818	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2819	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2820	0 \
				2821	-s "Protocol is TLSv1.3" \
				2822	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2823	-s "received signature algorithm: 0x603" \
				2824	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2825	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2826	-C "received HelloRetryRequest message"
				2827
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2828	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2829	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2830	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2831	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2832	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2833	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2834	requires_gnutls_tls1_3
				2835	requires_gnutls_next_no_ticket
				2836	requires_gnutls_next_disable_tls13_compat
				2837	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	2838	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	2839	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2840	0 \
				2841	-s "Protocol is TLSv1.3" \
				2842	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2843	-s "received signature algorithm: 0x804" \
				2844	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	2845	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2846	-C "received HelloRetryRequest message"
				2847
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	2848	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	2849	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	2850	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2851	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2852	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	2853	requires_gnutls_tls1_3
				2854	requires_gnutls_next_no_ticket
				2855	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2856	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				2857	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2858	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				2859	0 \
				2860	-s "Protocol is TLSv1.3" \
				2861	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2862	-s "received signature algorithm: 0x403" \
				2863	-s "got named group: ffdhe2048(0100)" \
				2864	-s "Certificate verification was skipped" \
				2865	-C "received HelloRetryRequest message"
				2866
				2867	requires_config_enabled MBEDTLS_SSL_SRV_C
				2868	requires_config_enabled MBEDTLS_DEBUG_C
				2869	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2870	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2871	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2872	requires_gnutls_tls1_3
				2873	requires_gnutls_next_no_ticket
				2874	requires_gnutls_next_disable_tls13_compat
				2875	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				2876	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2877	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				2878	0 \
				2879	-s "Protocol is TLSv1.3" \
				2880	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2881	-s "received signature algorithm: 0x503" \
				2882	-s "got named group: ffdhe2048(0100)" \
				2883	-s "Certificate verification was skipped" \
				2884	-C "received HelloRetryRequest message"
				2885
				2886	requires_config_enabled MBEDTLS_SSL_SRV_C
				2887	requires_config_enabled MBEDTLS_DEBUG_C
				2888	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2889	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2890	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2891	requires_gnutls_tls1_3
				2892	requires_gnutls_next_no_ticket
				2893	requires_gnutls_next_disable_tls13_compat
				2894	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				2895	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2896	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				2897	0 \
				2898	-s "Protocol is TLSv1.3" \
				2899	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2900	-s "received signature algorithm: 0x603" \
				2901	-s "got named group: ffdhe2048(0100)" \
				2902	-s "Certificate verification was skipped" \
				2903	-C "received HelloRetryRequest message"
				2904
				2905	requires_config_enabled MBEDTLS_SSL_SRV_C
				2906	requires_config_enabled MBEDTLS_DEBUG_C
				2907	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2908	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2909	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2910	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2911	requires_gnutls_tls1_3
				2912	requires_gnutls_next_no_ticket
				2913	requires_gnutls_next_disable_tls13_compat
				2914	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				2915	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2916	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				2917	0 \
				2918	-s "Protocol is TLSv1.3" \
				2919	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2920	-s "received signature algorithm: 0x804" \
				2921	-s "got named group: ffdhe2048(0100)" \
				2922	-s "Certificate verification was skipped" \
				2923	-C "received HelloRetryRequest message"
				2924
				2925	requires_config_enabled MBEDTLS_SSL_SRV_C
				2926	requires_config_enabled MBEDTLS_DEBUG_C
				2927	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2928	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2929	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2930	requires_gnutls_tls1_3
				2931	requires_gnutls_next_no_ticket
				2932	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2933	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				2934	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2935	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				2936	0 \
				2937	-s "Protocol is TLSv1.3" \
				2938	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2939	-s "received signature algorithm: 0x403" \
				2940	-s "got named group: ffdhe8192(0104)" \
				2941	-s "Certificate verification was skipped" \
				2942	-C "received HelloRetryRequest message"
				2943
				2944	requires_config_enabled MBEDTLS_SSL_SRV_C
				2945	requires_config_enabled MBEDTLS_DEBUG_C
				2946	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2947	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2948	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2949	requires_gnutls_tls1_3
				2950	requires_gnutls_next_no_ticket
				2951	requires_gnutls_next_disable_tls13_compat
				2952	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				2953	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2954	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				2955	0 \
				2956	-s "Protocol is TLSv1.3" \
				2957	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2958	-s "received signature algorithm: 0x503" \
				2959	-s "got named group: ffdhe8192(0104)" \
				2960	-s "Certificate verification was skipped" \
				2961	-C "received HelloRetryRequest message"
				2962
				2963	requires_config_enabled MBEDTLS_SSL_SRV_C
				2964	requires_config_enabled MBEDTLS_DEBUG_C
				2965	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2966	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2967	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2968	requires_gnutls_tls1_3
				2969	requires_gnutls_next_no_ticket
				2970	requires_gnutls_next_disable_tls13_compat
				2971	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				2972	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2973	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				2974	0 \
				2975	-s "Protocol is TLSv1.3" \
				2976	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2977	-s "received signature algorithm: 0x603" \
				2978	-s "got named group: ffdhe8192(0104)" \
				2979	-s "Certificate verification was skipped" \
				2980	-C "received HelloRetryRequest message"
				2981
				2982	requires_config_enabled MBEDTLS_SSL_SRV_C
				2983	requires_config_enabled MBEDTLS_DEBUG_C
				2984	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				2985	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				2986	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	2987	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	2988	requires_gnutls_tls1_3
				2989	requires_gnutls_next_no_ticket
				2990	requires_gnutls_next_disable_tls13_compat
				2991	run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				2992	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				2993	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				2994	0 \
				2995	-s "Protocol is TLSv1.3" \
				2996	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				2997	-s "received signature algorithm: 0x804" \
				2998	-s "got named group: ffdhe8192(0104)" \
				2999	-s "Certificate verification was skipped" \
				3000	-C "received HelloRetryRequest message"
				3001
				3002	requires_config_enabled MBEDTLS_SSL_SRV_C
				3003	requires_config_enabled MBEDTLS_DEBUG_C
				3004	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				3005	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3006	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3007	requires_gnutls_tls1_3
				3008	requires_gnutls_next_no_ticket
				3009	requires_gnutls_next_disable_tls13_compat
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3010	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3011	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3012	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3013	0 \
				3014	-s "Protocol is TLSv1.3" \
				3015	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3016	-s "received signature algorithm: 0x403" \
				3017	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3018	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3019	-C "received HelloRetryRequest message"
				3020
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3021	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3022	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3023	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3024	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3025	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3026	requires_gnutls_tls1_3
				3027	requires_gnutls_next_no_ticket
				3028	requires_gnutls_next_disable_tls13_compat
				3029	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3030	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3031	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3032	0 \
				3033	-s "Protocol is TLSv1.3" \
				3034	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3035	-s "received signature algorithm: 0x503" \
				3036	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3037	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3038	-C "received HelloRetryRequest message"
				3039
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3040	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3041	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3042	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3043	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3044	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3045	requires_gnutls_tls1_3
				3046	requires_gnutls_next_no_ticket
				3047	requires_gnutls_next_disable_tls13_compat
				3048	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3049	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3050	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3051	0 \
				3052	-s "Protocol is TLSv1.3" \
				3053	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3054	-s "received signature algorithm: 0x603" \
				3055	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3056	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3057	-C "received HelloRetryRequest message"
				3058
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3059	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3060	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3061	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3062	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3063	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3064	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3065	requires_gnutls_tls1_3
				3066	requires_gnutls_next_no_ticket
				3067	requires_gnutls_next_disable_tls13_compat
				3068	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3069	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3070	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3071	0 \
				3072	-s "Protocol is TLSv1.3" \
				3073	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3074	-s "received signature algorithm: 0x804" \
				3075	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3076	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3077	-C "received HelloRetryRequest message"
				3078
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3079	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3080	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3081	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3082	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3083	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3084	requires_gnutls_tls1_3
				3085	requires_gnutls_next_no_ticket
				3086	requires_gnutls_next_disable_tls13_compat
				3087	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3088	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3089	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3090	0 \
				3091	-s "Protocol is TLSv1.3" \
				3092	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3093	-s "received signature algorithm: 0x403" \
				3094	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3095	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3096	-C "received HelloRetryRequest message"
				3097
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3098	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3099	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3100	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3101	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3102	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3103	requires_gnutls_tls1_3
				3104	requires_gnutls_next_no_ticket
				3105	requires_gnutls_next_disable_tls13_compat
				3106	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3107	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3108	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3109	0 \
				3110	-s "Protocol is TLSv1.3" \
				3111	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3112	-s "received signature algorithm: 0x503" \
				3113	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3114	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3115	-C "received HelloRetryRequest message"
				3116
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3117	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3118	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3119	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3120	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3121	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3122	requires_gnutls_tls1_3
				3123	requires_gnutls_next_no_ticket
				3124	requires_gnutls_next_disable_tls13_compat
				3125	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3126	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3127	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3128	0 \
				3129	-s "Protocol is TLSv1.3" \
				3130	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3131	-s "received signature algorithm: 0x603" \
				3132	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3133	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3134	-C "received HelloRetryRequest message"
				3135
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3136	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3137	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3138	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3139	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3140	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3141	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3142	requires_gnutls_tls1_3
				3143	requires_gnutls_next_no_ticket
				3144	requires_gnutls_next_disable_tls13_compat
				3145	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3146	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3147	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3148	0 \
				3149	-s "Protocol is TLSv1.3" \
				3150	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3151	-s "received signature algorithm: 0x804" \
				3152	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3153	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3154	-C "received HelloRetryRequest message"
				3155
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3156	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3157	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3158	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3159	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3160	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3161	requires_gnutls_tls1_3
				3162	requires_gnutls_next_no_ticket
				3163	requires_gnutls_next_disable_tls13_compat
				3164	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3165	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3166	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3167	0 \
				3168	-s "Protocol is TLSv1.3" \
				3169	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3170	-s "received signature algorithm: 0x403" \
				3171	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3172	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3173	-C "received HelloRetryRequest message"
				3174
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3175	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3176	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3177	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3178	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3179	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3180	requires_gnutls_tls1_3
				3181	requires_gnutls_next_no_ticket
				3182	requires_gnutls_next_disable_tls13_compat
				3183	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3184	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3185	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3186	0 \
				3187	-s "Protocol is TLSv1.3" \
				3188	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3189	-s "received signature algorithm: 0x503" \
				3190	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3191	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3192	-C "received HelloRetryRequest message"
				3193
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3194	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3195	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3196	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3197	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3198	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3199	requires_gnutls_tls1_3
				3200	requires_gnutls_next_no_ticket
				3201	requires_gnutls_next_disable_tls13_compat
				3202	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3203	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3204	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3205	0 \
				3206	-s "Protocol is TLSv1.3" \
				3207	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3208	-s "received signature algorithm: 0x603" \
				3209	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3210	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3211	-C "received HelloRetryRequest message"
				3212
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3213	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3214	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3215	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3216	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3217	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3218	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3219	requires_gnutls_tls1_3
				3220	requires_gnutls_next_no_ticket
				3221	requires_gnutls_next_disable_tls13_compat
				3222	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3223	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3224	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3225	0 \
				3226	-s "Protocol is TLSv1.3" \
				3227	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3228	-s "received signature algorithm: 0x804" \
				3229	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3230	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3231	-C "received HelloRetryRequest message"
				3232
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3233	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3234	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3235	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3236	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3237	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3238	requires_gnutls_tls1_3
				3239	requires_gnutls_next_no_ticket
				3240	requires_gnutls_next_disable_tls13_compat
				3241	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3242	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3243	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3244	0 \
				3245	-s "Protocol is TLSv1.3" \
				3246	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3247	-s "received signature algorithm: 0x403" \
				3248	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3249	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3250	-C "received HelloRetryRequest message"
				3251
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3252	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3253	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3254	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3255	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3256	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3257	requires_gnutls_tls1_3
				3258	requires_gnutls_next_no_ticket
				3259	requires_gnutls_next_disable_tls13_compat
				3260	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3261	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3262	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3263	0 \
				3264	-s "Protocol is TLSv1.3" \
				3265	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3266	-s "received signature algorithm: 0x503" \
				3267	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3268	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3269	-C "received HelloRetryRequest message"
				3270
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3271	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3272	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3273	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3274	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3275	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3276	requires_gnutls_tls1_3
				3277	requires_gnutls_next_no_ticket
				3278	requires_gnutls_next_disable_tls13_compat
				3279	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3280	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3281	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3282	0 \
				3283	-s "Protocol is TLSv1.3" \
				3284	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3285	-s "received signature algorithm: 0x603" \
				3286	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3287	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3288	-C "received HelloRetryRequest message"
				3289
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3290	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3291	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3292	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3293	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3294	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3295	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3296	requires_gnutls_tls1_3
				3297	requires_gnutls_next_no_ticket
				3298	requires_gnutls_next_disable_tls13_compat
				3299	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3300	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3301	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3302	0 \
				3303	-s "Protocol is TLSv1.3" \
				3304	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3305	-s "received signature algorithm: 0x804" \
				3306	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3307	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3308	-C "received HelloRetryRequest message"
				3309
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3310	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3311	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3312	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3313	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3314	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3315	requires_gnutls_tls1_3
				3316	requires_gnutls_next_no_ticket
				3317	requires_gnutls_next_disable_tls13_compat
				3318	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3319	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3320	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3321	0 \
				3322	-s "Protocol is TLSv1.3" \
				3323	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3324	-s "received signature algorithm: 0x403" \
				3325	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3326	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3327	-C "received HelloRetryRequest message"
				3328
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3329	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3330	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3331	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3332	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3333	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3334	requires_gnutls_tls1_3
				3335	requires_gnutls_next_no_ticket
				3336	requires_gnutls_next_disable_tls13_compat
				3337	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3338	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3339	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3340	0 \
				3341	-s "Protocol is TLSv1.3" \
				3342	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3343	-s "received signature algorithm: 0x503" \
				3344	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3345	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3346	-C "received HelloRetryRequest message"
				3347
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3348	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3349	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3350	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3351	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3352	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3353	requires_gnutls_tls1_3
				3354	requires_gnutls_next_no_ticket
				3355	requires_gnutls_next_disable_tls13_compat
				3356	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3357	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3358	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3359	0 \
				3360	-s "Protocol is TLSv1.3" \
				3361	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3362	-s "received signature algorithm: 0x603" \
				3363	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3364	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3365	-C "received HelloRetryRequest message"
				3366
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3367	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3368	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3369	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3370	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3371	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3372	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3373	requires_gnutls_tls1_3
				3374	requires_gnutls_next_no_ticket
				3375	requires_gnutls_next_disable_tls13_compat
				3376	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3377	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3378	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3379	0 \
				3380	-s "Protocol is TLSv1.3" \
				3381	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3382	-s "received signature algorithm: 0x804" \
				3383	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3384	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3385	-C "received HelloRetryRequest message"
				3386
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3387	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3388	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3389	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3390	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3391	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3392	requires_gnutls_tls1_3
				3393	requires_gnutls_next_no_ticket
				3394	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3395	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
				3396	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3397	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				3398	0 \
				3399	-s "Protocol is TLSv1.3" \
				3400	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3401	-s "received signature algorithm: 0x403" \
				3402	-s "got named group: ffdhe2048(0100)" \
				3403	-s "Certificate verification was skipped" \
				3404	-C "received HelloRetryRequest message"
				3405
				3406	requires_config_enabled MBEDTLS_SSL_SRV_C
				3407	requires_config_enabled MBEDTLS_DEBUG_C
				3408	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				3409	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3410	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3411	requires_gnutls_tls1_3
				3412	requires_gnutls_next_no_ticket
				3413	requires_gnutls_next_disable_tls13_compat
				3414	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
				3415	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3416	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				3417	0 \
				3418	-s "Protocol is TLSv1.3" \
				3419	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3420	-s "received signature algorithm: 0x503" \
				3421	-s "got named group: ffdhe2048(0100)" \
				3422	-s "Certificate verification was skipped" \
				3423	-C "received HelloRetryRequest message"
				3424
				3425	requires_config_enabled MBEDTLS_SSL_SRV_C
				3426	requires_config_enabled MBEDTLS_DEBUG_C
				3427	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				3428	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3429	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3430	requires_gnutls_tls1_3
				3431	requires_gnutls_next_no_ticket
				3432	requires_gnutls_next_disable_tls13_compat
				3433	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
				3434	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3435	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				3436	0 \
				3437	-s "Protocol is TLSv1.3" \
				3438	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3439	-s "received signature algorithm: 0x603" \
				3440	-s "got named group: ffdhe2048(0100)" \
				3441	-s "Certificate verification was skipped" \
				3442	-C "received HelloRetryRequest message"
				3443
				3444	requires_config_enabled MBEDTLS_SSL_SRV_C
				3445	requires_config_enabled MBEDTLS_DEBUG_C
				3446	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				3447	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3448	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3449	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3450	requires_gnutls_tls1_3
				3451	requires_gnutls_next_no_ticket
				3452	requires_gnutls_next_disable_tls13_compat
				3453	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
				3454	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3455	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				3456	0 \
				3457	-s "Protocol is TLSv1.3" \
				3458	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3459	-s "received signature algorithm: 0x804" \
				3460	-s "got named group: ffdhe2048(0100)" \
				3461	-s "Certificate verification was skipped" \
				3462	-C "received HelloRetryRequest message"
				3463
				3464	requires_config_enabled MBEDTLS_SSL_SRV_C
				3465	requires_config_enabled MBEDTLS_DEBUG_C
				3466	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				3467	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3468	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3469	requires_gnutls_tls1_3
				3470	requires_gnutls_next_no_ticket
				3471	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3472	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
				3473	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3474	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				3475	0 \
				3476	-s "Protocol is TLSv1.3" \
				3477	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3478	-s "received signature algorithm: 0x403" \
				3479	-s "got named group: ffdhe8192(0104)" \
				3480	-s "Certificate verification was skipped" \
				3481	-C "received HelloRetryRequest message"
				3482
				3483	requires_config_enabled MBEDTLS_SSL_SRV_C
				3484	requires_config_enabled MBEDTLS_DEBUG_C
				3485	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				3486	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3487	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3488	requires_gnutls_tls1_3
				3489	requires_gnutls_next_no_ticket
				3490	requires_gnutls_next_disable_tls13_compat
				3491	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
				3492	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3493	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				3494	0 \
				3495	-s "Protocol is TLSv1.3" \
				3496	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3497	-s "received signature algorithm: 0x503" \
				3498	-s "got named group: ffdhe8192(0104)" \
				3499	-s "Certificate verification was skipped" \
				3500	-C "received HelloRetryRequest message"
				3501
				3502	requires_config_enabled MBEDTLS_SSL_SRV_C
				3503	requires_config_enabled MBEDTLS_DEBUG_C
				3504	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				3505	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3506	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3507	requires_gnutls_tls1_3
				3508	requires_gnutls_next_no_ticket
				3509	requires_gnutls_next_disable_tls13_compat
				3510	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
				3511	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3512	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				3513	0 \
				3514	-s "Protocol is TLSv1.3" \
				3515	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3516	-s "received signature algorithm: 0x603" \
				3517	-s "got named group: ffdhe8192(0104)" \
				3518	-s "Certificate verification was skipped" \
				3519	-C "received HelloRetryRequest message"
				3520
				3521	requires_config_enabled MBEDTLS_SSL_SRV_C
				3522	requires_config_enabled MBEDTLS_DEBUG_C
				3523	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				3524	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3525	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3526	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3527	requires_gnutls_tls1_3
				3528	requires_gnutls_next_no_ticket
				3529	requires_gnutls_next_disable_tls13_compat
				3530	run_test "TLS 1.3 G->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
				3531	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3532	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				3533	0 \
				3534	-s "Protocol is TLSv1.3" \
				3535	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				3536	-s "received signature algorithm: 0x804" \
				3537	-s "got named group: ffdhe8192(0104)" \
				3538	-s "Certificate verification was skipped" \
				3539	-C "received HelloRetryRequest message"
				3540
				3541	requires_config_enabled MBEDTLS_SSL_SRV_C
				3542	requires_config_enabled MBEDTLS_DEBUG_C
				3543	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				3544	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3545	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3546	requires_gnutls_tls1_3
				3547	requires_gnutls_next_no_ticket
				3548	requires_gnutls_next_disable_tls13_compat
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3549	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3550	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3551	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3552	0 \
				3553	-s "Protocol is TLSv1.3" \
				3554	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3555	-s "received signature algorithm: 0x403" \
				3556	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3557	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3558	-C "received HelloRetryRequest message"
				3559
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3560	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3561	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3562	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3563	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3564	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3565	requires_gnutls_tls1_3
				3566	requires_gnutls_next_no_ticket
				3567	requires_gnutls_next_disable_tls13_compat
				3568	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3569	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3570	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3571	0 \
				3572	-s "Protocol is TLSv1.3" \
				3573	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3574	-s "received signature algorithm: 0x503" \
				3575	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3576	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3577	-C "received HelloRetryRequest message"
				3578
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3579	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3580	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3581	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3582	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3583	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3584	requires_gnutls_tls1_3
				3585	requires_gnutls_next_no_ticket
				3586	requires_gnutls_next_disable_tls13_compat
				3587	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3588	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3589	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3590	0 \
				3591	-s "Protocol is TLSv1.3" \
				3592	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3593	-s "received signature algorithm: 0x603" \
				3594	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3595	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3596	-C "received HelloRetryRequest message"
				3597
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3598	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3599	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3600	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3601	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3602	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3603	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3604	requires_gnutls_tls1_3
				3605	requires_gnutls_next_no_ticket
				3606	requires_gnutls_next_disable_tls13_compat
				3607	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3608	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3609	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3610	0 \
				3611	-s "Protocol is TLSv1.3" \
				3612	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3613	-s "received signature algorithm: 0x804" \
				3614	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3615	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3616	-C "received HelloRetryRequest message"
				3617
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3618	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3619	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3620	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3621	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3622	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3623	requires_gnutls_tls1_3
				3624	requires_gnutls_next_no_ticket
				3625	requires_gnutls_next_disable_tls13_compat
				3626	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3627	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3628	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3629	0 \
				3630	-s "Protocol is TLSv1.3" \
				3631	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3632	-s "received signature algorithm: 0x403" \
				3633	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3634	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3635	-C "received HelloRetryRequest message"
				3636
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3637	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3638	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3639	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3640	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3641	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3642	requires_gnutls_tls1_3
				3643	requires_gnutls_next_no_ticket
				3644	requires_gnutls_next_disable_tls13_compat
				3645	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3646	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3647	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3648	0 \
				3649	-s "Protocol is TLSv1.3" \
				3650	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3651	-s "received signature algorithm: 0x503" \
				3652	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3653	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3654	-C "received HelloRetryRequest message"
				3655
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3656	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3657	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3658	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3659	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3660	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3661	requires_gnutls_tls1_3
				3662	requires_gnutls_next_no_ticket
				3663	requires_gnutls_next_disable_tls13_compat
				3664	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3665	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3666	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3667	0 \
				3668	-s "Protocol is TLSv1.3" \
				3669	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3670	-s "received signature algorithm: 0x603" \
				3671	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3672	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3673	-C "received HelloRetryRequest message"
				3674
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3675	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3676	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3677	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3678	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3679	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3680	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3681	requires_gnutls_tls1_3
				3682	requires_gnutls_next_no_ticket
				3683	requires_gnutls_next_disable_tls13_compat
				3684	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3685	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3686	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3687	0 \
				3688	-s "Protocol is TLSv1.3" \
				3689	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3690	-s "received signature algorithm: 0x804" \
				3691	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3692	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3693	-C "received HelloRetryRequest message"
				3694
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3695	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3696	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3697	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3698	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3699	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3700	requires_gnutls_tls1_3
				3701	requires_gnutls_next_no_ticket
				3702	requires_gnutls_next_disable_tls13_compat
				3703	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3704	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3705	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3706	0 \
				3707	-s "Protocol is TLSv1.3" \
				3708	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3709	-s "received signature algorithm: 0x403" \
				3710	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3711	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3712	-C "received HelloRetryRequest message"
				3713
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3714	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3715	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3716	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3717	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3718	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3719	requires_gnutls_tls1_3
				3720	requires_gnutls_next_no_ticket
				3721	requires_gnutls_next_disable_tls13_compat
				3722	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3723	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3724	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3725	0 \
				3726	-s "Protocol is TLSv1.3" \
				3727	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3728	-s "received signature algorithm: 0x503" \
				3729	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3730	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3731	-C "received HelloRetryRequest message"
				3732
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3733	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3734	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3735	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3736	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3737	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3738	requires_gnutls_tls1_3
				3739	requires_gnutls_next_no_ticket
				3740	requires_gnutls_next_disable_tls13_compat
				3741	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3742	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3743	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3744	0 \
				3745	-s "Protocol is TLSv1.3" \
				3746	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3747	-s "received signature algorithm: 0x603" \
				3748	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3749	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3750	-C "received HelloRetryRequest message"
				3751
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3752	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3753	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3754	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3755	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3756	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3757	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3758	requires_gnutls_tls1_3
				3759	requires_gnutls_next_no_ticket
				3760	requires_gnutls_next_disable_tls13_compat
				3761	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3762	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3763	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3764	0 \
				3765	-s "Protocol is TLSv1.3" \
				3766	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3767	-s "received signature algorithm: 0x804" \
				3768	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3769	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3770	-C "received HelloRetryRequest message"
				3771
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3772	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3773	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3774	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3775	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3776	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3777	requires_gnutls_tls1_3
				3778	requires_gnutls_next_no_ticket
				3779	requires_gnutls_next_disable_tls13_compat
				3780	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3781	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3782	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3783	0 \
				3784	-s "Protocol is TLSv1.3" \
				3785	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3786	-s "received signature algorithm: 0x403" \
				3787	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3788	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3789	-C "received HelloRetryRequest message"
				3790
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3791	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3792	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3793	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3794	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3795	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3796	requires_gnutls_tls1_3
				3797	requires_gnutls_next_no_ticket
				3798	requires_gnutls_next_disable_tls13_compat
				3799	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3800	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3801	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3802	0 \
				3803	-s "Protocol is TLSv1.3" \
				3804	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3805	-s "received signature algorithm: 0x503" \
				3806	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3807	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3808	-C "received HelloRetryRequest message"
				3809
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3810	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3811	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3812	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3813	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3814	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3815	requires_gnutls_tls1_3
				3816	requires_gnutls_next_no_ticket
				3817	requires_gnutls_next_disable_tls13_compat
				3818	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3819	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3820	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3821	0 \
				3822	-s "Protocol is TLSv1.3" \
				3823	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3824	-s "received signature algorithm: 0x603" \
				3825	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3826	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3827	-C "received HelloRetryRequest message"
				3828
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3829	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3830	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3831	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3832	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3833	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3834	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3835	requires_gnutls_tls1_3
				3836	requires_gnutls_next_no_ticket
				3837	requires_gnutls_next_disable_tls13_compat
				3838	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3839	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3840	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3841	0 \
				3842	-s "Protocol is TLSv1.3" \
				3843	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3844	-s "received signature algorithm: 0x804" \
				3845	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3846	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3847	-C "received HelloRetryRequest message"
				3848
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3849	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3850	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3851	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3852	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3853	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3854	requires_gnutls_tls1_3
				3855	requires_gnutls_next_no_ticket
				3856	requires_gnutls_next_disable_tls13_compat
				3857	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3858	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3859	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3860	0 \
				3861	-s "Protocol is TLSv1.3" \
				3862	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3863	-s "received signature algorithm: 0x403" \
				3864	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3865	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3866	-C "received HelloRetryRequest message"
				3867
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3868	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3869	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3870	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3871	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3872	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3873	requires_gnutls_tls1_3
				3874	requires_gnutls_next_no_ticket
				3875	requires_gnutls_next_disable_tls13_compat
				3876	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3877	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3878	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3879	0 \
				3880	-s "Protocol is TLSv1.3" \
				3881	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3882	-s "received signature algorithm: 0x503" \
				3883	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3884	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3885	-C "received HelloRetryRequest message"
				3886
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3887	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3888	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3889	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3890	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3891	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3892	requires_gnutls_tls1_3
				3893	requires_gnutls_next_no_ticket
				3894	requires_gnutls_next_disable_tls13_compat
				3895	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3896	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3897	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3898	0 \
				3899	-s "Protocol is TLSv1.3" \
				3900	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3901	-s "received signature algorithm: 0x603" \
				3902	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3903	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3904	-C "received HelloRetryRequest message"
				3905
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3906	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3907	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3908	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3909	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3910	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3911	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3912	requires_gnutls_tls1_3
				3913	requires_gnutls_next_no_ticket
				3914	requires_gnutls_next_disable_tls13_compat
				3915	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	3916	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	3917	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3918	0 \
				3919	-s "Protocol is TLSv1.3" \
				3920	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3921	-s "received signature algorithm: 0x804" \
				3922	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	3923	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3924	-C "received HelloRetryRequest message"
				3925
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	3926	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	3927	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	3928	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3929	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3930	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	3931	requires_gnutls_tls1_3
				3932	requires_gnutls_next_no_ticket
				3933	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3934	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				3935	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3936	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				3937	0 \
				3938	-s "Protocol is TLSv1.3" \
				3939	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3940	-s "received signature algorithm: 0x403" \
				3941	-s "got named group: ffdhe2048(0100)" \
				3942	-s "Certificate verification was skipped" \
				3943	-C "received HelloRetryRequest message"
				3944
				3945	requires_config_enabled MBEDTLS_SSL_SRV_C
				3946	requires_config_enabled MBEDTLS_DEBUG_C
				3947	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				3948	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3949	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3950	requires_gnutls_tls1_3
				3951	requires_gnutls_next_no_ticket
				3952	requires_gnutls_next_disable_tls13_compat
				3953	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				3954	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3955	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				3956	0 \
				3957	-s "Protocol is TLSv1.3" \
				3958	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3959	-s "received signature algorithm: 0x503" \
				3960	-s "got named group: ffdhe2048(0100)" \
				3961	-s "Certificate verification was skipped" \
				3962	-C "received HelloRetryRequest message"
				3963
				3964	requires_config_enabled MBEDTLS_SSL_SRV_C
				3965	requires_config_enabled MBEDTLS_DEBUG_C
				3966	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				3967	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3968	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3969	requires_gnutls_tls1_3
				3970	requires_gnutls_next_no_ticket
				3971	requires_gnutls_next_disable_tls13_compat
				3972	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				3973	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3974	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				3975	0 \
				3976	-s "Protocol is TLSv1.3" \
				3977	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3978	-s "received signature algorithm: 0x603" \
				3979	-s "got named group: ffdhe2048(0100)" \
				3980	-s "Certificate verification was skipped" \
				3981	-C "received HelloRetryRequest message"
				3982
				3983	requires_config_enabled MBEDTLS_SSL_SRV_C
				3984	requires_config_enabled MBEDTLS_DEBUG_C
				3985	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				3986	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				3987	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	3988	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	3989	requires_gnutls_tls1_3
				3990	requires_gnutls_next_no_ticket
				3991	requires_gnutls_next_disable_tls13_compat
				3992	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				3993	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				3994	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				3995	0 \
				3996	-s "Protocol is TLSv1.3" \
				3997	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				3998	-s "received signature algorithm: 0x804" \
				3999	-s "got named group: ffdhe2048(0100)" \
				4000	-s "Certificate verification was skipped" \
				4001	-C "received HelloRetryRequest message"
				4002
				4003	requires_config_enabled MBEDTLS_SSL_SRV_C
				4004	requires_config_enabled MBEDTLS_DEBUG_C
				4005	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				4006	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4007	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4008	requires_gnutls_tls1_3
				4009	requires_gnutls_next_no_ticket
				4010	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4011	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				4012	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				4013	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				4014	0 \
				4015	-s "Protocol is TLSv1.3" \
				4016	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				4017	-s "received signature algorithm: 0x403" \
				4018	-s "got named group: ffdhe8192(0104)" \
				4019	-s "Certificate verification was skipped" \
				4020	-C "received HelloRetryRequest message"
				4021
				4022	requires_config_enabled MBEDTLS_SSL_SRV_C
				4023	requires_config_enabled MBEDTLS_DEBUG_C
				4024	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				4025	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4026	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4027	requires_gnutls_tls1_3
				4028	requires_gnutls_next_no_ticket
				4029	requires_gnutls_next_disable_tls13_compat
				4030	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				4031	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				4032	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				4033	0 \
				4034	-s "Protocol is TLSv1.3" \
				4035	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				4036	-s "received signature algorithm: 0x503" \
				4037	-s "got named group: ffdhe8192(0104)" \
				4038	-s "Certificate verification was skipped" \
				4039	-C "received HelloRetryRequest message"
				4040
				4041	requires_config_enabled MBEDTLS_SSL_SRV_C
				4042	requires_config_enabled MBEDTLS_DEBUG_C
				4043	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				4044	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4045	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4046	requires_gnutls_tls1_3
				4047	requires_gnutls_next_no_ticket
				4048	requires_gnutls_next_disable_tls13_compat
				4049	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				4050	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				4051	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				4052	0 \
				4053	-s "Protocol is TLSv1.3" \
				4054	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				4055	-s "received signature algorithm: 0x603" \
				4056	-s "got named group: ffdhe8192(0104)" \
				4057	-s "Certificate verification was skipped" \
				4058	-C "received HelloRetryRequest message"
				4059
				4060	requires_config_enabled MBEDTLS_SSL_SRV_C
				4061	requires_config_enabled MBEDTLS_DEBUG_C
				4062	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				4063	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4064	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4065	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4066	requires_gnutls_tls1_3
				4067	requires_gnutls_next_no_ticket
				4068	requires_gnutls_next_disable_tls13_compat
				4069	run_test "TLS 1.3 G->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				4070	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				4071	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				4072	0 \
				4073	-s "Protocol is TLSv1.3" \
				4074	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				4075	-s "received signature algorithm: 0x804" \
				4076	-s "got named group: ffdhe8192(0104)" \
				4077	-s "Certificate verification was skipped" \
				4078	-C "received HelloRetryRequest message"
				4079
				4080	requires_config_enabled MBEDTLS_SSL_SRV_C
				4081	requires_config_enabled MBEDTLS_DEBUG_C
				4082	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				4083	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4084	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4085	requires_gnutls_tls1_3
				4086	requires_gnutls_next_no_ticket
				4087	requires_gnutls_next_disable_tls13_compat
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4088	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4089	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4090	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4091	0 \
				4092	-s "Protocol is TLSv1.3" \
				4093	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4094	-s "received signature algorithm: 0x403" \
				4095	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4096	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4097	-C "received HelloRetryRequest message"
				4098
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4099	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4100	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4101	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4102	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4103	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4104	requires_gnutls_tls1_3
				4105	requires_gnutls_next_no_ticket
				4106	requires_gnutls_next_disable_tls13_compat
				4107	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4108	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4109	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4110	0 \
				4111	-s "Protocol is TLSv1.3" \
				4112	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4113	-s "received signature algorithm: 0x503" \
				4114	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4115	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4116	-C "received HelloRetryRequest message"
				4117
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4118	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4119	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4120	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4121	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4122	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4123	requires_gnutls_tls1_3
				4124	requires_gnutls_next_no_ticket
				4125	requires_gnutls_next_disable_tls13_compat
				4126	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4127	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4128	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4129	0 \
				4130	-s "Protocol is TLSv1.3" \
				4131	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4132	-s "received signature algorithm: 0x603" \
				4133	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4134	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4135	-C "received HelloRetryRequest message"
				4136
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4137	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4138	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4139	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4140	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4141	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4142	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4143	requires_gnutls_tls1_3
				4144	requires_gnutls_next_no_ticket
				4145	requires_gnutls_next_disable_tls13_compat
				4146	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4147	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4148	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4149	0 \
				4150	-s "Protocol is TLSv1.3" \
				4151	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4152	-s "received signature algorithm: 0x804" \
				4153	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4154	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4155	-C "received HelloRetryRequest message"
				4156
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4157	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4158	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4159	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4160	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4161	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4162	requires_gnutls_tls1_3
				4163	requires_gnutls_next_no_ticket
				4164	requires_gnutls_next_disable_tls13_compat
				4165	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4166	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4167	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4168	0 \
				4169	-s "Protocol is TLSv1.3" \
				4170	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4171	-s "received signature algorithm: 0x403" \
				4172	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4173	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4174	-C "received HelloRetryRequest message"
				4175
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4176	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4177	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4178	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4179	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4180	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4181	requires_gnutls_tls1_3
				4182	requires_gnutls_next_no_ticket
				4183	requires_gnutls_next_disable_tls13_compat
				4184	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4185	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4186	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4187	0 \
				4188	-s "Protocol is TLSv1.3" \
				4189	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4190	-s "received signature algorithm: 0x503" \
				4191	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4192	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4193	-C "received HelloRetryRequest message"
				4194
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4195	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4196	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4197	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4198	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4199	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4200	requires_gnutls_tls1_3
				4201	requires_gnutls_next_no_ticket
				4202	requires_gnutls_next_disable_tls13_compat
				4203	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4204	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4205	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4206	0 \
				4207	-s "Protocol is TLSv1.3" \
				4208	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4209	-s "received signature algorithm: 0x603" \
				4210	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4211	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4212	-C "received HelloRetryRequest message"
				4213
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4214	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4215	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4216	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4217	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4218	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4219	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4220	requires_gnutls_tls1_3
				4221	requires_gnutls_next_no_ticket
				4222	requires_gnutls_next_disable_tls13_compat
				4223	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4224	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4225	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4226	0 \
				4227	-s "Protocol is TLSv1.3" \
				4228	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4229	-s "received signature algorithm: 0x804" \
				4230	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4231	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4232	-C "received HelloRetryRequest message"
				4233
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4234	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4235	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4236	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4237	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4238	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4239	requires_gnutls_tls1_3
				4240	requires_gnutls_next_no_ticket
				4241	requires_gnutls_next_disable_tls13_compat
				4242	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4243	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4244	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4245	0 \
				4246	-s "Protocol is TLSv1.3" \
				4247	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4248	-s "received signature algorithm: 0x403" \
				4249	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4250	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4251	-C "received HelloRetryRequest message"
				4252
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4253	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4254	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4255	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4256	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4257	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4258	requires_gnutls_tls1_3
				4259	requires_gnutls_next_no_ticket
				4260	requires_gnutls_next_disable_tls13_compat
				4261	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4262	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4263	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4264	0 \
				4265	-s "Protocol is TLSv1.3" \
				4266	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4267	-s "received signature algorithm: 0x503" \
				4268	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4269	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4270	-C "received HelloRetryRequest message"
				4271
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4272	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4273	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4274	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4275	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4276	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4277	requires_gnutls_tls1_3
				4278	requires_gnutls_next_no_ticket
				4279	requires_gnutls_next_disable_tls13_compat
				4280	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4281	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4282	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4283	0 \
				4284	-s "Protocol is TLSv1.3" \
				4285	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4286	-s "received signature algorithm: 0x603" \
				4287	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4288	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4289	-C "received HelloRetryRequest message"
				4290
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4291	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4292	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4293	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4294	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4295	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4296	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4297	requires_gnutls_tls1_3
				4298	requires_gnutls_next_no_ticket
				4299	requires_gnutls_next_disable_tls13_compat
				4300	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4301	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4302	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4303	0 \
				4304	-s "Protocol is TLSv1.3" \
				4305	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4306	-s "received signature algorithm: 0x804" \
				4307	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4308	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4309	-C "received HelloRetryRequest message"
				4310
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4311	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4312	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4313	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4314	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4315	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4316	requires_gnutls_tls1_3
				4317	requires_gnutls_next_no_ticket
				4318	requires_gnutls_next_disable_tls13_compat
				4319	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4320	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4321	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4322	0 \
				4323	-s "Protocol is TLSv1.3" \
				4324	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4325	-s "received signature algorithm: 0x403" \
				4326	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4327	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4328	-C "received HelloRetryRequest message"
				4329
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4330	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4331	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4332	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4333	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4334	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4335	requires_gnutls_tls1_3
				4336	requires_gnutls_next_no_ticket
				4337	requires_gnutls_next_disable_tls13_compat
				4338	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4339	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4340	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4341	0 \
				4342	-s "Protocol is TLSv1.3" \
				4343	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4344	-s "received signature algorithm: 0x503" \
				4345	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4346	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4347	-C "received HelloRetryRequest message"
				4348
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4349	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4350	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4351	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4352	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4353	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4354	requires_gnutls_tls1_3
				4355	requires_gnutls_next_no_ticket
				4356	requires_gnutls_next_disable_tls13_compat
				4357	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4358	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4359	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4360	0 \
				4361	-s "Protocol is TLSv1.3" \
				4362	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4363	-s "received signature algorithm: 0x603" \
				4364	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4365	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4366	-C "received HelloRetryRequest message"
				4367
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4368	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4369	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4370	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4371	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4372	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4373	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4374	requires_gnutls_tls1_3
				4375	requires_gnutls_next_no_ticket
				4376	requires_gnutls_next_disable_tls13_compat
				4377	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4378	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4379	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4380	0 \
				4381	-s "Protocol is TLSv1.3" \
				4382	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4383	-s "received signature algorithm: 0x804" \
				4384	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4385	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4386	-C "received HelloRetryRequest message"
				4387
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4388	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4389	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4390	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4391	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4392	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4393	requires_gnutls_tls1_3
				4394	requires_gnutls_next_no_ticket
				4395	requires_gnutls_next_disable_tls13_compat
				4396	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4397	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4398	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4399	0 \
				4400	-s "Protocol is TLSv1.3" \
				4401	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4402	-s "received signature algorithm: 0x403" \
				4403	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4404	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4405	-C "received HelloRetryRequest message"
				4406
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4407	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4408	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4409	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4410	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4411	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4412	requires_gnutls_tls1_3
				4413	requires_gnutls_next_no_ticket
				4414	requires_gnutls_next_disable_tls13_compat
				4415	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4416	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4417	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4418	0 \
				4419	-s "Protocol is TLSv1.3" \
				4420	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4421	-s "received signature algorithm: 0x503" \
				4422	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4423	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4424	-C "received HelloRetryRequest message"
				4425
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4426	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4427	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4428	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4429	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4430	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4431	requires_gnutls_tls1_3
				4432	requires_gnutls_next_no_ticket
				4433	requires_gnutls_next_disable_tls13_compat
				4434	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4435	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4436	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4437	0 \
				4438	-s "Protocol is TLSv1.3" \
				4439	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4440	-s "received signature algorithm: 0x603" \
				4441	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4442	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4443	-C "received HelloRetryRequest message"
				4444
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4445	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4446	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4447	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4448	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4449	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4450	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4451	requires_gnutls_tls1_3
				4452	requires_gnutls_next_no_ticket
				4453	requires_gnutls_next_disable_tls13_compat
				4454	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4455	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4456	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4457	0 \
				4458	-s "Protocol is TLSv1.3" \
				4459	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4460	-s "received signature algorithm: 0x804" \
				4461	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4462	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4463	-C "received HelloRetryRequest message"
				4464
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4465	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4466	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4467	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4468	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4469	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4470	requires_gnutls_tls1_3
				4471	requires_gnutls_next_no_ticket
				4472	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4473	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				4474	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				4475	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				4476	0 \
				4477	-s "Protocol is TLSv1.3" \
				4478	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4479	-s "received signature algorithm: 0x403" \
				4480	-s "got named group: ffdhe2048(0100)" \
				4481	-s "Certificate verification was skipped" \
				4482	-C "received HelloRetryRequest message"
				4483
				4484	requires_config_enabled MBEDTLS_SSL_SRV_C
				4485	requires_config_enabled MBEDTLS_DEBUG_C
				4486	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				4487	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4488	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4489	requires_gnutls_tls1_3
				4490	requires_gnutls_next_no_ticket
				4491	requires_gnutls_next_disable_tls13_compat
				4492	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				4493	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				4494	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				4495	0 \
				4496	-s "Protocol is TLSv1.3" \
				4497	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4498	-s "received signature algorithm: 0x503" \
				4499	-s "got named group: ffdhe2048(0100)" \
				4500	-s "Certificate verification was skipped" \
				4501	-C "received HelloRetryRequest message"
				4502
				4503	requires_config_enabled MBEDTLS_SSL_SRV_C
				4504	requires_config_enabled MBEDTLS_DEBUG_C
				4505	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				4506	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4507	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4508	requires_gnutls_tls1_3
				4509	requires_gnutls_next_no_ticket
				4510	requires_gnutls_next_disable_tls13_compat
				4511	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				4512	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				4513	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				4514	0 \
				4515	-s "Protocol is TLSv1.3" \
				4516	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4517	-s "received signature algorithm: 0x603" \
				4518	-s "got named group: ffdhe2048(0100)" \
				4519	-s "Certificate verification was skipped" \
				4520	-C "received HelloRetryRequest message"
				4521
				4522	requires_config_enabled MBEDTLS_SSL_SRV_C
				4523	requires_config_enabled MBEDTLS_DEBUG_C
				4524	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				4525	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4526	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4527	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4528	requires_gnutls_tls1_3
				4529	requires_gnutls_next_no_ticket
				4530	requires_gnutls_next_disable_tls13_compat
				4531	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				4532	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				4533	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				4534	0 \
				4535	-s "Protocol is TLSv1.3" \
				4536	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4537	-s "received signature algorithm: 0x804" \
				4538	-s "got named group: ffdhe2048(0100)" \
				4539	-s "Certificate verification was skipped" \
				4540	-C "received HelloRetryRequest message"
				4541
				4542	requires_config_enabled MBEDTLS_SSL_SRV_C
				4543	requires_config_enabled MBEDTLS_DEBUG_C
				4544	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				4545	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4546	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4547	requires_gnutls_tls1_3
				4548	requires_gnutls_next_no_ticket
				4549	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4550	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				4551	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				4552	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				4553	0 \
				4554	-s "Protocol is TLSv1.3" \
				4555	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4556	-s "received signature algorithm: 0x403" \
				4557	-s "got named group: ffdhe8192(0104)" \
				4558	-s "Certificate verification was skipped" \
				4559	-C "received HelloRetryRequest message"
				4560
				4561	requires_config_enabled MBEDTLS_SSL_SRV_C
				4562	requires_config_enabled MBEDTLS_DEBUG_C
				4563	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				4564	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4565	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4566	requires_gnutls_tls1_3
				4567	requires_gnutls_next_no_ticket
				4568	requires_gnutls_next_disable_tls13_compat
				4569	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				4570	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				4571	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				4572	0 \
				4573	-s "Protocol is TLSv1.3" \
				4574	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4575	-s "received signature algorithm: 0x503" \
				4576	-s "got named group: ffdhe8192(0104)" \
				4577	-s "Certificate verification was skipped" \
				4578	-C "received HelloRetryRequest message"
				4579
				4580	requires_config_enabled MBEDTLS_SSL_SRV_C
				4581	requires_config_enabled MBEDTLS_DEBUG_C
				4582	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				4583	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4584	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4585	requires_gnutls_tls1_3
				4586	requires_gnutls_next_no_ticket
				4587	requires_gnutls_next_disable_tls13_compat
				4588	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				4589	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				4590	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				4591	0 \
				4592	-s "Protocol is TLSv1.3" \
				4593	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4594	-s "received signature algorithm: 0x603" \
				4595	-s "got named group: ffdhe8192(0104)" \
				4596	-s "Certificate verification was skipped" \
				4597	-C "received HelloRetryRequest message"
				4598
				4599	requires_config_enabled MBEDTLS_SSL_SRV_C
				4600	requires_config_enabled MBEDTLS_DEBUG_C
				4601	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				4602	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4603	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4604	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4605	requires_gnutls_tls1_3
				4606	requires_gnutls_next_no_ticket
				4607	requires_gnutls_next_disable_tls13_compat
				4608	run_test "TLS 1.3 G->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				4609	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				4610	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				4611	0 \
				4612	-s "Protocol is TLSv1.3" \
				4613	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				4614	-s "received signature algorithm: 0x804" \
				4615	-s "got named group: ffdhe8192(0104)" \
				4616	-s "Certificate verification was skipped" \
				4617	-C "received HelloRetryRequest message"
				4618
				4619	requires_config_enabled MBEDTLS_SSL_SRV_C
				4620	requires_config_enabled MBEDTLS_DEBUG_C
				4621	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				4622	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4623	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	4624	requires_gnutls_tls1_3
				4625	requires_gnutls_next_no_ticket
				4626	requires_gnutls_next_disable_tls13_compat
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4627	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4628	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4629	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4630	0 \
				4631	-s "Protocol is TLSv1.3" \
				4632	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4633	-s "received signature algorithm: 0x403" \
				4634	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4635	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4636	-C "received HelloRetryRequest message"
				4637
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4638	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4639	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4640	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4641	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4642	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4643	requires_gnutls_tls1_3
				4644	requires_gnutls_next_no_ticket
				4645	requires_gnutls_next_disable_tls13_compat
				4646	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4647	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4648	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4649	0 \
				4650	-s "Protocol is TLSv1.3" \
				4651	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4652	-s "received signature algorithm: 0x503" \
				4653	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4654	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4655	-C "received HelloRetryRequest message"
				4656
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4657	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4658	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4659	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4660	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4661	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4662	requires_gnutls_tls1_3
				4663	requires_gnutls_next_no_ticket
				4664	requires_gnutls_next_disable_tls13_compat
				4665	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4666	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4667	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4668	0 \
				4669	-s "Protocol is TLSv1.3" \
				4670	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4671	-s "received signature algorithm: 0x603" \
				4672	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4673	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4674	-C "received HelloRetryRequest message"
				4675
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4676	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4677	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4678	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4679	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4680	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4681	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4682	requires_gnutls_tls1_3
				4683	requires_gnutls_next_no_ticket
				4684	requires_gnutls_next_disable_tls13_compat
				4685	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4686	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4687	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4688	0 \
				4689	-s "Protocol is TLSv1.3" \
				4690	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4691	-s "received signature algorithm: 0x804" \
				4692	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4693	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4694	-C "received HelloRetryRequest message"
				4695
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4696	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4697	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4698	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4699	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4700	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4701	requires_gnutls_tls1_3
				4702	requires_gnutls_next_no_ticket
				4703	requires_gnutls_next_disable_tls13_compat
				4704	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4705	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4706	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4707	0 \
				4708	-s "Protocol is TLSv1.3" \
				4709	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4710	-s "received signature algorithm: 0x403" \
				4711	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4712	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4713	-C "received HelloRetryRequest message"
				4714
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4715	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4716	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4717	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4718	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4719	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4720	requires_gnutls_tls1_3
				4721	requires_gnutls_next_no_ticket
				4722	requires_gnutls_next_disable_tls13_compat
				4723	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4724	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4725	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4726	0 \
				4727	-s "Protocol is TLSv1.3" \
				4728	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4729	-s "received signature algorithm: 0x503" \
				4730	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4731	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4732	-C "received HelloRetryRequest message"
				4733
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4734	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4735	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4736	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4737	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4738	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4739	requires_gnutls_tls1_3
				4740	requires_gnutls_next_no_ticket
				4741	requires_gnutls_next_disable_tls13_compat
				4742	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4743	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4744	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4745	0 \
				4746	-s "Protocol is TLSv1.3" \
				4747	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4748	-s "received signature algorithm: 0x603" \
				4749	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4750	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4751	-C "received HelloRetryRequest message"
				4752
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4753	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4754	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4755	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4756	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4757	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4758	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4759	requires_gnutls_tls1_3
				4760	requires_gnutls_next_no_ticket
				4761	requires_gnutls_next_disable_tls13_compat
				4762	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4763	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4764	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4765	0 \
				4766	-s "Protocol is TLSv1.3" \
				4767	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4768	-s "received signature algorithm: 0x804" \
				4769	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4770	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4771	-C "received HelloRetryRequest message"
				4772
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4773	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4774	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4775	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4776	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4777	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4778	requires_gnutls_tls1_3
				4779	requires_gnutls_next_no_ticket
				4780	requires_gnutls_next_disable_tls13_compat
				4781	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4782	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4783	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4784	0 \
				4785	-s "Protocol is TLSv1.3" \
				4786	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4787	-s "received signature algorithm: 0x403" \
				4788	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4789	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4790	-C "received HelloRetryRequest message"
				4791
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4792	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4793	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4794	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4795	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4796	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4797	requires_gnutls_tls1_3
				4798	requires_gnutls_next_no_ticket
				4799	requires_gnutls_next_disable_tls13_compat
				4800	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4801	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4802	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4803	0 \
				4804	-s "Protocol is TLSv1.3" \
				4805	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4806	-s "received signature algorithm: 0x503" \
				4807	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4808	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4809	-C "received HelloRetryRequest message"
				4810
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4811	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4812	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4813	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4814	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4815	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4816	requires_gnutls_tls1_3
				4817	requires_gnutls_next_no_ticket
				4818	requires_gnutls_next_disable_tls13_compat
				4819	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4820	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4821	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4822	0 \
				4823	-s "Protocol is TLSv1.3" \
				4824	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4825	-s "received signature algorithm: 0x603" \
				4826	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4827	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4828	-C "received HelloRetryRequest message"
				4829
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4830	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4831	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4832	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4833	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4834	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4835	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4836	requires_gnutls_tls1_3
				4837	requires_gnutls_next_no_ticket
				4838	requires_gnutls_next_disable_tls13_compat
				4839	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4840	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4841	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4842	0 \
				4843	-s "Protocol is TLSv1.3" \
				4844	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4845	-s "received signature algorithm: 0x804" \
				4846	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4847	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4848	-C "received HelloRetryRequest message"
				4849
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4850	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4851	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4852	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4853	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4854	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4855	requires_gnutls_tls1_3
				4856	requires_gnutls_next_no_ticket
				4857	requires_gnutls_next_disable_tls13_compat
				4858	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4859	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4860	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4861	0 \
				4862	-s "Protocol is TLSv1.3" \
				4863	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4864	-s "received signature algorithm: 0x403" \
				4865	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4866	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4867	-C "received HelloRetryRequest message"
				4868
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4869	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4870	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4871	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4872	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4873	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4874	requires_gnutls_tls1_3
				4875	requires_gnutls_next_no_ticket
				4876	requires_gnutls_next_disable_tls13_compat
				4877	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4878	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4879	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4880	0 \
				4881	-s "Protocol is TLSv1.3" \
				4882	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4883	-s "received signature algorithm: 0x503" \
				4884	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4885	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4886	-C "received HelloRetryRequest message"
				4887
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4888	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4889	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4890	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4891	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4892	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4893	requires_gnutls_tls1_3
				4894	requires_gnutls_next_no_ticket
				4895	requires_gnutls_next_disable_tls13_compat
				4896	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4897	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4898	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4899	0 \
				4900	-s "Protocol is TLSv1.3" \
				4901	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4902	-s "received signature algorithm: 0x603" \
				4903	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4904	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4905	-C "received HelloRetryRequest message"
				4906
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4907	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4908	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4909	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4910	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4911	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4912	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4913	requires_gnutls_tls1_3
				4914	requires_gnutls_next_no_ticket
				4915	requires_gnutls_next_disable_tls13_compat
				4916	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4917	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4918	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4919	0 \
				4920	-s "Protocol is TLSv1.3" \
				4921	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4922	-s "received signature algorithm: 0x804" \
				4923	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4924	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4925	-C "received HelloRetryRequest message"
				4926
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4927	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4928	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4929	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4930	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4931	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4932	requires_gnutls_tls1_3
				4933	requires_gnutls_next_no_ticket
				4934	requires_gnutls_next_disable_tls13_compat
				4935	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4936	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4937	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4938	0 \
				4939	-s "Protocol is TLSv1.3" \
				4940	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4941	-s "received signature algorithm: 0x403" \
				4942	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4943	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4944	-C "received HelloRetryRequest message"
				4945
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4946	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4947	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4948	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4949	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4950	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4951	requires_gnutls_tls1_3
				4952	requires_gnutls_next_no_ticket
				4953	requires_gnutls_next_disable_tls13_compat
				4954	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4955	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4956	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4957	0 \
				4958	-s "Protocol is TLSv1.3" \
				4959	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4960	-s "received signature algorithm: 0x503" \
				4961	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4962	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4963	-C "received HelloRetryRequest message"
				4964
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4965	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4966	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4967	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4968	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4969	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4970	requires_gnutls_tls1_3
				4971	requires_gnutls_next_no_ticket
				4972	requires_gnutls_next_disable_tls13_compat
				4973	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4974	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4975	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4976	0 \
				4977	-s "Protocol is TLSv1.3" \
				4978	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4979	-s "received signature algorithm: 0x603" \
				4980	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	4981	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4982	-C "received HelloRetryRequest message"
				4983
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	4984	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	4985	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	4986	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4987	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				4988	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	4989	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4990	requires_gnutls_tls1_3
				4991	requires_gnutls_next_no_ticket
				4992	requires_gnutls_next_disable_tls13_compat
				4993	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	4994	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	4995	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	4996	0 \
				4997	-s "Protocol is TLSv1.3" \
				4998	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				4999	-s "received signature algorithm: 0x804" \
				5000	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	5001	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	5002	-C "received HelloRetryRequest message"
				5003
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5004	requires_config_enabled MBEDTLS_SSL_SRV_C
				5005	requires_config_enabled MBEDTLS_DEBUG_C
				5006	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5007	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5008	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5009	requires_gnutls_tls1_3
				5010	requires_gnutls_next_no_ticket
				5011	requires_gnutls_next_disable_tls13_compat
				5012	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				5013	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				5014	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				5015	0 \
				5016	-s "Protocol is TLSv1.3" \
				5017	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				5018	-s "received signature algorithm: 0x403" \
				5019	-s "got named group: ffdhe2048(0100)" \
				5020	-s "Certificate verification was skipped" \
				5021	-C "received HelloRetryRequest message"
				5022
				5023	requires_config_enabled MBEDTLS_SSL_SRV_C
				5024	requires_config_enabled MBEDTLS_DEBUG_C
				5025	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5026	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5027	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5028	requires_gnutls_tls1_3
				5029	requires_gnutls_next_no_ticket
				5030	requires_gnutls_next_disable_tls13_compat
				5031	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				5032	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				5033	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				5034	0 \
				5035	-s "Protocol is TLSv1.3" \
				5036	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				5037	-s "received signature algorithm: 0x503" \
				5038	-s "got named group: ffdhe2048(0100)" \
				5039	-s "Certificate verification was skipped" \
				5040	-C "received HelloRetryRequest message"
				5041
				5042	requires_config_enabled MBEDTLS_SSL_SRV_C
				5043	requires_config_enabled MBEDTLS_DEBUG_C
				5044	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5045	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5046	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5047	requires_gnutls_tls1_3
				5048	requires_gnutls_next_no_ticket
				5049	requires_gnutls_next_disable_tls13_compat
				5050	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				5051	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				5052	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				5053	0 \
				5054	-s "Protocol is TLSv1.3" \
				5055	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				5056	-s "received signature algorithm: 0x603" \
				5057	-s "got named group: ffdhe2048(0100)" \
				5058	-s "Certificate verification was skipped" \
				5059	-C "received HelloRetryRequest message"
				5060
				5061	requires_config_enabled MBEDTLS_SSL_SRV_C
				5062	requires_config_enabled MBEDTLS_DEBUG_C
				5063	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5064	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5065	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5066	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5067	requires_gnutls_tls1_3
				5068	requires_gnutls_next_no_ticket
				5069	requires_gnutls_next_disable_tls13_compat
				5070	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				5071	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				5072	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				5073	0 \
				5074	-s "Protocol is TLSv1.3" \
				5075	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				5076	-s "received signature algorithm: 0x804" \
				5077	-s "got named group: ffdhe2048(0100)" \
				5078	-s "Certificate verification was skipped" \
				5079	-C "received HelloRetryRequest message"
				5080
				5081	requires_config_enabled MBEDTLS_SSL_SRV_C
				5082	requires_config_enabled MBEDTLS_DEBUG_C
				5083	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5084	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5085	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5086	requires_gnutls_tls1_3
				5087	requires_gnutls_next_no_ticket
				5088	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5089	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				5090	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				5091	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				5092	0 \
				5093	-s "Protocol is TLSv1.3" \
				5094	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				5095	-s "received signature algorithm: 0x403" \
				5096	-s "got named group: ffdhe8192(0104)" \
				5097	-s "Certificate verification was skipped" \
				5098	-C "received HelloRetryRequest message"
				5099
				5100	requires_config_enabled MBEDTLS_SSL_SRV_C
				5101	requires_config_enabled MBEDTLS_DEBUG_C
				5102	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5103	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5104	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5105	requires_gnutls_tls1_3
				5106	requires_gnutls_next_no_ticket
				5107	requires_gnutls_next_disable_tls13_compat
				5108	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				5109	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				5110	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				5111	0 \
				5112	-s "Protocol is TLSv1.3" \
				5113	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				5114	-s "received signature algorithm: 0x503" \
				5115	-s "got named group: ffdhe8192(0104)" \
				5116	-s "Certificate verification was skipped" \
				5117	-C "received HelloRetryRequest message"
				5118
				5119	requires_config_enabled MBEDTLS_SSL_SRV_C
				5120	requires_config_enabled MBEDTLS_DEBUG_C
				5121	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5122	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5123	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5124	requires_gnutls_tls1_3
				5125	requires_gnutls_next_no_ticket
				5126	requires_gnutls_next_disable_tls13_compat
				5127	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				5128	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				5129	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				5130	0 \
				5131	-s "Protocol is TLSv1.3" \
				5132	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				5133	-s "received signature algorithm: 0x603" \
				5134	-s "got named group: ffdhe8192(0104)" \
				5135	-s "Certificate verification was skipped" \
				5136	-C "received HelloRetryRequest message"
				5137
				5138	requires_config_enabled MBEDTLS_SSL_SRV_C
				5139	requires_config_enabled MBEDTLS_DEBUG_C
				5140	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5141	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5142	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5143	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5144	requires_gnutls_tls1_3
				5145	requires_gnutls_next_no_ticket
				5146	requires_gnutls_next_disable_tls13_compat
				5147	run_test "TLS 1.3 G->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				5148	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				5149	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				5150	0 \
				5151	-s "Protocol is TLSv1.3" \
				5152	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				5153	-s "received signature algorithm: 0x804" \
				5154	-s "got named group: ffdhe8192(0104)" \
				5155	-s "Certificate verification was skipped" \
				5156	-C "received HelloRetryRequest message"
				5157
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5158	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5159	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5160	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5161	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5162	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5163	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5164	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5165	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5166	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5167	0 \
				5168	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5169	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5170	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5171	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5172	-c "NamedGroup: secp256r1 ( 17 )" \
				5173	-c "Verifying peer X.509 certificate... ok" \
				5174	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5175
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5176	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5177	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5178	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5179	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5180	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5181	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5182	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5183	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5184	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5185	0 \
				5186	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5187	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5188	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5189	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5190	-c "NamedGroup: secp256r1 ( 17 )" \
				5191	-c "Verifying peer X.509 certificate... ok" \
				5192	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5193
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5194	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5195	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5196	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5197	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5198	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5199	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5200	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5201	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5202	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5203	0 \
				5204	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5205	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5206	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5207	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5208	-c "NamedGroup: secp256r1 ( 17 )" \
				5209	-c "Verifying peer X.509 certificate... ok" \
				5210	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5211
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5212	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5213	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5214	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5215	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5216	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5217	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5218	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5219	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5220	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5221	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5222	0 \
				5223	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5224	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5225	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5226	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5227	-c "NamedGroup: secp256r1 ( 17 )" \
				5228	-c "Verifying peer X.509 certificate... ok" \
				5229	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5230
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5231	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5232	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5233	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5234	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5235	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5236	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5237	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5238	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5239	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5240	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5241	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5242	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5243	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5244	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5245	-c "NamedGroup: secp384r1 ( 18 )" \
				5246	-c "Verifying peer X.509 certificate... ok" \
				5247	-C "received HelloRetryRequest message"
				5248
				5249	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5250	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5251	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5252	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5253	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5254	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5255	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5256	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5257	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5258	0 \
				5259	-c "HTTP/1.0 200 ok" \
				5260	-c "Protocol is TLSv1.3" \
				5261	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5262	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5263	-c "NamedGroup: secp384r1 ( 18 )" \
				5264	-c "Verifying peer X.509 certificate... ok" \
				5265	-C "received HelloRetryRequest message"
				5266
				5267	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5268	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5269	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5270	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5271	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5272	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5273	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5274	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5275	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5276	0 \
				5277	-c "HTTP/1.0 200 ok" \
				5278	-c "Protocol is TLSv1.3" \
				5279	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5280	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5281	-c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5282	-c "Verifying peer X.509 certificate... ok" \
				5283	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5284
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5285	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5286	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5287	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5288	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5289	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5290	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5291	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5292	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5293	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5294	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5295	0 \
				5296	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5297	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5298	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5299	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5300	-c "NamedGroup: secp384r1 ( 18 )" \
				5301	-c "Verifying peer X.509 certificate... ok" \
				5302	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5303
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5304	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5305	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5306	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5307	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5308	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5309	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5310	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5311	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5312	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5313	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5314	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5315	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5316	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5317	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5318	-c "NamedGroup: secp521r1 ( 19 )" \
				5319	-c "Verifying peer X.509 certificate... ok" \
				5320	-C "received HelloRetryRequest message"
				5321
				5322	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5323	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5324	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5325	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5326	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5327	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5328	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5329	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5330	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5331	0 \
				5332	-c "HTTP/1.0 200 ok" \
				5333	-c "Protocol is TLSv1.3" \
				5334	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5335	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5336	-c "NamedGroup: secp521r1 ( 19 )" \
				5337	-c "Verifying peer X.509 certificate... ok" \
				5338	-C "received HelloRetryRequest message"
				5339
				5340	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5341	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5342	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5343	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5344	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5345	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5346	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5347	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5348	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5349	0 \
				5350	-c "HTTP/1.0 200 ok" \
				5351	-c "Protocol is TLSv1.3" \
				5352	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5353	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5354	-c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5355	-c "Verifying peer X.509 certificate... ok" \
				5356	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5357
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5358	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5359	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5360	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5361	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5362	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5363	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5364	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5365	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5366	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5367	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5368	0 \
				5369	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5370	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5371	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5372	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5373	-c "NamedGroup: secp521r1 ( 19 )" \
				5374	-c "Verifying peer X.509 certificate... ok" \
				5375	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5376
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5377	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5378	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5379	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5380	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5381	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5382	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5383	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5384	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5385	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5386	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5387	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5388	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5389	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5390	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5391	-c "NamedGroup: x25519 ( 1d )" \
				5392	-c "Verifying peer X.509 certificate... ok" \
				5393	-C "received HelloRetryRequest message"
				5394
				5395	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5396	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5397	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5398	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5399	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5400	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5401	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5402	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5403	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5404	0 \
				5405	-c "HTTP/1.0 200 ok" \
				5406	-c "Protocol is TLSv1.3" \
				5407	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5408	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5409	-c "NamedGroup: x25519 ( 1d )" \
				5410	-c "Verifying peer X.509 certificate... ok" \
				5411	-C "received HelloRetryRequest message"
				5412
				5413	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5414	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5415	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5416	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5417	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5418	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5419	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5420	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5421	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5422	0 \
				5423	-c "HTTP/1.0 200 ok" \
				5424	-c "Protocol is TLSv1.3" \
				5425	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5426	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5427	-c "NamedGroup: x25519 ( 1d )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5428	-c "Verifying peer X.509 certificate... ok" \
				5429	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5430
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5431	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5432	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5433	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5434	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5435	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5436	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5437	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5438	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5439	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5440	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5441	0 \
				5442	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5443	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5444	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5445	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5446	-c "NamedGroup: x25519 ( 1d )" \
				5447	-c "Verifying peer X.509 certificate... ok" \
				5448	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5449
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5450	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5451	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5452	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5453	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5454	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5455	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5456	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5457	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5458	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5459	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5460	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5461	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5462	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5463	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5464	-c "NamedGroup: x448 ( 1e )" \
				5465	-c "Verifying peer X.509 certificate... ok" \
				5466	-C "received HelloRetryRequest message"
				5467
				5468	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5469	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5470	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5471	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5472	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5473	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5474	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5475	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5476	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5477	0 \
				5478	-c "HTTP/1.0 200 ok" \
				5479	-c "Protocol is TLSv1.3" \
				5480	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5481	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5482	-c "NamedGroup: x448 ( 1e )" \
				5483	-c "Verifying peer X.509 certificate... ok" \
				5484	-C "received HelloRetryRequest message"
				5485
				5486	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5487	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5488	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5489	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5490	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5491	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5492	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5493	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5494	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5495	0 \
				5496	-c "HTTP/1.0 200 ok" \
				5497	-c "Protocol is TLSv1.3" \
				5498	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5499	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5500	-c "NamedGroup: x448 ( 1e )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5501	-c "Verifying peer X.509 certificate... ok" \
				5502	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5503
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5504	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5505	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5506	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5507	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5508	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5509	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5510	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5511	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5512	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5513	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5514	0 \
				5515	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5516	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5517	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5518	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5519	-c "NamedGroup: x448 ( 1e )" \
				5520	-c "Verifying peer X.509 certificate... ok" \
				5521	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5522
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	5523	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5524	requires_config_enabled MBEDTLS_SSL_CLI_C
				5525	requires_config_enabled MBEDTLS_DEBUG_C
				5526	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5527	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5528	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5529	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				5530	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				5531	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				5532	0 \
				5533	-c "HTTP/1.0 200 ok" \
				5534	-c "Protocol is TLSv1.3" \
				5535	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5536	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5537	-c "NamedGroup: ffdhe2048 ( 100 )" \
				5538	-c "Verifying peer X.509 certificate... ok" \
				5539	-C "received HelloRetryRequest message"
				5540
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	5541	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5542	requires_config_enabled MBEDTLS_SSL_CLI_C
				5543	requires_config_enabled MBEDTLS_DEBUG_C
				5544	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5545	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5546	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5547	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				5548	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				5549	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				5550	0 \
				5551	-c "HTTP/1.0 200 ok" \
				5552	-c "Protocol is TLSv1.3" \
				5553	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5554	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5555	-c "NamedGroup: ffdhe2048 ( 100 )" \
				5556	-c "Verifying peer X.509 certificate... ok" \
				5557	-C "received HelloRetryRequest message"
				5558
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	5559	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5560	requires_config_enabled MBEDTLS_SSL_CLI_C
				5561	requires_config_enabled MBEDTLS_DEBUG_C
				5562	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5563	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5564	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5565	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				5566	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				5567	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				5568	0 \
				5569	-c "HTTP/1.0 200 ok" \
				5570	-c "Protocol is TLSv1.3" \
				5571	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5572	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5573	-c "NamedGroup: ffdhe2048 ( 100 )" \
				5574	-c "Verifying peer X.509 certificate... ok" \
				5575	-C "received HelloRetryRequest message"
				5576
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	5577	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5578	requires_config_enabled MBEDTLS_SSL_CLI_C
				5579	requires_config_enabled MBEDTLS_DEBUG_C
				5580	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5581	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5582	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5583	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5584	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				5585	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				5586	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				5587	0 \
				5588	-c "HTTP/1.0 200 ok" \
				5589	-c "Protocol is TLSv1.3" \
				5590	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5591	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				5592	-c "NamedGroup: ffdhe2048 ( 100 )" \
				5593	-c "Verifying peer X.509 certificate... ok" \
				5594	-C "received HelloRetryRequest message"
				5595
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	5596	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	5597	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5598	requires_config_enabled MBEDTLS_SSL_CLI_C
				5599	requires_config_enabled MBEDTLS_DEBUG_C
				5600	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5601	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5602	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5603	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				5604	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				5605	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				5606	0 \
				5607	-c "HTTP/1.0 200 ok" \
				5608	-c "Protocol is TLSv1.3" \
				5609	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5610	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5611	-c "NamedGroup: ffdhe8192 ( 104 )" \
				5612	-c "Verifying peer X.509 certificate... ok" \
				5613	-C "received HelloRetryRequest message"
				5614
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	5615	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	5616	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5617	requires_config_enabled MBEDTLS_SSL_CLI_C
				5618	requires_config_enabled MBEDTLS_DEBUG_C
				5619	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5620	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5621	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5622	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				5623	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				5624	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				5625	0 \
				5626	-c "HTTP/1.0 200 ok" \
				5627	-c "Protocol is TLSv1.3" \
				5628	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5629	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5630	-c "NamedGroup: ffdhe8192 ( 104 )" \
				5631	-c "Verifying peer X.509 certificate... ok" \
				5632	-C "received HelloRetryRequest message"
				5633
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	5634	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	5635	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5636	requires_config_enabled MBEDTLS_SSL_CLI_C
				5637	requires_config_enabled MBEDTLS_DEBUG_C
				5638	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5639	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5640	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5641	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				5642	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				5643	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				5644	0 \
				5645	-c "HTTP/1.0 200 ok" \
				5646	-c "Protocol is TLSv1.3" \
				5647	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5648	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5649	-c "NamedGroup: ffdhe8192 ( 104 )" \
				5650	-c "Verifying peer X.509 certificate... ok" \
				5651	-C "received HelloRetryRequest message"
				5652
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	5653	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	5654	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5655	requires_config_enabled MBEDTLS_SSL_CLI_C
				5656	requires_config_enabled MBEDTLS_DEBUG_C
				5657	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				5658	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				5659	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5660	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	5661	run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				5662	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				5663	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				5664	0 \
				5665	-c "HTTP/1.0 200 ok" \
				5666	-c "Protocol is TLSv1.3" \
				5667	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				5668	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				5669	-c "NamedGroup: ffdhe8192 ( 104 )" \
				5670	-c "Verifying peer X.509 certificate... ok" \
				5671	-C "received HelloRetryRequest message"
				5672
				5673	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5674	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5675	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5676	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5677	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5678	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5679	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5680	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5681	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5682	0 \
				5683	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5684	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5685	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5686	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5687	-c "NamedGroup: secp256r1 ( 17 )" \
				5688	-c "Verifying peer X.509 certificate... ok" \
				5689	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5690
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5691	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5692	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5693	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5694	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5695	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5696	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5697	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5698	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5699	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5700	0 \
				5701	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5702	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5703	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5704	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5705	-c "NamedGroup: secp256r1 ( 17 )" \
				5706	-c "Verifying peer X.509 certificate... ok" \
				5707	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5708
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5709	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5710	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5711	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5712	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5713	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5714	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5715	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5716	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5717	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5718	0 \
				5719	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5720	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5721	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5722	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5723	-c "NamedGroup: secp256r1 ( 17 )" \
				5724	-c "Verifying peer X.509 certificate... ok" \
				5725	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5726
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5727	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5728	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5729	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5730	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5731	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5732	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5733	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5734	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5735	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5736	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5737	0 \
				5738	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5739	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5740	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5741	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5742	-c "NamedGroup: secp256r1 ( 17 )" \
				5743	-c "Verifying peer X.509 certificate... ok" \
				5744	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5745
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5746	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5747	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5748	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5749	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5750	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5751	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5752	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5753	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5754	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5755	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5756	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5757	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5758	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5759	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5760	-c "NamedGroup: secp384r1 ( 18 )" \
				5761	-c "Verifying peer X.509 certificate... ok" \
				5762	-C "received HelloRetryRequest message"
				5763
				5764	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5765	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5766	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5767	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5768	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5769	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5770	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5771	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5772	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5773	0 \
				5774	-c "HTTP/1.0 200 ok" \
				5775	-c "Protocol is TLSv1.3" \
				5776	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5777	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5778	-c "NamedGroup: secp384r1 ( 18 )" \
				5779	-c "Verifying peer X.509 certificate... ok" \
				5780	-C "received HelloRetryRequest message"
				5781
				5782	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5783	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5784	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5785	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5786	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5787	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5788	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5789	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5790	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5791	0 \
				5792	-c "HTTP/1.0 200 ok" \
				5793	-c "Protocol is TLSv1.3" \
				5794	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5795	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5796	-c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5797	-c "Verifying peer X.509 certificate... ok" \
				5798	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5799
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5800	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5801	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5802	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5803	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5804	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5805	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5806	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5807	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5808	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5809	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5810	0 \
				5811	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5812	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5813	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5814	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5815	-c "NamedGroup: secp384r1 ( 18 )" \
				5816	-c "Verifying peer X.509 certificate... ok" \
				5817	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5818
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5819	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5820	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5821	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5822	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5823	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5824	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5825	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5826	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5827	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5828	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5829	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5830	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5831	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5832	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5833	-c "NamedGroup: secp521r1 ( 19 )" \
				5834	-c "Verifying peer X.509 certificate... ok" \
				5835	-C "received HelloRetryRequest message"
				5836
				5837	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5838	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5839	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5840	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5841	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5842	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5843	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5844	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5845	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5846	0 \
				5847	-c "HTTP/1.0 200 ok" \
				5848	-c "Protocol is TLSv1.3" \
				5849	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5850	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5851	-c "NamedGroup: secp521r1 ( 19 )" \
				5852	-c "Verifying peer X.509 certificate... ok" \
				5853	-C "received HelloRetryRequest message"
				5854
				5855	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5856	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5857	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5858	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5859	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5860	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5861	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5862	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5863	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5864	0 \
				5865	-c "HTTP/1.0 200 ok" \
				5866	-c "Protocol is TLSv1.3" \
				5867	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5868	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5869	-c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5870	-c "Verifying peer X.509 certificate... ok" \
				5871	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5872
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5873	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5874	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5875	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5876	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5877	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5878	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5879	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5880	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5881	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5882	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5883	0 \
				5884	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5885	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5886	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5887	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5888	-c "NamedGroup: secp521r1 ( 19 )" \
				5889	-c "Verifying peer X.509 certificate... ok" \
				5890	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5891
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5892	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5893	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5894	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5895	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5896	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5897	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5898	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5899	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5900	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5901	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5902	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5903	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5904	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5905	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5906	-c "NamedGroup: x25519 ( 1d )" \
				5907	-c "Verifying peer X.509 certificate... ok" \
				5908	-C "received HelloRetryRequest message"
				5909
				5910	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5911	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5912	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5913	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5914	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5915	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5916	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5917	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5918	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5919	0 \
				5920	-c "HTTP/1.0 200 ok" \
				5921	-c "Protocol is TLSv1.3" \
				5922	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5923	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5924	-c "NamedGroup: x25519 ( 1d )" \
				5925	-c "Verifying peer X.509 certificate... ok" \
				5926	-C "received HelloRetryRequest message"
				5927
				5928	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5929	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5930	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5931	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5932	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5933	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5934	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5935	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5936	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5937	0 \
				5938	-c "HTTP/1.0 200 ok" \
				5939	-c "Protocol is TLSv1.3" \
				5940	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5941	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				5942	-c "NamedGroup: x25519 ( 1d )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5943	-c "Verifying peer X.509 certificate... ok" \
				5944	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5945
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5946	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5947	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5948	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5949	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5950	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5951	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5952	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	5953	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5954	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5955	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5956	0 \
				5957	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5958	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5959	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5960	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	5961	-c "NamedGroup: x25519 ( 1d )" \
				5962	-c "Verifying peer X.509 certificate... ok" \
				5963	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	5964
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5965	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	5966	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5967	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5968	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	5969	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5970	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5971	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5972	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5973	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5974	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5975	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	5976	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	5977	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5978	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				5979	-c "NamedGroup: x448 ( 1e )" \
				5980	-c "Verifying peer X.509 certificate... ok" \
				5981	-C "received HelloRetryRequest message"
				5982
				5983	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5984	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	5985	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	5986	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5987	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	5988	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5989	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	5990	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	5991	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	5992	0 \
				5993	-c "HTTP/1.0 200 ok" \
				5994	-c "Protocol is TLSv1.3" \
				5995	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				5996	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				5997	-c "NamedGroup: x448 ( 1e )" \
				5998	-c "Verifying peer X.509 certificate... ok" \
				5999	-C "received HelloRetryRequest message"
				6000
				6001	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6002	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6003	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6004	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6005	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6006	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6007	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6008	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6009	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6010	0 \
				6011	-c "HTTP/1.0 200 ok" \
				6012	-c "Protocol is TLSv1.3" \
				6013	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6014	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6015	-c "NamedGroup: x448 ( 1e )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6016	-c "Verifying peer X.509 certificate... ok" \
				6017	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6018
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6019	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6020	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6021	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6022	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6023	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6024	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6025	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6026	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6027	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6028	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6029	0 \
				6030	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6031	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6032	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6033	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6034	-c "NamedGroup: x448 ( 1e )" \
				6035	-c "Verifying peer X.509 certificate... ok" \
				6036	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6037
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6038	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6039	requires_config_enabled MBEDTLS_SSL_CLI_C
				6040	requires_config_enabled MBEDTLS_DEBUG_C
				6041	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6042	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6043	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6044	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
				6045	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6046	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				6047	0 \
				6048	-c "HTTP/1.0 200 ok" \
				6049	-c "Protocol is TLSv1.3" \
				6050	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6051	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6052	-c "NamedGroup: ffdhe2048 ( 100 )" \
				6053	-c "Verifying peer X.509 certificate... ok" \
				6054	-C "received HelloRetryRequest message"
				6055
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6056	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6057	requires_config_enabled MBEDTLS_SSL_CLI_C
				6058	requires_config_enabled MBEDTLS_DEBUG_C
				6059	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6060	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6061	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6062	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
				6063	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6064	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				6065	0 \
				6066	-c "HTTP/1.0 200 ok" \
				6067	-c "Protocol is TLSv1.3" \
				6068	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6069	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6070	-c "NamedGroup: ffdhe2048 ( 100 )" \
				6071	-c "Verifying peer X.509 certificate... ok" \
				6072	-C "received HelloRetryRequest message"
				6073
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6074	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6075	requires_config_enabled MBEDTLS_SSL_CLI_C
				6076	requires_config_enabled MBEDTLS_DEBUG_C
				6077	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6078	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6079	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6080	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
				6081	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6082	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				6083	0 \
				6084	-c "HTTP/1.0 200 ok" \
				6085	-c "Protocol is TLSv1.3" \
				6086	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6087	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6088	-c "NamedGroup: ffdhe2048 ( 100 )" \
				6089	-c "Verifying peer X.509 certificate... ok" \
				6090	-C "received HelloRetryRequest message"
				6091
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6092	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6093	requires_config_enabled MBEDTLS_SSL_CLI_C
				6094	requires_config_enabled MBEDTLS_DEBUG_C
				6095	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6096	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6097	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6098	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6099	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
				6100	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6101	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				6102	0 \
				6103	-c "HTTP/1.0 200 ok" \
				6104	-c "Protocol is TLSv1.3" \
				6105	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6106	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6107	-c "NamedGroup: ffdhe2048 ( 100 )" \
				6108	-c "Verifying peer X.509 certificate... ok" \
				6109	-C "received HelloRetryRequest message"
				6110
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6111	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	6112	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6113	requires_config_enabled MBEDTLS_SSL_CLI_C
				6114	requires_config_enabled MBEDTLS_DEBUG_C
				6115	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6116	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6117	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6118	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
				6119	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6120	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				6121	0 \
				6122	-c "HTTP/1.0 200 ok" \
				6123	-c "Protocol is TLSv1.3" \
				6124	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6125	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6126	-c "NamedGroup: ffdhe8192 ( 104 )" \
				6127	-c "Verifying peer X.509 certificate... ok" \
				6128	-C "received HelloRetryRequest message"
				6129
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6130	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	6131	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6132	requires_config_enabled MBEDTLS_SSL_CLI_C
				6133	requires_config_enabled MBEDTLS_DEBUG_C
				6134	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6135	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6136	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6137	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
				6138	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6139	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				6140	0 \
				6141	-c "HTTP/1.0 200 ok" \
				6142	-c "Protocol is TLSv1.3" \
				6143	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6144	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6145	-c "NamedGroup: ffdhe8192 ( 104 )" \
				6146	-c "Verifying peer X.509 certificate... ok" \
				6147	-C "received HelloRetryRequest message"
				6148
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6149	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	6150	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6151	requires_config_enabled MBEDTLS_SSL_CLI_C
				6152	requires_config_enabled MBEDTLS_DEBUG_C
				6153	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6154	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6155	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6156	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
				6157	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6158	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				6159	0 \
				6160	-c "HTTP/1.0 200 ok" \
				6161	-c "Protocol is TLSv1.3" \
				6162	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6163	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6164	-c "NamedGroup: ffdhe8192 ( 104 )" \
				6165	-c "Verifying peer X.509 certificate... ok" \
				6166	-C "received HelloRetryRequest message"
				6167
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6168	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	6169	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6170	requires_config_enabled MBEDTLS_SSL_CLI_C
				6171	requires_config_enabled MBEDTLS_DEBUG_C
				6172	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6173	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6174	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6175	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6176	run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
				6177	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6178	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				6179	0 \
				6180	-c "HTTP/1.0 200 ok" \
				6181	-c "Protocol is TLSv1.3" \
				6182	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				6183	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6184	-c "NamedGroup: ffdhe8192 ( 104 )" \
				6185	-c "Verifying peer X.509 certificate... ok" \
				6186	-C "received HelloRetryRequest message"
				6187
				6188	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6189	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6190	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6191	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6192	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6193	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6194	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6195	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6196	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6197	0 \
				6198	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6199	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6200	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6201	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6202	-c "NamedGroup: secp256r1 ( 17 )" \
				6203	-c "Verifying peer X.509 certificate... ok" \
				6204	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6205
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6206	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6207	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6208	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6209	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6210	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6211	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6212	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6213	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6214	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6215	0 \
				6216	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6217	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6218	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6219	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6220	-c "NamedGroup: secp256r1 ( 17 )" \
				6221	-c "Verifying peer X.509 certificate... ok" \
				6222	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6223
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6224	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6225	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6226	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6227	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6228	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6229	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6230	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6231	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6232	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6233	0 \
				6234	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6235	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6236	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6237	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6238	-c "NamedGroup: secp256r1 ( 17 )" \
				6239	-c "Verifying peer X.509 certificate... ok" \
				6240	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6241
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6242	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6243	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6244	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6245	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6246	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6247	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6248	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6249	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6250	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6251	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6252	0 \
				6253	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6254	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6255	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6256	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6257	-c "NamedGroup: secp256r1 ( 17 )" \
				6258	-c "Verifying peer X.509 certificate... ok" \
				6259	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6260
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6261	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6262	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6263	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6264	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6265	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6266	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6267	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6268	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6269	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6270	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6271	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6272	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6273	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6274	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6275	-c "NamedGroup: secp384r1 ( 18 )" \
				6276	-c "Verifying peer X.509 certificate... ok" \
				6277	-C "received HelloRetryRequest message"
				6278
				6279	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6280	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6281	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6282	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6283	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6284	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6285	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6286	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6287	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6288	0 \
				6289	-c "HTTP/1.0 200 ok" \
				6290	-c "Protocol is TLSv1.3" \
				6291	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6292	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6293	-c "NamedGroup: secp384r1 ( 18 )" \
				6294	-c "Verifying peer X.509 certificate... ok" \
				6295	-C "received HelloRetryRequest message"
				6296
				6297	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6298	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6299	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6300	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6301	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6302	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6303	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6304	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6305	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6306	0 \
				6307	-c "HTTP/1.0 200 ok" \
				6308	-c "Protocol is TLSv1.3" \
				6309	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6310	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6311	-c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6312	-c "Verifying peer X.509 certificate... ok" \
				6313	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6314
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6315	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6316	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6317	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6318	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6319	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6320	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6321	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6322	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6323	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6324	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6325	0 \
				6326	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6327	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6328	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6329	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6330	-c "NamedGroup: secp384r1 ( 18 )" \
				6331	-c "Verifying peer X.509 certificate... ok" \
				6332	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6333
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6334	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6335	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6336	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6337	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6338	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6339	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6340	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6341	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6342	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6343	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6344	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6345	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6346	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6347	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6348	-c "NamedGroup: secp521r1 ( 19 )" \
				6349	-c "Verifying peer X.509 certificate... ok" \
				6350	-C "received HelloRetryRequest message"
				6351
				6352	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6353	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6354	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6355	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6356	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6357	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6358	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6359	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6360	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6361	0 \
				6362	-c "HTTP/1.0 200 ok" \
				6363	-c "Protocol is TLSv1.3" \
				6364	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6365	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6366	-c "NamedGroup: secp521r1 ( 19 )" \
				6367	-c "Verifying peer X.509 certificate... ok" \
				6368	-C "received HelloRetryRequest message"
				6369
				6370	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6371	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6372	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6373	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6374	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6375	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6376	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6377	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6378	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6379	0 \
				6380	-c "HTTP/1.0 200 ok" \
				6381	-c "Protocol is TLSv1.3" \
				6382	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6383	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6384	-c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6385	-c "Verifying peer X.509 certificate... ok" \
				6386	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6387
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6388	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6389	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6390	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6391	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6392	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6393	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6394	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6395	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6396	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6397	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6398	0 \
				6399	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6400	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6401	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6402	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6403	-c "NamedGroup: secp521r1 ( 19 )" \
				6404	-c "Verifying peer X.509 certificate... ok" \
				6405	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6406
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6407	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6408	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6409	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6410	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6411	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6412	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6413	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6414	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6415	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6416	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6417	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6418	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6419	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6420	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6421	-c "NamedGroup: x25519 ( 1d )" \
				6422	-c "Verifying peer X.509 certificate... ok" \
				6423	-C "received HelloRetryRequest message"
				6424
				6425	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6426	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6427	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6428	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6429	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6430	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6431	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6432	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6433	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6434	0 \
				6435	-c "HTTP/1.0 200 ok" \
				6436	-c "Protocol is TLSv1.3" \
				6437	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6438	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6439	-c "NamedGroup: x25519 ( 1d )" \
				6440	-c "Verifying peer X.509 certificate... ok" \
				6441	-C "received HelloRetryRequest message"
				6442
				6443	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6444	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6445	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6446	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6447	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6448	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6449	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6450	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6451	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6452	0 \
				6453	-c "HTTP/1.0 200 ok" \
				6454	-c "Protocol is TLSv1.3" \
				6455	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6456	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6457	-c "NamedGroup: x25519 ( 1d )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6458	-c "Verifying peer X.509 certificate... ok" \
				6459	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6460
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6461	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6462	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6463	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6464	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6465	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6466	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6467	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6468	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6469	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6470	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6471	0 \
				6472	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6473	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6474	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6475	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6476	-c "NamedGroup: x25519 ( 1d )" \
				6477	-c "Verifying peer X.509 certificate... ok" \
				6478	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6479
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6480	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6481	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6482	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6483	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6484	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6485	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6486	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6487	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6488	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6489	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6490	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6491	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6492	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6493	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6494	-c "NamedGroup: x448 ( 1e )" \
				6495	-c "Verifying peer X.509 certificate... ok" \
				6496	-C "received HelloRetryRequest message"
				6497
				6498	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6499	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6500	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6501	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6502	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6503	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6504	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6505	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6506	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6507	0 \
				6508	-c "HTTP/1.0 200 ok" \
				6509	-c "Protocol is TLSv1.3" \
				6510	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6511	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6512	-c "NamedGroup: x448 ( 1e )" \
				6513	-c "Verifying peer X.509 certificate... ok" \
				6514	-C "received HelloRetryRequest message"
				6515
				6516	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6517	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6518	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6519	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6520	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6521	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6522	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6523	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6524	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6525	0 \
				6526	-c "HTTP/1.0 200 ok" \
				6527	-c "Protocol is TLSv1.3" \
				6528	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6529	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6530	-c "NamedGroup: x448 ( 1e )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6531	-c "Verifying peer X.509 certificate... ok" \
				6532	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6533
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6534	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6535	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6536	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6537	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6538	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6539	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6540	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6541	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6542	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6543	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6544	0 \
				6545	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6546	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6547	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6548	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6549	-c "NamedGroup: x448 ( 1e )" \
				6550	-c "Verifying peer X.509 certificate... ok" \
				6551	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6552
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6553	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6554	requires_config_enabled MBEDTLS_SSL_CLI_C
				6555	requires_config_enabled MBEDTLS_DEBUG_C
				6556	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6557	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6558	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6559	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				6560	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6561	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				6562	0 \
				6563	-c "HTTP/1.0 200 ok" \
				6564	-c "Protocol is TLSv1.3" \
				6565	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6566	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6567	-c "NamedGroup: ffdhe2048 ( 100 )" \
				6568	-c "Verifying peer X.509 certificate... ok" \
				6569	-C "received HelloRetryRequest message"
				6570
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6571	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6572	requires_config_enabled MBEDTLS_SSL_CLI_C
				6573	requires_config_enabled MBEDTLS_DEBUG_C
				6574	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6575	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6576	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6577	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				6578	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6579	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				6580	0 \
				6581	-c "HTTP/1.0 200 ok" \
				6582	-c "Protocol is TLSv1.3" \
				6583	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6584	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6585	-c "NamedGroup: ffdhe2048 ( 100 )" \
				6586	-c "Verifying peer X.509 certificate... ok" \
				6587	-C "received HelloRetryRequest message"
				6588
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6589	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6590	requires_config_enabled MBEDTLS_SSL_CLI_C
				6591	requires_config_enabled MBEDTLS_DEBUG_C
				6592	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6593	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6594	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6595	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				6596	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6597	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				6598	0 \
				6599	-c "HTTP/1.0 200 ok" \
				6600	-c "Protocol is TLSv1.3" \
				6601	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6602	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6603	-c "NamedGroup: ffdhe2048 ( 100 )" \
				6604	-c "Verifying peer X.509 certificate... ok" \
				6605	-C "received HelloRetryRequest message"
				6606
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6607	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6608	requires_config_enabled MBEDTLS_SSL_CLI_C
				6609	requires_config_enabled MBEDTLS_DEBUG_C
				6610	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6611	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6612	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6613	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6614	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				6615	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6616	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				6617	0 \
				6618	-c "HTTP/1.0 200 ok" \
				6619	-c "Protocol is TLSv1.3" \
				6620	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6621	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6622	-c "NamedGroup: ffdhe2048 ( 100 )" \
				6623	-c "Verifying peer X.509 certificate... ok" \
				6624	-C "received HelloRetryRequest message"
				6625
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6626	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	6627	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6628	requires_config_enabled MBEDTLS_SSL_CLI_C
				6629	requires_config_enabled MBEDTLS_DEBUG_C
				6630	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6631	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6632	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6633	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				6634	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6635	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				6636	0 \
				6637	-c "HTTP/1.0 200 ok" \
				6638	-c "Protocol is TLSv1.3" \
				6639	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6640	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6641	-c "NamedGroup: ffdhe8192 ( 104 )" \
				6642	-c "Verifying peer X.509 certificate... ok" \
				6643	-C "received HelloRetryRequest message"
				6644
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6645	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	6646	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6647	requires_config_enabled MBEDTLS_SSL_CLI_C
				6648	requires_config_enabled MBEDTLS_DEBUG_C
				6649	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6650	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6651	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6652	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				6653	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6654	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				6655	0 \
				6656	-c "HTTP/1.0 200 ok" \
				6657	-c "Protocol is TLSv1.3" \
				6658	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6659	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6660	-c "NamedGroup: ffdhe8192 ( 104 )" \
				6661	-c "Verifying peer X.509 certificate... ok" \
				6662	-C "received HelloRetryRequest message"
				6663
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6664	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	6665	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6666	requires_config_enabled MBEDTLS_SSL_CLI_C
				6667	requires_config_enabled MBEDTLS_DEBUG_C
				6668	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6669	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6670	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6671	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				6672	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6673	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				6674	0 \
				6675	-c "HTTP/1.0 200 ok" \
				6676	-c "Protocol is TLSv1.3" \
				6677	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6678	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6679	-c "NamedGroup: ffdhe8192 ( 104 )" \
				6680	-c "Verifying peer X.509 certificate... ok" \
				6681	-C "received HelloRetryRequest message"
				6682
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	6683	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	6684	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6685	requires_config_enabled MBEDTLS_SSL_CLI_C
				6686	requires_config_enabled MBEDTLS_DEBUG_C
				6687	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				6688	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				6689	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6690	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	6691	run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				6692	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				6693	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				6694	0 \
				6695	-c "HTTP/1.0 200 ok" \
				6696	-c "Protocol is TLSv1.3" \
				6697	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				6698	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				6699	-c "NamedGroup: ffdhe8192 ( 104 )" \
				6700	-c "Verifying peer X.509 certificate... ok" \
				6701	-C "received HelloRetryRequest message"
				6702
				6703	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6704	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6705	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6706	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6707	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6708	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6709	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6710	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6711	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6712	0 \
				6713	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6714	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6715	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6716	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6717	-c "NamedGroup: secp256r1 ( 17 )" \
				6718	-c "Verifying peer X.509 certificate... ok" \
				6719	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6720
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6721	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6722	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6723	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6724	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6725	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6726	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6727	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6728	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6729	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6730	0 \
				6731	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6732	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6733	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6734	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6735	-c "NamedGroup: secp256r1 ( 17 )" \
				6736	-c "Verifying peer X.509 certificate... ok" \
				6737	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6738
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6739	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6740	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6741	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6742	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6743	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6744	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6745	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6746	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6747	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6748	0 \
				6749	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6750	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6751	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6752	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6753	-c "NamedGroup: secp256r1 ( 17 )" \
				6754	-c "Verifying peer X.509 certificate... ok" \
				6755	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6756
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6757	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6758	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6759	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6760	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6761	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6762	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6763	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6764	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6765	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6766	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6767	0 \
				6768	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6769	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6770	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6771	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6772	-c "NamedGroup: secp256r1 ( 17 )" \
				6773	-c "Verifying peer X.509 certificate... ok" \
				6774	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6775
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6776	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6777	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6778	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6779	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6780	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6781	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6782	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6783	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6784	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6785	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6786	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6787	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6788	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6789	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6790	-c "NamedGroup: secp384r1 ( 18 )" \
				6791	-c "Verifying peer X.509 certificate... ok" \
				6792	-C "received HelloRetryRequest message"
				6793
				6794	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6795	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6796	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6797	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6798	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6799	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6800	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6801	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6802	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6803	0 \
				6804	-c "HTTP/1.0 200 ok" \
				6805	-c "Protocol is TLSv1.3" \
				6806	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6807	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6808	-c "NamedGroup: secp384r1 ( 18 )" \
				6809	-c "Verifying peer X.509 certificate... ok" \
				6810	-C "received HelloRetryRequest message"
				6811
				6812	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6813	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6814	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6815	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6816	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6817	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6818	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6819	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6820	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6821	0 \
				6822	-c "HTTP/1.0 200 ok" \
				6823	-c "Protocol is TLSv1.3" \
				6824	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6825	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6826	-c "NamedGroup: secp384r1 ( 18 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6827	-c "Verifying peer X.509 certificate... ok" \
				6828	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6829
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6830	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6831	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6832	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6833	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6834	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6835	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6836	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6837	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6838	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6839	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6840	0 \
				6841	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6842	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6843	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6844	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6845	-c "NamedGroup: secp384r1 ( 18 )" \
				6846	-c "Verifying peer X.509 certificate... ok" \
				6847	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6848
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6849	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6850	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6851	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6852	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6853	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6854	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6855	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6856	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6857	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6858	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6859	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6860	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6861	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6862	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6863	-c "NamedGroup: secp521r1 ( 19 )" \
				6864	-c "Verifying peer X.509 certificate... ok" \
				6865	-C "received HelloRetryRequest message"
				6866
				6867	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6868	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6869	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6870	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6871	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6872	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6873	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6874	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6875	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6876	0 \
				6877	-c "HTTP/1.0 200 ok" \
				6878	-c "Protocol is TLSv1.3" \
				6879	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6880	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6881	-c "NamedGroup: secp521r1 ( 19 )" \
				6882	-c "Verifying peer X.509 certificate... ok" \
				6883	-C "received HelloRetryRequest message"
				6884
				6885	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6886	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6887	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6888	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6889	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6890	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6891	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6892	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6893	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6894	0 \
				6895	-c "HTTP/1.0 200 ok" \
				6896	-c "Protocol is TLSv1.3" \
				6897	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6898	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6899	-c "NamedGroup: secp521r1 ( 19 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6900	-c "Verifying peer X.509 certificate... ok" \
				6901	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6902
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6903	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6904	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6905	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6906	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6907	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6908	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6909	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6910	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6911	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6912	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6913	0 \
				6914	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6915	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6916	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6917	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6918	-c "NamedGroup: secp521r1 ( 19 )" \
				6919	-c "Verifying peer X.509 certificate... ok" \
				6920	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6921
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6922	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6923	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6924	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6925	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6926	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6927	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6928	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6929	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6930	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6931	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6932	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6933	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6934	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6935	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				6936	-c "NamedGroup: x25519 ( 1d )" \
				6937	-c "Verifying peer X.509 certificate... ok" \
				6938	-C "received HelloRetryRequest message"
				6939
				6940	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6941	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6942	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6943	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6944	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6945	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6946	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6947	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6948	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6949	0 \
				6950	-c "HTTP/1.0 200 ok" \
				6951	-c "Protocol is TLSv1.3" \
				6952	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6953	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				6954	-c "NamedGroup: x25519 ( 1d )" \
				6955	-c "Verifying peer X.509 certificate... ok" \
				6956	-C "received HelloRetryRequest message"
				6957
				6958	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6959	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6960	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6961	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6962	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6963	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6964	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6965	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6966	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6967	0 \
				6968	-c "HTTP/1.0 200 ok" \
				6969	-c "Protocol is TLSv1.3" \
				6970	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6971	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				6972	-c "NamedGroup: x25519 ( 1d )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6973	-c "Verifying peer X.509 certificate... ok" \
				6974	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6975
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6976	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6977	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6978	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6979	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6980	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6981	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	6982	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	6983	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	6984	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	6985	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6986	0 \
				6987	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	6988	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	6989	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				6990	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	6991	-c "NamedGroup: x25519 ( 1d )" \
				6992	-c "Verifying peer X.509 certificate... ok" \
				6993	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	6994
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	6995	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	6996	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	6997	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	6998	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	6999	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7000	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7001	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7002	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7003	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7004	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7005	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7006	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7007	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7008	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7009	-c "NamedGroup: x448 ( 1e )" \
				7010	-c "Verifying peer X.509 certificate... ok" \
				7011	-C "received HelloRetryRequest message"
				7012
				7013	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7014	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7015	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7016	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7017	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7018	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7019	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7020	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7021	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7022	0 \
				7023	-c "HTTP/1.0 200 ok" \
				7024	-c "Protocol is TLSv1.3" \
				7025	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				7026	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7027	-c "NamedGroup: x448 ( 1e )" \
				7028	-c "Verifying peer X.509 certificate... ok" \
				7029	-C "received HelloRetryRequest message"
				7030
				7031	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7032	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7033	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7034	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7035	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7036	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7037	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7038	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7039	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7040	0 \
				7041	-c "HTTP/1.0 200 ok" \
				7042	-c "Protocol is TLSv1.3" \
				7043	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				7044	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7045	-c "NamedGroup: x448 ( 1e )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7046	-c "Verifying peer X.509 certificate... ok" \
				7047	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7048
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7049	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7050	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7051	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7052	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7053	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7054	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7055	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	7056	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7057	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7058	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7059	0 \
				7060	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7061	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7062	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				7063	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7064	-c "NamedGroup: x448 ( 1e )" \
				7065	-c "Verifying peer X.509 certificate... ok" \
				7066	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7067
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7068	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7069	requires_config_enabled MBEDTLS_SSL_CLI_C
				7070	requires_config_enabled MBEDTLS_DEBUG_C
				7071	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7072	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7073	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7074	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				7075	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7076	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				7077	0 \
				7078	-c "HTTP/1.0 200 ok" \
				7079	-c "Protocol is TLSv1.3" \
				7080	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				7081	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7082	-c "NamedGroup: ffdhe2048 ( 100 )" \
				7083	-c "Verifying peer X.509 certificate... ok" \
				7084	-C "received HelloRetryRequest message"
				7085
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7086	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7087	requires_config_enabled MBEDTLS_SSL_CLI_C
				7088	requires_config_enabled MBEDTLS_DEBUG_C
				7089	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7090	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7091	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7092	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				7093	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7094	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				7095	0 \
				7096	-c "HTTP/1.0 200 ok" \
				7097	-c "Protocol is TLSv1.3" \
				7098	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				7099	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7100	-c "NamedGroup: ffdhe2048 ( 100 )" \
				7101	-c "Verifying peer X.509 certificate... ok" \
				7102	-C "received HelloRetryRequest message"
				7103
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7104	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7105	requires_config_enabled MBEDTLS_SSL_CLI_C
				7106	requires_config_enabled MBEDTLS_DEBUG_C
				7107	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7108	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7109	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7110	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				7111	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7112	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				7113	0 \
				7114	-c "HTTP/1.0 200 ok" \
				7115	-c "Protocol is TLSv1.3" \
				7116	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				7117	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7118	-c "NamedGroup: ffdhe2048 ( 100 )" \
				7119	-c "Verifying peer X.509 certificate... ok" \
				7120	-C "received HelloRetryRequest message"
				7121
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7122	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7123	requires_config_enabled MBEDTLS_SSL_CLI_C
				7124	requires_config_enabled MBEDTLS_DEBUG_C
				7125	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7126	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7127	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7128	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7129	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				7130	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7131	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				7132	0 \
				7133	-c "HTTP/1.0 200 ok" \
				7134	-c "Protocol is TLSv1.3" \
				7135	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				7136	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7137	-c "NamedGroup: ffdhe2048 ( 100 )" \
				7138	-c "Verifying peer X.509 certificate... ok" \
				7139	-C "received HelloRetryRequest message"
				7140
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7141	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	7142	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7143	requires_config_enabled MBEDTLS_SSL_CLI_C
				7144	requires_config_enabled MBEDTLS_DEBUG_C
				7145	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7146	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7147	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7148	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				7149	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7150	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				7151	0 \
				7152	-c "HTTP/1.0 200 ok" \
				7153	-c "Protocol is TLSv1.3" \
				7154	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				7155	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7156	-c "NamedGroup: ffdhe8192 ( 104 )" \
				7157	-c "Verifying peer X.509 certificate... ok" \
				7158	-C "received HelloRetryRequest message"
				7159
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7160	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	7161	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7162	requires_config_enabled MBEDTLS_SSL_CLI_C
				7163	requires_config_enabled MBEDTLS_DEBUG_C
				7164	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7165	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7166	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7167	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				7168	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7169	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				7170	0 \
				7171	-c "HTTP/1.0 200 ok" \
				7172	-c "Protocol is TLSv1.3" \
				7173	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				7174	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7175	-c "NamedGroup: ffdhe8192 ( 104 )" \
				7176	-c "Verifying peer X.509 certificate... ok" \
				7177	-C "received HelloRetryRequest message"
				7178
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7179	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	7180	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7181	requires_config_enabled MBEDTLS_SSL_CLI_C
				7182	requires_config_enabled MBEDTLS_DEBUG_C
				7183	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7184	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7185	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7186	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				7187	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7188	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				7189	0 \
				7190	-c "HTTP/1.0 200 ok" \
				7191	-c "Protocol is TLSv1.3" \
				7192	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				7193	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7194	-c "NamedGroup: ffdhe8192 ( 104 )" \
				7195	-c "Verifying peer X.509 certificate... ok" \
				7196	-C "received HelloRetryRequest message"
				7197
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7198	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	7199	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7200	requires_config_enabled MBEDTLS_SSL_CLI_C
				7201	requires_config_enabled MBEDTLS_DEBUG_C
				7202	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7203	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7204	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7205	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7206	run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				7207	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7208	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				7209	0 \
				7210	-c "HTTP/1.0 200 ok" \
				7211	-c "Protocol is TLSv1.3" \
				7212	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				7213	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7214	-c "NamedGroup: ffdhe8192 ( 104 )" \
				7215	-c "Verifying peer X.509 certificate... ok" \
				7216	-C "received HelloRetryRequest message"
				7217
				7218	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7219	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7220	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7221	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7222	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7223	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	7224	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7225	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7226	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7227	0 \
				7228	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7229	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7230	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7231	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7232	-c "NamedGroup: secp256r1 ( 17 )" \
				7233	-c "Verifying peer X.509 certificate... ok" \
				7234	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7235
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7236	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7237	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7238	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7239	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7240	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7241	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7242	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7243	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7244	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7245	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7246	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7247	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7248	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7249	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7250	-c "NamedGroup: secp256r1 ( 17 )" \
				7251	-c "Verifying peer X.509 certificate... ok" \
				7252	-C "received HelloRetryRequest message"
				7253
				7254	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7255	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7256	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7257	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7258	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7259	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7260	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7261	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7262	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7263	0 \
				7264	-c "HTTP/1.0 200 ok" \
				7265	-c "Protocol is TLSv1.3" \
				7266	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7267	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7268	-c "NamedGroup: secp256r1 ( 17 )" \
				7269	-c "Verifying peer X.509 certificate... ok" \
				7270	-C "received HelloRetryRequest message"
				7271
				7272	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7273	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7274	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7275	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7276	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7277	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7278	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7279	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7280	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7281	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7282	0 \
				7283	-c "HTTP/1.0 200 ok" \
				7284	-c "Protocol is TLSv1.3" \
				7285	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7286	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7287	-c "NamedGroup: secp256r1 ( 17 )" \
				7288	-c "Verifying peer X.509 certificate... ok" \
				7289	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7290
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7291	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7292	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7293	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7294	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7295	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7296	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	7297	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7298	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7299	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7300	0 \
				7301	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7302	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7303	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7304	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7305	-c "NamedGroup: secp384r1 ( 18 )" \
				7306	-c "Verifying peer X.509 certificate... ok" \
				7307	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7308
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7309	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7310	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7311	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7312	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7313	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7314	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7315	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7316	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7317	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7318	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7319	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7320	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7321	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7322	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7323	-c "NamedGroup: secp384r1 ( 18 )" \
				7324	-c "Verifying peer X.509 certificate... ok" \
				7325	-C "received HelloRetryRequest message"
				7326
				7327	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7328	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7329	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7330	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7331	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7332	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7333	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7334	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7335	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7336	0 \
				7337	-c "HTTP/1.0 200 ok" \
				7338	-c "Protocol is TLSv1.3" \
				7339	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7340	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7341	-c "NamedGroup: secp384r1 ( 18 )" \
				7342	-c "Verifying peer X.509 certificate... ok" \
				7343	-C "received HelloRetryRequest message"
				7344
				7345	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7346	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7347	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7348	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7349	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7350	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7351	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7352	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7353	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7354	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7355	0 \
				7356	-c "HTTP/1.0 200 ok" \
				7357	-c "Protocol is TLSv1.3" \
				7358	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7359	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7360	-c "NamedGroup: secp384r1 ( 18 )" \
				7361	-c "Verifying peer X.509 certificate... ok" \
				7362	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7363
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7364	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7365	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7366	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7367	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7368	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7369	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	7370	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7371	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7372	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7373	0 \
				7374	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7375	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7376	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7377	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7378	-c "NamedGroup: secp521r1 ( 19 )" \
				7379	-c "Verifying peer X.509 certificate... ok" \
				7380	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7381
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7382	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7383	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7384	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7385	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7386	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7387	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7388	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7389	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7390	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7391	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7392	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7393	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7394	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7395	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7396	-c "NamedGroup: secp521r1 ( 19 )" \
				7397	-c "Verifying peer X.509 certificate... ok" \
				7398	-C "received HelloRetryRequest message"
				7399
				7400	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7401	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7402	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7403	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7404	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7405	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7406	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7407	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7408	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7409	0 \
				7410	-c "HTTP/1.0 200 ok" \
				7411	-c "Protocol is TLSv1.3" \
				7412	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7413	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7414	-c "NamedGroup: secp521r1 ( 19 )" \
				7415	-c "Verifying peer X.509 certificate... ok" \
				7416	-C "received HelloRetryRequest message"
				7417
				7418	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7419	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7420	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7421	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7422	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7423	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7424	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7425	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7426	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7427	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7428	0 \
				7429	-c "HTTP/1.0 200 ok" \
				7430	-c "Protocol is TLSv1.3" \
				7431	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7432	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7433	-c "NamedGroup: secp521r1 ( 19 )" \
				7434	-c "Verifying peer X.509 certificate... ok" \
				7435	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7436
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7437	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7438	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7439	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7440	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7441	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7442	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	7443	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7444	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7445	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7446	0 \
				7447	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7448	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7449	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7450	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7451	-c "NamedGroup: x25519 ( 1d )" \
				7452	-c "Verifying peer X.509 certificate... ok" \
				7453	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7454
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7455	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7456	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7457	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7458	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7459	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7460	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7461	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7462	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7463	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7464	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7465	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7466	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7467	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7468	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7469	-c "NamedGroup: x25519 ( 1d )" \
				7470	-c "Verifying peer X.509 certificate... ok" \
				7471	-C "received HelloRetryRequest message"
				7472
				7473	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7474	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7475	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7476	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7477	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7478	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7479	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7480	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7481	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7482	0 \
				7483	-c "HTTP/1.0 200 ok" \
				7484	-c "Protocol is TLSv1.3" \
				7485	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7486	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7487	-c "NamedGroup: x25519 ( 1d )" \
				7488	-c "Verifying peer X.509 certificate... ok" \
				7489	-C "received HelloRetryRequest message"
				7490
				7491	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7492	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7493	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7494	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7495	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7496	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7497	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7498	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7499	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7500	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7501	0 \
				7502	-c "HTTP/1.0 200 ok" \
				7503	-c "Protocol is TLSv1.3" \
				7504	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7505	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7506	-c "NamedGroup: x25519 ( 1d )" \
				7507	-c "Verifying peer X.509 certificate... ok" \
				7508	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7509
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7510	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7511	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7512	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7513	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7514	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7515	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	7516	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7517	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7518	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7519	0 \
				7520	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7521	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7522	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7523	-c "Certificate Verify: Signature algorithm ( 0403 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7524	-c "NamedGroup: x448 ( 1e )" \
				7525	-c "Verifying peer X.509 certificate... ok" \
				7526	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7527
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7528	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7529	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7530	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7531	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7532	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7533	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7534	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7535	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7536	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7537	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7538	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7539	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7540	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7541	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7542	-c "NamedGroup: x448 ( 1e )" \
				7543	-c "Verifying peer X.509 certificate... ok" \
				7544	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7545
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7546	requires_openssl_tls1_3
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7547	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7548	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7549	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7550	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7551	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7552	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7553	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7554	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7555	0 \
				7556	-c "HTTP/1.0 200 ok" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	7557	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7558	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7559	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7560	-c "NamedGroup: x448 ( 1e )" \
				7561	-c "Verifying peer X.509 certificate... ok" \
				7562	-C "received HelloRetryRequest message"
				7563
				7564	requires_openssl_tls1_3
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7565	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7566	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7567	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7568	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7569	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7570	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7571	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	7572	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7573	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7574	0 \
				7575	-c "HTTP/1.0 200 ok" \
				7576	-c "Protocol is TLSv1.3" \
				7577	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7578	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7579	-c "NamedGroup: x448 ( 1e )" \
				7580	-c "Verifying peer X.509 certificate... ok" \
				7581	-C "received HelloRetryRequest message"
				7582
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7583	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7584	requires_config_enabled MBEDTLS_SSL_CLI_C
				7585	requires_config_enabled MBEDTLS_DEBUG_C
				7586	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7587	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7588	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7589	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				7590	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7591	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				7592	0 \
				7593	-c "HTTP/1.0 200 ok" \
				7594	-c "Protocol is TLSv1.3" \
				7595	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7596	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7597	-c "NamedGroup: ffdhe2048 ( 100 )" \
				7598	-c "Verifying peer X.509 certificate... ok" \
				7599	-C "received HelloRetryRequest message"
				7600
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7601	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7602	requires_config_enabled MBEDTLS_SSL_CLI_C
				7603	requires_config_enabled MBEDTLS_DEBUG_C
				7604	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7605	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7606	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7607	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				7608	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7609	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				7610	0 \
				7611	-c "HTTP/1.0 200 ok" \
				7612	-c "Protocol is TLSv1.3" \
				7613	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7614	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7615	-c "NamedGroup: ffdhe2048 ( 100 )" \
				7616	-c "Verifying peer X.509 certificate... ok" \
				7617	-C "received HelloRetryRequest message"
				7618
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7619	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7620	requires_config_enabled MBEDTLS_SSL_CLI_C
				7621	requires_config_enabled MBEDTLS_DEBUG_C
				7622	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7623	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7624	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7625	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				7626	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7627	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				7628	0 \
				7629	-c "HTTP/1.0 200 ok" \
				7630	-c "Protocol is TLSv1.3" \
				7631	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7632	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7633	-c "NamedGroup: ffdhe2048 ( 100 )" \
				7634	-c "Verifying peer X.509 certificate... ok" \
				7635	-C "received HelloRetryRequest message"
				7636
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7637	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7638	requires_config_enabled MBEDTLS_SSL_CLI_C
				7639	requires_config_enabled MBEDTLS_DEBUG_C
				7640	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7641	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7642	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7643	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7644	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				7645	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7646	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				7647	0 \
				7648	-c "HTTP/1.0 200 ok" \
				7649	-c "Protocol is TLSv1.3" \
				7650	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7651	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7652	-c "NamedGroup: ffdhe2048 ( 100 )" \
				7653	-c "Verifying peer X.509 certificate... ok" \
				7654	-C "received HelloRetryRequest message"
				7655
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7656	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	7657	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7658	requires_config_enabled MBEDTLS_SSL_CLI_C
				7659	requires_config_enabled MBEDTLS_DEBUG_C
				7660	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7661	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7662	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7663	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				7664	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7665	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				7666	0 \
				7667	-c "HTTP/1.0 200 ok" \
				7668	-c "Protocol is TLSv1.3" \
				7669	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7670	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7671	-c "NamedGroup: ffdhe8192 ( 104 )" \
				7672	-c "Verifying peer X.509 certificate... ok" \
				7673	-C "received HelloRetryRequest message"
				7674
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7675	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	7676	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7677	requires_config_enabled MBEDTLS_SSL_CLI_C
				7678	requires_config_enabled MBEDTLS_DEBUG_C
				7679	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7680	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7681	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7682	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				7683	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7684	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				7685	0 \
				7686	-c "HTTP/1.0 200 ok" \
				7687	-c "Protocol is TLSv1.3" \
				7688	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7689	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7690	-c "NamedGroup: ffdhe8192 ( 104 )" \
				7691	-c "Verifying peer X.509 certificate... ok" \
				7692	-C "received HelloRetryRequest message"
				7693
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7694	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	7695	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7696	requires_config_enabled MBEDTLS_SSL_CLI_C
				7697	requires_config_enabled MBEDTLS_DEBUG_C
				7698	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7699	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7700	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7701	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				7702	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7703	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				7704	0 \
				7705	-c "HTTP/1.0 200 ok" \
				7706	-c "Protocol is TLSv1.3" \
				7707	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7708	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7709	-c "NamedGroup: ffdhe8192 ( 104 )" \
				7710	-c "Verifying peer X.509 certificate... ok" \
				7711	-C "received HelloRetryRequest message"
				7712
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	7713	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	7714	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7715	requires_config_enabled MBEDTLS_SSL_CLI_C
				7716	requires_config_enabled MBEDTLS_DEBUG_C
				7717	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				7718	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7719	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7720	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	7721	run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				7722	"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				7723	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				7724	0 \
				7725	-c "HTTP/1.0 200 ok" \
				7726	-c "Protocol is TLSv1.3" \
				7727	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				7728	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7729	-c "NamedGroup: ffdhe8192 ( 104 )" \
				7730	-c "Verifying peer X.509 certificate... ok" \
				7731	-C "received HelloRetryRequest message"
				7732
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7733	requires_gnutls_tls1_3
				7734	requires_gnutls_next_no_ticket
				7735	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7736	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7737	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7738	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7739	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7740	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7741	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	7742	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7743	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7744	0 \
				7745	-c "HTTP/1.0 200 OK" \
				7746	-c "Protocol is TLSv1.3" \
				7747	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7748	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7749	-c "NamedGroup: secp256r1 ( 17 )" \
				7750	-c "Verifying peer X.509 certificate... ok" \
				7751	-C "received HelloRetryRequest message"
				7752
				7753	requires_gnutls_tls1_3
				7754	requires_gnutls_next_no_ticket
				7755	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7756	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7757	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7758	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7759	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7760	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7761	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	7762	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7763	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7764	0 \
				7765	-c "HTTP/1.0 200 OK" \
				7766	-c "Protocol is TLSv1.3" \
				7767	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	7768	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	7769	-c "NamedGroup: secp256r1 ( 17 )" \
				7770	-c "Verifying peer X.509 certificate... ok" \
				7771	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	7772
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7773	requires_gnutls_tls1_3
				7774	requires_gnutls_next_no_ticket
				7775	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	7776	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7777	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7778	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	7779	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7780	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7781	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	7782	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7783	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7784	0 \
				7785	-c "HTTP/1.0 200 OK" \
				7786	-c "Protocol is TLSv1.3" \
				7787	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7788	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7789	-c "NamedGroup: secp256r1 ( 17 )" \
				7790	-c "Verifying peer X.509 certificate... ok" \
				7791	-C "received HelloRetryRequest message"
				7792
				7793	requires_gnutls_tls1_3
				7794	requires_gnutls_next_no_ticket
				7795	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7796	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7797	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7798	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7799	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7800	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7801	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7802	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	7803	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7804	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7805	0 \
				7806	-c "HTTP/1.0 200 OK" \
				7807	-c "Protocol is TLSv1.3" \
				7808	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7809	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7810	-c "NamedGroup: secp256r1 ( 17 )" \
				7811	-c "Verifying peer X.509 certificate... ok" \
				7812	-C "received HelloRetryRequest message"
				7813
				7814	requires_gnutls_tls1_3
				7815	requires_gnutls_next_no_ticket
				7816	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7817	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7818	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7819	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7820	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7821	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7822	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	7823	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7824	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7825	0 \
				7826	-c "HTTP/1.0 200 OK" \
				7827	-c "Protocol is TLSv1.3" \
				7828	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7829	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7830	-c "NamedGroup: secp384r1 ( 18 )" \
				7831	-c "Verifying peer X.509 certificate... ok" \
				7832	-C "received HelloRetryRequest message"
				7833
				7834	requires_gnutls_tls1_3
				7835	requires_gnutls_next_no_ticket
				7836	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7837	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7838	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7839	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7840	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7841	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7842	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	7843	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7844	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7845	0 \
				7846	-c "HTTP/1.0 200 OK" \
				7847	-c "Protocol is TLSv1.3" \
				7848	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7849	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7850	-c "NamedGroup: secp384r1 ( 18 )" \
				7851	-c "Verifying peer X.509 certificate... ok" \
				7852	-C "received HelloRetryRequest message"
				7853
				7854	requires_gnutls_tls1_3
				7855	requires_gnutls_next_no_ticket
				7856	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7857	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7858	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7859	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7860	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7861	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7862	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	7863	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7864	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7865	0 \
				7866	-c "HTTP/1.0 200 OK" \
				7867	-c "Protocol is TLSv1.3" \
				7868	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7869	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7870	-c "NamedGroup: secp384r1 ( 18 )" \
				7871	-c "Verifying peer X.509 certificate... ok" \
				7872	-C "received HelloRetryRequest message"
				7873
				7874	requires_gnutls_tls1_3
				7875	requires_gnutls_next_no_ticket
				7876	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7877	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7878	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7879	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7880	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7881	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7882	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7883	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	7884	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7885	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7886	0 \
				7887	-c "HTTP/1.0 200 OK" \
				7888	-c "Protocol is TLSv1.3" \
				7889	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7890	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7891	-c "NamedGroup: secp384r1 ( 18 )" \
				7892	-c "Verifying peer X.509 certificate... ok" \
				7893	-C "received HelloRetryRequest message"
				7894
				7895	requires_gnutls_tls1_3
				7896	requires_gnutls_next_no_ticket
				7897	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7898	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7899	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7900	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7901	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7902	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7903	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	7904	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7905	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7906	0 \
				7907	-c "HTTP/1.0 200 OK" \
				7908	-c "Protocol is TLSv1.3" \
				7909	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7910	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7911	-c "NamedGroup: secp521r1 ( 19 )" \
				7912	-c "Verifying peer X.509 certificate... ok" \
				7913	-C "received HelloRetryRequest message"
				7914
				7915	requires_gnutls_tls1_3
				7916	requires_gnutls_next_no_ticket
				7917	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7918	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7919	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7920	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7921	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7922	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7923	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	7924	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7925	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7926	0 \
				7927	-c "HTTP/1.0 200 OK" \
				7928	-c "Protocol is TLSv1.3" \
				7929	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7930	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				7931	-c "NamedGroup: secp521r1 ( 19 )" \
				7932	-c "Verifying peer X.509 certificate... ok" \
				7933	-C "received HelloRetryRequest message"
				7934
				7935	requires_gnutls_tls1_3
				7936	requires_gnutls_next_no_ticket
				7937	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7938	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7939	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7940	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7941	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7942	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7943	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	7944	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7945	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7946	0 \
				7947	-c "HTTP/1.0 200 OK" \
				7948	-c "Protocol is TLSv1.3" \
				7949	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7950	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				7951	-c "NamedGroup: secp521r1 ( 19 )" \
				7952	-c "Verifying peer X.509 certificate... ok" \
				7953	-C "received HelloRetryRequest message"
				7954
				7955	requires_gnutls_tls1_3
				7956	requires_gnutls_next_no_ticket
				7957	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7958	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7959	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7960	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7961	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				7962	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7963	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7964	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	7965	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7966	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7967	0 \
				7968	-c "HTTP/1.0 200 OK" \
				7969	-c "Protocol is TLSv1.3" \
				7970	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7971	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				7972	-c "NamedGroup: secp521r1 ( 19 )" \
				7973	-c "Verifying peer X.509 certificate... ok" \
				7974	-C "received HelloRetryRequest message"
				7975
				7976	requires_gnutls_tls1_3
				7977	requires_gnutls_next_no_ticket
				7978	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7979	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	7980	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	7981	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7982	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	7983	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7984	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	7985	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	7986	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7987	0 \
				7988	-c "HTTP/1.0 200 OK" \
				7989	-c "Protocol is TLSv1.3" \
				7990	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				7991	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				7992	-c "NamedGroup: x25519 ( 1d )" \
				7993	-c "Verifying peer X.509 certificate... ok" \
				7994	-C "received HelloRetryRequest message"
				7995
				7996	requires_gnutls_tls1_3
				7997	requires_gnutls_next_no_ticket
				7998	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	7999	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8000	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8001	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8002	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8003	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8004	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8005	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8006	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8007	0 \
				8008	-c "HTTP/1.0 200 OK" \
				8009	-c "Protocol is TLSv1.3" \
				8010	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8011	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8012	-c "NamedGroup: x25519 ( 1d )" \
				8013	-c "Verifying peer X.509 certificate... ok" \
				8014	-C "received HelloRetryRequest message"
				8015
				8016	requires_gnutls_tls1_3
				8017	requires_gnutls_next_no_ticket
				8018	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8019	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8020	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8021	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8022	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8023	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8024	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8025	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8026	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8027	0 \
				8028	-c "HTTP/1.0 200 OK" \
				8029	-c "Protocol is TLSv1.3" \
				8030	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8031	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8032	-c "NamedGroup: x25519 ( 1d )" \
				8033	-c "Verifying peer X.509 certificate... ok" \
				8034	-C "received HelloRetryRequest message"
				8035
				8036	requires_gnutls_tls1_3
				8037	requires_gnutls_next_no_ticket
				8038	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8039	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8040	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8041	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8042	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8043	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8044	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8045	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8046	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8047	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8048	0 \
				8049	-c "HTTP/1.0 200 OK" \
				8050	-c "Protocol is TLSv1.3" \
				8051	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8052	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8053	-c "NamedGroup: x25519 ( 1d )" \
				8054	-c "Verifying peer X.509 certificate... ok" \
				8055	-C "received HelloRetryRequest message"
				8056
				8057	requires_gnutls_tls1_3
				8058	requires_gnutls_next_no_ticket
				8059	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8060	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8061	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8062	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8063	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8064	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8065	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8066	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8067	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8068	0 \
				8069	-c "HTTP/1.0 200 OK" \
				8070	-c "Protocol is TLSv1.3" \
				8071	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8072	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8073	-c "NamedGroup: x448 ( 1e )" \
				8074	-c "Verifying peer X.509 certificate... ok" \
				8075	-C "received HelloRetryRequest message"
				8076
				8077	requires_gnutls_tls1_3
				8078	requires_gnutls_next_no_ticket
				8079	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8080	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8081	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8082	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8083	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8084	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8085	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8086	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8087	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8088	0 \
				8089	-c "HTTP/1.0 200 OK" \
				8090	-c "Protocol is TLSv1.3" \
				8091	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8092	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8093	-c "NamedGroup: x448 ( 1e )" \
				8094	-c "Verifying peer X.509 certificate... ok" \
				8095	-C "received HelloRetryRequest message"
				8096
				8097	requires_gnutls_tls1_3
				8098	requires_gnutls_next_no_ticket
				8099	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8100	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8101	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8102	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8103	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8104	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8105	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8106	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8107	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8108	0 \
				8109	-c "HTTP/1.0 200 OK" \
				8110	-c "Protocol is TLSv1.3" \
				8111	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8112	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8113	-c "NamedGroup: x448 ( 1e )" \
				8114	-c "Verifying peer X.509 certificate... ok" \
				8115	-C "received HelloRetryRequest message"
				8116
				8117	requires_gnutls_tls1_3
				8118	requires_gnutls_next_no_ticket
				8119	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8120	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8121	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8122	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8123	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8124	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8125	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8126	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8127	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8128	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8129	0 \
				8130	-c "HTTP/1.0 200 OK" \
				8131	-c "Protocol is TLSv1.3" \
				8132	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8133	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8134	-c "NamedGroup: x448 ( 1e )" \
				8135	-c "Verifying peer X.509 certificate... ok" \
				8136	-C "received HelloRetryRequest message"
				8137
				8138	requires_gnutls_tls1_3
				8139	requires_gnutls_next_no_ticket
				8140	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8141	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8142	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8143	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8144	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8145	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8146	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				8147	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				8148	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				8149	0 \
				8150	-c "HTTP/1.0 200 OK" \
				8151	-c "Protocol is TLSv1.3" \
				8152	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8153	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8154	-c "NamedGroup: ffdhe2048 ( 100 )" \
				8155	-c "Verifying peer X.509 certificate... ok" \
				8156	-C "received HelloRetryRequest message"
				8157
				8158	requires_gnutls_tls1_3
				8159	requires_gnutls_next_no_ticket
				8160	requires_gnutls_next_disable_tls13_compat
				8161	requires_config_enabled MBEDTLS_SSL_CLI_C
				8162	requires_config_enabled MBEDTLS_DEBUG_C
				8163	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8164	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8165	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8166	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				8167	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				8168	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				8169	0 \
				8170	-c "HTTP/1.0 200 OK" \
				8171	-c "Protocol is TLSv1.3" \
				8172	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8173	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8174	-c "NamedGroup: ffdhe2048 ( 100 )" \
				8175	-c "Verifying peer X.509 certificate... ok" \
				8176	-C "received HelloRetryRequest message"
				8177
				8178	requires_gnutls_tls1_3
				8179	requires_gnutls_next_no_ticket
				8180	requires_gnutls_next_disable_tls13_compat
				8181	requires_config_enabled MBEDTLS_SSL_CLI_C
				8182	requires_config_enabled MBEDTLS_DEBUG_C
				8183	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8184	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8185	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8186	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				8187	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				8188	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				8189	0 \
				8190	-c "HTTP/1.0 200 OK" \
				8191	-c "Protocol is TLSv1.3" \
				8192	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8193	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8194	-c "NamedGroup: ffdhe2048 ( 100 )" \
				8195	-c "Verifying peer X.509 certificate... ok" \
				8196	-C "received HelloRetryRequest message"
				8197
				8198	requires_gnutls_tls1_3
				8199	requires_gnutls_next_no_ticket
				8200	requires_gnutls_next_disable_tls13_compat
				8201	requires_config_enabled MBEDTLS_SSL_CLI_C
				8202	requires_config_enabled MBEDTLS_DEBUG_C
				8203	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8204	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8205	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8206	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8207	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				8208	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				8209	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				8210	0 \
				8211	-c "HTTP/1.0 200 OK" \
				8212	-c "Protocol is TLSv1.3" \
				8213	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8214	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8215	-c "NamedGroup: ffdhe2048 ( 100 )" \
				8216	-c "Verifying peer X.509 certificate... ok" \
				8217	-C "received HelloRetryRequest message"
				8218
				8219	requires_gnutls_tls1_3
				8220	requires_gnutls_next_no_ticket
				8221	requires_gnutls_next_disable_tls13_compat
				8222	requires_config_enabled MBEDTLS_SSL_CLI_C
				8223	requires_config_enabled MBEDTLS_DEBUG_C
				8224	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8225	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8226	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8227	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				8228	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				8229	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				8230	0 \
				8231	-c "HTTP/1.0 200 OK" \
				8232	-c "Protocol is TLSv1.3" \
				8233	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8234	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8235	-c "NamedGroup: ffdhe8192 ( 104 )" \
				8236	-c "Verifying peer X.509 certificate... ok" \
				8237	-C "received HelloRetryRequest message"
				8238
				8239	requires_gnutls_tls1_3
				8240	requires_gnutls_next_no_ticket
				8241	requires_gnutls_next_disable_tls13_compat
				8242	requires_config_enabled MBEDTLS_SSL_CLI_C
				8243	requires_config_enabled MBEDTLS_DEBUG_C
				8244	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8245	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8246	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8247	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				8248	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				8249	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				8250	0 \
				8251	-c "HTTP/1.0 200 OK" \
				8252	-c "Protocol is TLSv1.3" \
				8253	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8254	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8255	-c "NamedGroup: ffdhe8192 ( 104 )" \
				8256	-c "Verifying peer X.509 certificate... ok" \
				8257	-C "received HelloRetryRequest message"
				8258
				8259	requires_gnutls_tls1_3
				8260	requires_gnutls_next_no_ticket
				8261	requires_gnutls_next_disable_tls13_compat
				8262	requires_config_enabled MBEDTLS_SSL_CLI_C
				8263	requires_config_enabled MBEDTLS_DEBUG_C
				8264	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8265	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8266	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8267	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				8268	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				8269	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				8270	0 \
				8271	-c "HTTP/1.0 200 OK" \
				8272	-c "Protocol is TLSv1.3" \
				8273	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8274	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8275	-c "NamedGroup: ffdhe8192 ( 104 )" \
				8276	-c "Verifying peer X.509 certificate... ok" \
				8277	-C "received HelloRetryRequest message"
				8278
				8279	requires_gnutls_tls1_3
				8280	requires_gnutls_next_no_ticket
				8281	requires_gnutls_next_disable_tls13_compat
				8282	requires_config_enabled MBEDTLS_SSL_CLI_C
				8283	requires_config_enabled MBEDTLS_DEBUG_C
				8284	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8285	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8286	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8287	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8288	run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				8289	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				8290	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				8291	0 \
				8292	-c "HTTP/1.0 200 OK" \
				8293	-c "Protocol is TLSv1.3" \
				8294	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				8295	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8296	-c "NamedGroup: ffdhe8192 ( 104 )" \
				8297	-c "Verifying peer X.509 certificate... ok" \
				8298	-C "received HelloRetryRequest message"
				8299
				8300	requires_gnutls_tls1_3
				8301	requires_gnutls_next_no_ticket
				8302	requires_gnutls_next_disable_tls13_compat
				8303	requires_config_enabled MBEDTLS_SSL_CLI_C
				8304	requires_config_enabled MBEDTLS_DEBUG_C
				8305	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8306	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8307	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8308	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8309	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8310	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8311	0 \
				8312	-c "HTTP/1.0 200 OK" \
				8313	-c "Protocol is TLSv1.3" \
				8314	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8315	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8316	-c "NamedGroup: secp256r1 ( 17 )" \
				8317	-c "Verifying peer X.509 certificate... ok" \
				8318	-C "received HelloRetryRequest message"
				8319
				8320	requires_gnutls_tls1_3
				8321	requires_gnutls_next_no_ticket
				8322	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8323	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8324	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8325	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8326	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8327	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8328	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8329	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8330	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8331	0 \
				8332	-c "HTTP/1.0 200 OK" \
				8333	-c "Protocol is TLSv1.3" \
				8334	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8335	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8336	-c "NamedGroup: secp256r1 ( 17 )" \
				8337	-c "Verifying peer X.509 certificate... ok" \
				8338	-C "received HelloRetryRequest message"
				8339
				8340	requires_gnutls_tls1_3
				8341	requires_gnutls_next_no_ticket
				8342	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8343	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8344	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8345	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8346	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8347	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8348	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8349	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8350	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8351	0 \
				8352	-c "HTTP/1.0 200 OK" \
				8353	-c "Protocol is TLSv1.3" \
				8354	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8355	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8356	-c "NamedGroup: secp256r1 ( 17 )" \
				8357	-c "Verifying peer X.509 certificate... ok" \
				8358	-C "received HelloRetryRequest message"
				8359
				8360	requires_gnutls_tls1_3
				8361	requires_gnutls_next_no_ticket
				8362	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8363	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8364	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8365	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8366	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8367	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8368	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8369	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8370	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8371	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8372	0 \
				8373	-c "HTTP/1.0 200 OK" \
				8374	-c "Protocol is TLSv1.3" \
				8375	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8376	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8377	-c "NamedGroup: secp256r1 ( 17 )" \
				8378	-c "Verifying peer X.509 certificate... ok" \
				8379	-C "received HelloRetryRequest message"
				8380
				8381	requires_gnutls_tls1_3
				8382	requires_gnutls_next_no_ticket
				8383	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8384	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8385	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8386	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8387	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8388	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8389	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8390	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8391	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8392	0 \
				8393	-c "HTTP/1.0 200 OK" \
				8394	-c "Protocol is TLSv1.3" \
				8395	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8396	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8397	-c "NamedGroup: secp384r1 ( 18 )" \
				8398	-c "Verifying peer X.509 certificate... ok" \
				8399	-C "received HelloRetryRequest message"
				8400
				8401	requires_gnutls_tls1_3
				8402	requires_gnutls_next_no_ticket
				8403	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8404	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8405	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8406	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8407	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8408	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8409	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8410	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8411	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8412	0 \
				8413	-c "HTTP/1.0 200 OK" \
				8414	-c "Protocol is TLSv1.3" \
				8415	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8416	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8417	-c "NamedGroup: secp384r1 ( 18 )" \
				8418	-c "Verifying peer X.509 certificate... ok" \
				8419	-C "received HelloRetryRequest message"
				8420
				8421	requires_gnutls_tls1_3
				8422	requires_gnutls_next_no_ticket
				8423	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8424	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8425	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8426	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8427	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8428	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8429	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8430	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8431	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8432	0 \
				8433	-c "HTTP/1.0 200 OK" \
				8434	-c "Protocol is TLSv1.3" \
				8435	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8436	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8437	-c "NamedGroup: secp384r1 ( 18 )" \
				8438	-c "Verifying peer X.509 certificate... ok" \
				8439	-C "received HelloRetryRequest message"
				8440
				8441	requires_gnutls_tls1_3
				8442	requires_gnutls_next_no_ticket
				8443	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8444	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8445	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8446	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8447	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8448	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8449	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8450	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8451	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8452	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8453	0 \
				8454	-c "HTTP/1.0 200 OK" \
				8455	-c "Protocol is TLSv1.3" \
				8456	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8457	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8458	-c "NamedGroup: secp384r1 ( 18 )" \
				8459	-c "Verifying peer X.509 certificate... ok" \
				8460	-C "received HelloRetryRequest message"
				8461
				8462	requires_gnutls_tls1_3
				8463	requires_gnutls_next_no_ticket
				8464	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8465	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8466	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8467	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8468	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8469	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8470	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8471	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8472	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8473	0 \
				8474	-c "HTTP/1.0 200 OK" \
				8475	-c "Protocol is TLSv1.3" \
				8476	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8477	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8478	-c "NamedGroup: secp521r1 ( 19 )" \
				8479	-c "Verifying peer X.509 certificate... ok" \
				8480	-C "received HelloRetryRequest message"
				8481
				8482	requires_gnutls_tls1_3
				8483	requires_gnutls_next_no_ticket
				8484	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8485	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8486	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8487	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8488	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8489	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8490	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8491	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8492	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8493	0 \
				8494	-c "HTTP/1.0 200 OK" \
				8495	-c "Protocol is TLSv1.3" \
				8496	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8497	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8498	-c "NamedGroup: secp521r1 ( 19 )" \
				8499	-c "Verifying peer X.509 certificate... ok" \
				8500	-C "received HelloRetryRequest message"
				8501
				8502	requires_gnutls_tls1_3
				8503	requires_gnutls_next_no_ticket
				8504	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8505	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8506	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8507	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8508	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8509	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8510	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8511	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8512	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8513	0 \
				8514	-c "HTTP/1.0 200 OK" \
				8515	-c "Protocol is TLSv1.3" \
				8516	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8517	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8518	-c "NamedGroup: secp521r1 ( 19 )" \
				8519	-c "Verifying peer X.509 certificate... ok" \
				8520	-C "received HelloRetryRequest message"
				8521
				8522	requires_gnutls_tls1_3
				8523	requires_gnutls_next_no_ticket
				8524	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8525	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8526	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8527	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8528	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8529	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8530	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8531	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8532	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8533	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8534	0 \
				8535	-c "HTTP/1.0 200 OK" \
				8536	-c "Protocol is TLSv1.3" \
				8537	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8538	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8539	-c "NamedGroup: secp521r1 ( 19 )" \
				8540	-c "Verifying peer X.509 certificate... ok" \
				8541	-C "received HelloRetryRequest message"
				8542
				8543	requires_gnutls_tls1_3
				8544	requires_gnutls_next_no_ticket
				8545	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8546	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8547	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8548	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8549	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8550	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8551	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8552	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8553	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8554	0 \
				8555	-c "HTTP/1.0 200 OK" \
				8556	-c "Protocol is TLSv1.3" \
				8557	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8558	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8559	-c "NamedGroup: x25519 ( 1d )" \
				8560	-c "Verifying peer X.509 certificate... ok" \
				8561	-C "received HelloRetryRequest message"
				8562
				8563	requires_gnutls_tls1_3
				8564	requires_gnutls_next_no_ticket
				8565	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8566	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8567	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8568	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8569	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8570	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8571	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8572	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8573	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8574	0 \
				8575	-c "HTTP/1.0 200 OK" \
				8576	-c "Protocol is TLSv1.3" \
				8577	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8578	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8579	-c "NamedGroup: x25519 ( 1d )" \
				8580	-c "Verifying peer X.509 certificate... ok" \
				8581	-C "received HelloRetryRequest message"
				8582
				8583	requires_gnutls_tls1_3
				8584	requires_gnutls_next_no_ticket
				8585	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8586	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8587	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8588	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8589	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8590	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8591	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8592	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8593	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8594	0 \
				8595	-c "HTTP/1.0 200 OK" \
				8596	-c "Protocol is TLSv1.3" \
				8597	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8598	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8599	-c "NamedGroup: x25519 ( 1d )" \
				8600	-c "Verifying peer X.509 certificate... ok" \
				8601	-C "received HelloRetryRequest message"
				8602
				8603	requires_gnutls_tls1_3
				8604	requires_gnutls_next_no_ticket
				8605	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8606	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8607	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8608	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8609	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8610	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8611	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8612	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8613	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8614	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8615	0 \
				8616	-c "HTTP/1.0 200 OK" \
				8617	-c "Protocol is TLSv1.3" \
				8618	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8619	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8620	-c "NamedGroup: x25519 ( 1d )" \
				8621	-c "Verifying peer X.509 certificate... ok" \
				8622	-C "received HelloRetryRequest message"
				8623
				8624	requires_gnutls_tls1_3
				8625	requires_gnutls_next_no_ticket
				8626	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8627	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8628	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8629	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8630	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8631	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8632	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8633	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8634	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8635	0 \
				8636	-c "HTTP/1.0 200 OK" \
				8637	-c "Protocol is TLSv1.3" \
				8638	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8639	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8640	-c "NamedGroup: x448 ( 1e )" \
				8641	-c "Verifying peer X.509 certificate... ok" \
				8642	-C "received HelloRetryRequest message"
				8643
				8644	requires_gnutls_tls1_3
				8645	requires_gnutls_next_no_ticket
				8646	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8647	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8648	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8649	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8650	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8651	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8652	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8653	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8654	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8655	0 \
				8656	-c "HTTP/1.0 200 OK" \
				8657	-c "Protocol is TLSv1.3" \
				8658	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8659	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8660	-c "NamedGroup: x448 ( 1e )" \
				8661	-c "Verifying peer X.509 certificate... ok" \
				8662	-C "received HelloRetryRequest message"
				8663
				8664	requires_gnutls_tls1_3
				8665	requires_gnutls_next_no_ticket
				8666	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8667	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8668	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8669	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8670	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8671	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8672	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8673	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8674	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8675	0 \
				8676	-c "HTTP/1.0 200 OK" \
				8677	-c "Protocol is TLSv1.3" \
				8678	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8679	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8680	-c "NamedGroup: x448 ( 1e )" \
				8681	-c "Verifying peer X.509 certificate... ok" \
				8682	-C "received HelloRetryRequest message"
				8683
				8684	requires_gnutls_tls1_3
				8685	requires_gnutls_next_no_ticket
				8686	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8687	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8688	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8689	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8690	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8691	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8692	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8693	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8694	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8695	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8696	0 \
				8697	-c "HTTP/1.0 200 OK" \
				8698	-c "Protocol is TLSv1.3" \
				8699	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8700	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8701	-c "NamedGroup: x448 ( 1e )" \
				8702	-c "Verifying peer X.509 certificate... ok" \
				8703	-C "received HelloRetryRequest message"
				8704
				8705	requires_gnutls_tls1_3
				8706	requires_gnutls_next_no_ticket
				8707	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8708	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8709	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8710	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8711	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8712	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8713	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
				8714	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				8715	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				8716	0 \
				8717	-c "HTTP/1.0 200 OK" \
				8718	-c "Protocol is TLSv1.3" \
				8719	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8720	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8721	-c "NamedGroup: ffdhe2048 ( 100 )" \
				8722	-c "Verifying peer X.509 certificate... ok" \
				8723	-C "received HelloRetryRequest message"
				8724
				8725	requires_gnutls_tls1_3
				8726	requires_gnutls_next_no_ticket
				8727	requires_gnutls_next_disable_tls13_compat
				8728	requires_config_enabled MBEDTLS_SSL_CLI_C
				8729	requires_config_enabled MBEDTLS_DEBUG_C
				8730	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8731	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8732	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8733	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
				8734	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				8735	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				8736	0 \
				8737	-c "HTTP/1.0 200 OK" \
				8738	-c "Protocol is TLSv1.3" \
				8739	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8740	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8741	-c "NamedGroup: ffdhe2048 ( 100 )" \
				8742	-c "Verifying peer X.509 certificate... ok" \
				8743	-C "received HelloRetryRequest message"
				8744
				8745	requires_gnutls_tls1_3
				8746	requires_gnutls_next_no_ticket
				8747	requires_gnutls_next_disable_tls13_compat
				8748	requires_config_enabled MBEDTLS_SSL_CLI_C
				8749	requires_config_enabled MBEDTLS_DEBUG_C
				8750	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8751	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8752	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8753	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
				8754	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				8755	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				8756	0 \
				8757	-c "HTTP/1.0 200 OK" \
				8758	-c "Protocol is TLSv1.3" \
				8759	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8760	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8761	-c "NamedGroup: ffdhe2048 ( 100 )" \
				8762	-c "Verifying peer X.509 certificate... ok" \
				8763	-C "received HelloRetryRequest message"
				8764
				8765	requires_gnutls_tls1_3
				8766	requires_gnutls_next_no_ticket
				8767	requires_gnutls_next_disable_tls13_compat
				8768	requires_config_enabled MBEDTLS_SSL_CLI_C
				8769	requires_config_enabled MBEDTLS_DEBUG_C
				8770	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8771	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8772	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8773	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8774	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
				8775	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				8776	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				8777	0 \
				8778	-c "HTTP/1.0 200 OK" \
				8779	-c "Protocol is TLSv1.3" \
				8780	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8781	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8782	-c "NamedGroup: ffdhe2048 ( 100 )" \
				8783	-c "Verifying peer X.509 certificate... ok" \
				8784	-C "received HelloRetryRequest message"
				8785
				8786	requires_gnutls_tls1_3
				8787	requires_gnutls_next_no_ticket
				8788	requires_gnutls_next_disable_tls13_compat
				8789	requires_config_enabled MBEDTLS_SSL_CLI_C
				8790	requires_config_enabled MBEDTLS_DEBUG_C
				8791	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8792	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8793	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8794	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
				8795	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				8796	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				8797	0 \
				8798	-c "HTTP/1.0 200 OK" \
				8799	-c "Protocol is TLSv1.3" \
				8800	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8801	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8802	-c "NamedGroup: ffdhe8192 ( 104 )" \
				8803	-c "Verifying peer X.509 certificate... ok" \
				8804	-C "received HelloRetryRequest message"
				8805
				8806	requires_gnutls_tls1_3
				8807	requires_gnutls_next_no_ticket
				8808	requires_gnutls_next_disable_tls13_compat
				8809	requires_config_enabled MBEDTLS_SSL_CLI_C
				8810	requires_config_enabled MBEDTLS_DEBUG_C
				8811	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8812	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8813	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8814	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
				8815	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				8816	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				8817	0 \
				8818	-c "HTTP/1.0 200 OK" \
				8819	-c "Protocol is TLSv1.3" \
				8820	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8821	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8822	-c "NamedGroup: ffdhe8192 ( 104 )" \
				8823	-c "Verifying peer X.509 certificate... ok" \
				8824	-C "received HelloRetryRequest message"
				8825
				8826	requires_gnutls_tls1_3
				8827	requires_gnutls_next_no_ticket
				8828	requires_gnutls_next_disable_tls13_compat
				8829	requires_config_enabled MBEDTLS_SSL_CLI_C
				8830	requires_config_enabled MBEDTLS_DEBUG_C
				8831	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8832	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8833	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8834	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
				8835	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				8836	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				8837	0 \
				8838	-c "HTTP/1.0 200 OK" \
				8839	-c "Protocol is TLSv1.3" \
				8840	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8841	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8842	-c "NamedGroup: ffdhe8192 ( 104 )" \
				8843	-c "Verifying peer X.509 certificate... ok" \
				8844	-C "received HelloRetryRequest message"
				8845
				8846	requires_gnutls_tls1_3
				8847	requires_gnutls_next_no_ticket
				8848	requires_gnutls_next_disable_tls13_compat
				8849	requires_config_enabled MBEDTLS_SSL_CLI_C
				8850	requires_config_enabled MBEDTLS_DEBUG_C
				8851	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8852	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8853	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8854	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	8855	run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
				8856	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				8857	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				8858	0 \
				8859	-c "HTTP/1.0 200 OK" \
				8860	-c "Protocol is TLSv1.3" \
				8861	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				8862	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8863	-c "NamedGroup: ffdhe8192 ( 104 )" \
				8864	-c "Verifying peer X.509 certificate... ok" \
				8865	-C "received HelloRetryRequest message"
				8866
				8867	requires_gnutls_tls1_3
				8868	requires_gnutls_next_no_ticket
				8869	requires_gnutls_next_disable_tls13_compat
				8870	requires_config_enabled MBEDTLS_SSL_CLI_C
				8871	requires_config_enabled MBEDTLS_DEBUG_C
				8872	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				8873	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8874	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8875	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8876	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8877	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8878	0 \
				8879	-c "HTTP/1.0 200 OK" \
				8880	-c "Protocol is TLSv1.3" \
				8881	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8882	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8883	-c "NamedGroup: secp256r1 ( 17 )" \
				8884	-c "Verifying peer X.509 certificate... ok" \
				8885	-C "received HelloRetryRequest message"
				8886
				8887	requires_gnutls_tls1_3
				8888	requires_gnutls_next_no_ticket
				8889	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8890	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8891	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8892	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8893	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8894	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8895	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8896	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8897	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8898	0 \
				8899	-c "HTTP/1.0 200 OK" \
				8900	-c "Protocol is TLSv1.3" \
				8901	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8902	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8903	-c "NamedGroup: secp256r1 ( 17 )" \
				8904	-c "Verifying peer X.509 certificate... ok" \
				8905	-C "received HelloRetryRequest message"
				8906
				8907	requires_gnutls_tls1_3
				8908	requires_gnutls_next_no_ticket
				8909	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8910	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8911	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8912	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8913	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8914	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8915	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8916	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8917	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8918	0 \
				8919	-c "HTTP/1.0 200 OK" \
				8920	-c "Protocol is TLSv1.3" \
				8921	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8922	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				8923	-c "NamedGroup: secp256r1 ( 17 )" \
				8924	-c "Verifying peer X.509 certificate... ok" \
				8925	-C "received HelloRetryRequest message"
				8926
				8927	requires_gnutls_tls1_3
				8928	requires_gnutls_next_no_ticket
				8929	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8930	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8931	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8932	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8933	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				8934	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8935	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8936	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8937	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8938	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8939	0 \
				8940	-c "HTTP/1.0 200 OK" \
				8941	-c "Protocol is TLSv1.3" \
				8942	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8943	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				8944	-c "NamedGroup: secp256r1 ( 17 )" \
				8945	-c "Verifying peer X.509 certificate... ok" \
				8946	-C "received HelloRetryRequest message"
				8947
				8948	requires_gnutls_tls1_3
				8949	requires_gnutls_next_no_ticket
				8950	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8951	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8952	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8953	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8954	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8955	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8956	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8957	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8958	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8959	0 \
				8960	-c "HTTP/1.0 200 OK" \
				8961	-c "Protocol is TLSv1.3" \
				8962	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8963	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				8964	-c "NamedGroup: secp384r1 ( 18 )" \
				8965	-c "Verifying peer X.509 certificate... ok" \
				8966	-C "received HelloRetryRequest message"
				8967
				8968	requires_gnutls_tls1_3
				8969	requires_gnutls_next_no_ticket
				8970	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8971	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8972	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8973	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8974	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8975	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8976	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8977	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8978	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8979	0 \
				8980	-c "HTTP/1.0 200 OK" \
				8981	-c "Protocol is TLSv1.3" \
				8982	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				8983	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				8984	-c "NamedGroup: secp384r1 ( 18 )" \
				8985	-c "Verifying peer X.509 certificate... ok" \
				8986	-C "received HelloRetryRequest message"
				8987
				8988	requires_gnutls_tls1_3
				8989	requires_gnutls_next_no_ticket
				8990	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8991	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	8992	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	8993	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8994	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	8995	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8996	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	8997	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	8998	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	8999	0 \
				9000	-c "HTTP/1.0 200 OK" \
				9001	-c "Protocol is TLSv1.3" \
				9002	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9003	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9004	-c "NamedGroup: secp384r1 ( 18 )" \
				9005	-c "Verifying peer X.509 certificate... ok" \
				9006	-C "received HelloRetryRequest message"
				9007
				9008	requires_gnutls_tls1_3
				9009	requires_gnutls_next_no_ticket
				9010	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9011	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9012	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9013	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9014	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9015	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9016	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9017	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9018	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9019	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9020	0 \
				9021	-c "HTTP/1.0 200 OK" \
				9022	-c "Protocol is TLSv1.3" \
				9023	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9024	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9025	-c "NamedGroup: secp384r1 ( 18 )" \
				9026	-c "Verifying peer X.509 certificate... ok" \
				9027	-C "received HelloRetryRequest message"
				9028
				9029	requires_gnutls_tls1_3
				9030	requires_gnutls_next_no_ticket
				9031	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9032	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9033	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9034	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9035	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9036	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9037	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9038	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9039	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9040	0 \
				9041	-c "HTTP/1.0 200 OK" \
				9042	-c "Protocol is TLSv1.3" \
				9043	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9044	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9045	-c "NamedGroup: secp521r1 ( 19 )" \
				9046	-c "Verifying peer X.509 certificate... ok" \
				9047	-C "received HelloRetryRequest message"
				9048
				9049	requires_gnutls_tls1_3
				9050	requires_gnutls_next_no_ticket
				9051	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9052	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9053	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9054	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9055	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9056	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9057	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9058	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9059	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9060	0 \
				9061	-c "HTTP/1.0 200 OK" \
				9062	-c "Protocol is TLSv1.3" \
				9063	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9064	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9065	-c "NamedGroup: secp521r1 ( 19 )" \
				9066	-c "Verifying peer X.509 certificate... ok" \
				9067	-C "received HelloRetryRequest message"
				9068
				9069	requires_gnutls_tls1_3
				9070	requires_gnutls_next_no_ticket
				9071	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9072	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9073	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9074	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9075	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9076	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9077	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9078	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9079	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9080	0 \
				9081	-c "HTTP/1.0 200 OK" \
				9082	-c "Protocol is TLSv1.3" \
				9083	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9084	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9085	-c "NamedGroup: secp521r1 ( 19 )" \
				9086	-c "Verifying peer X.509 certificate... ok" \
				9087	-C "received HelloRetryRequest message"
				9088
				9089	requires_gnutls_tls1_3
				9090	requires_gnutls_next_no_ticket
				9091	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9092	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9093	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9094	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9095	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9096	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9097	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9098	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9099	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9100	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9101	0 \
				9102	-c "HTTP/1.0 200 OK" \
				9103	-c "Protocol is TLSv1.3" \
				9104	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9105	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9106	-c "NamedGroup: secp521r1 ( 19 )" \
				9107	-c "Verifying peer X.509 certificate... ok" \
				9108	-C "received HelloRetryRequest message"
				9109
				9110	requires_gnutls_tls1_3
				9111	requires_gnutls_next_no_ticket
				9112	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9113	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9114	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9115	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9116	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9117	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9118	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9119	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9120	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9121	0 \
				9122	-c "HTTP/1.0 200 OK" \
				9123	-c "Protocol is TLSv1.3" \
				9124	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9125	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9126	-c "NamedGroup: x25519 ( 1d )" \
				9127	-c "Verifying peer X.509 certificate... ok" \
				9128	-C "received HelloRetryRequest message"
				9129
				9130	requires_gnutls_tls1_3
				9131	requires_gnutls_next_no_ticket
				9132	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9133	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9134	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9135	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9136	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9137	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9138	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9139	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9140	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9141	0 \
				9142	-c "HTTP/1.0 200 OK" \
				9143	-c "Protocol is TLSv1.3" \
				9144	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9145	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9146	-c "NamedGroup: x25519 ( 1d )" \
				9147	-c "Verifying peer X.509 certificate... ok" \
				9148	-C "received HelloRetryRequest message"
				9149
				9150	requires_gnutls_tls1_3
				9151	requires_gnutls_next_no_ticket
				9152	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9153	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9154	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9155	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9156	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9157	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9158	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9159	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9160	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9161	0 \
				9162	-c "HTTP/1.0 200 OK" \
				9163	-c "Protocol is TLSv1.3" \
				9164	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9165	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9166	-c "NamedGroup: x25519 ( 1d )" \
				9167	-c "Verifying peer X.509 certificate... ok" \
				9168	-C "received HelloRetryRequest message"
				9169
				9170	requires_gnutls_tls1_3
				9171	requires_gnutls_next_no_ticket
				9172	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9173	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9174	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9175	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9176	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9177	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9178	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9179	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9180	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9181	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9182	0 \
				9183	-c "HTTP/1.0 200 OK" \
				9184	-c "Protocol is TLSv1.3" \
				9185	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9186	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9187	-c "NamedGroup: x25519 ( 1d )" \
				9188	-c "Verifying peer X.509 certificate... ok" \
				9189	-C "received HelloRetryRequest message"
				9190
				9191	requires_gnutls_tls1_3
				9192	requires_gnutls_next_no_ticket
				9193	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9194	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9195	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9196	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9197	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9198	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9199	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9200	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9201	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9202	0 \
				9203	-c "HTTP/1.0 200 OK" \
				9204	-c "Protocol is TLSv1.3" \
				9205	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9206	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9207	-c "NamedGroup: x448 ( 1e )" \
				9208	-c "Verifying peer X.509 certificate... ok" \
				9209	-C "received HelloRetryRequest message"
				9210
				9211	requires_gnutls_tls1_3
				9212	requires_gnutls_next_no_ticket
				9213	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9214	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9215	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9216	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9217	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9218	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9219	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9220	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9221	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9222	0 \
				9223	-c "HTTP/1.0 200 OK" \
				9224	-c "Protocol is TLSv1.3" \
				9225	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9226	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9227	-c "NamedGroup: x448 ( 1e )" \
				9228	-c "Verifying peer X.509 certificate... ok" \
				9229	-C "received HelloRetryRequest message"
				9230
				9231	requires_gnutls_tls1_3
				9232	requires_gnutls_next_no_ticket
				9233	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9234	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9235	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9236	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9237	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9238	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9239	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9240	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9241	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9242	0 \
				9243	-c "HTTP/1.0 200 OK" \
				9244	-c "Protocol is TLSv1.3" \
				9245	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9246	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9247	-c "NamedGroup: x448 ( 1e )" \
				9248	-c "Verifying peer X.509 certificate... ok" \
				9249	-C "received HelloRetryRequest message"
				9250
				9251	requires_gnutls_tls1_3
				9252	requires_gnutls_next_no_ticket
				9253	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9254	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9255	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9256	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9257	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9258	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9259	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9260	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9261	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9262	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9263	0 \
				9264	-c "HTTP/1.0 200 OK" \
				9265	-c "Protocol is TLSv1.3" \
				9266	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9267	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9268	-c "NamedGroup: x448 ( 1e )" \
				9269	-c "Verifying peer X.509 certificate... ok" \
				9270	-C "received HelloRetryRequest message"
				9271
				9272	requires_gnutls_tls1_3
				9273	requires_gnutls_next_no_ticket
				9274	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9275	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9276	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9277	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9278	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9279	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9280	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				9281	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				9282	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				9283	0 \
				9284	-c "HTTP/1.0 200 OK" \
				9285	-c "Protocol is TLSv1.3" \
				9286	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9287	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9288	-c "NamedGroup: ffdhe2048 ( 100 )" \
				9289	-c "Verifying peer X.509 certificate... ok" \
				9290	-C "received HelloRetryRequest message"
				9291
				9292	requires_gnutls_tls1_3
				9293	requires_gnutls_next_no_ticket
				9294	requires_gnutls_next_disable_tls13_compat
				9295	requires_config_enabled MBEDTLS_SSL_CLI_C
				9296	requires_config_enabled MBEDTLS_DEBUG_C
				9297	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9298	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9299	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9300	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				9301	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				9302	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				9303	0 \
				9304	-c "HTTP/1.0 200 OK" \
				9305	-c "Protocol is TLSv1.3" \
				9306	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9307	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9308	-c "NamedGroup: ffdhe2048 ( 100 )" \
				9309	-c "Verifying peer X.509 certificate... ok" \
				9310	-C "received HelloRetryRequest message"
				9311
				9312	requires_gnutls_tls1_3
				9313	requires_gnutls_next_no_ticket
				9314	requires_gnutls_next_disable_tls13_compat
				9315	requires_config_enabled MBEDTLS_SSL_CLI_C
				9316	requires_config_enabled MBEDTLS_DEBUG_C
				9317	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9318	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9319	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9320	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				9321	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				9322	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				9323	0 \
				9324	-c "HTTP/1.0 200 OK" \
				9325	-c "Protocol is TLSv1.3" \
				9326	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9327	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9328	-c "NamedGroup: ffdhe2048 ( 100 )" \
				9329	-c "Verifying peer X.509 certificate... ok" \
				9330	-C "received HelloRetryRequest message"
				9331
				9332	requires_gnutls_tls1_3
				9333	requires_gnutls_next_no_ticket
				9334	requires_gnutls_next_disable_tls13_compat
				9335	requires_config_enabled MBEDTLS_SSL_CLI_C
				9336	requires_config_enabled MBEDTLS_DEBUG_C
				9337	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9338	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9339	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9340	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9341	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				9342	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				9343	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				9344	0 \
				9345	-c "HTTP/1.0 200 OK" \
				9346	-c "Protocol is TLSv1.3" \
				9347	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9348	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9349	-c "NamedGroup: ffdhe2048 ( 100 )" \
				9350	-c "Verifying peer X.509 certificate... ok" \
				9351	-C "received HelloRetryRequest message"
				9352
				9353	requires_gnutls_tls1_3
				9354	requires_gnutls_next_no_ticket
				9355	requires_gnutls_next_disable_tls13_compat
				9356	requires_config_enabled MBEDTLS_SSL_CLI_C
				9357	requires_config_enabled MBEDTLS_DEBUG_C
				9358	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9359	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9360	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9361	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				9362	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				9363	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				9364	0 \
				9365	-c "HTTP/1.0 200 OK" \
				9366	-c "Protocol is TLSv1.3" \
				9367	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9368	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9369	-c "NamedGroup: ffdhe8192 ( 104 )" \
				9370	-c "Verifying peer X.509 certificate... ok" \
				9371	-C "received HelloRetryRequest message"
				9372
				9373	requires_gnutls_tls1_3
				9374	requires_gnutls_next_no_ticket
				9375	requires_gnutls_next_disable_tls13_compat
				9376	requires_config_enabled MBEDTLS_SSL_CLI_C
				9377	requires_config_enabled MBEDTLS_DEBUG_C
				9378	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9379	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9380	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9381	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				9382	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				9383	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				9384	0 \
				9385	-c "HTTP/1.0 200 OK" \
				9386	-c "Protocol is TLSv1.3" \
				9387	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9388	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9389	-c "NamedGroup: ffdhe8192 ( 104 )" \
				9390	-c "Verifying peer X.509 certificate... ok" \
				9391	-C "received HelloRetryRequest message"
				9392
				9393	requires_gnutls_tls1_3
				9394	requires_gnutls_next_no_ticket
				9395	requires_gnutls_next_disable_tls13_compat
				9396	requires_config_enabled MBEDTLS_SSL_CLI_C
				9397	requires_config_enabled MBEDTLS_DEBUG_C
				9398	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9399	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9400	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9401	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				9402	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				9403	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				9404	0 \
				9405	-c "HTTP/1.0 200 OK" \
				9406	-c "Protocol is TLSv1.3" \
				9407	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9408	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9409	-c "NamedGroup: ffdhe8192 ( 104 )" \
				9410	-c "Verifying peer X.509 certificate... ok" \
				9411	-C "received HelloRetryRequest message"
				9412
				9413	requires_gnutls_tls1_3
				9414	requires_gnutls_next_no_ticket
				9415	requires_gnutls_next_disable_tls13_compat
				9416	requires_config_enabled MBEDTLS_SSL_CLI_C
				9417	requires_config_enabled MBEDTLS_DEBUG_C
				9418	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9419	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9420	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9421	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9422	run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				9423	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				9424	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				9425	0 \
				9426	-c "HTTP/1.0 200 OK" \
				9427	-c "Protocol is TLSv1.3" \
				9428	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				9429	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9430	-c "NamedGroup: ffdhe8192 ( 104 )" \
				9431	-c "Verifying peer X.509 certificate... ok" \
				9432	-C "received HelloRetryRequest message"
				9433
				9434	requires_gnutls_tls1_3
				9435	requires_gnutls_next_no_ticket
				9436	requires_gnutls_next_disable_tls13_compat
				9437	requires_config_enabled MBEDTLS_SSL_CLI_C
				9438	requires_config_enabled MBEDTLS_DEBUG_C
				9439	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9440	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9441	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9442	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9443	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9444	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9445	0 \
				9446	-c "HTTP/1.0 200 OK" \
				9447	-c "Protocol is TLSv1.3" \
				9448	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9449	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9450	-c "NamedGroup: secp256r1 ( 17 )" \
				9451	-c "Verifying peer X.509 certificate... ok" \
				9452	-C "received HelloRetryRequest message"
				9453
				9454	requires_gnutls_tls1_3
				9455	requires_gnutls_next_no_ticket
				9456	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9457	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9458	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9459	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9460	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9461	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9462	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9463	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9464	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9465	0 \
				9466	-c "HTTP/1.0 200 OK" \
				9467	-c "Protocol is TLSv1.3" \
				9468	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9469	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9470	-c "NamedGroup: secp256r1 ( 17 )" \
				9471	-c "Verifying peer X.509 certificate... ok" \
				9472	-C "received HelloRetryRequest message"
				9473
				9474	requires_gnutls_tls1_3
				9475	requires_gnutls_next_no_ticket
				9476	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9477	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9478	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9479	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9480	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9481	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9482	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9483	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9484	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9485	0 \
				9486	-c "HTTP/1.0 200 OK" \
				9487	-c "Protocol is TLSv1.3" \
				9488	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9489	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9490	-c "NamedGroup: secp256r1 ( 17 )" \
				9491	-c "Verifying peer X.509 certificate... ok" \
				9492	-C "received HelloRetryRequest message"
				9493
				9494	requires_gnutls_tls1_3
				9495	requires_gnutls_next_no_ticket
				9496	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9497	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9498	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9499	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9500	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9501	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9502	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9503	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9504	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9505	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9506	0 \
				9507	-c "HTTP/1.0 200 OK" \
				9508	-c "Protocol is TLSv1.3" \
				9509	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9510	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9511	-c "NamedGroup: secp256r1 ( 17 )" \
				9512	-c "Verifying peer X.509 certificate... ok" \
				9513	-C "received HelloRetryRequest message"
				9514
				9515	requires_gnutls_tls1_3
				9516	requires_gnutls_next_no_ticket
				9517	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9518	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9519	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9520	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9521	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9522	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9523	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9524	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9525	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9526	0 \
				9527	-c "HTTP/1.0 200 OK" \
				9528	-c "Protocol is TLSv1.3" \
				9529	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9530	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9531	-c "NamedGroup: secp384r1 ( 18 )" \
				9532	-c "Verifying peer X.509 certificate... ok" \
				9533	-C "received HelloRetryRequest message"
				9534
				9535	requires_gnutls_tls1_3
				9536	requires_gnutls_next_no_ticket
				9537	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9538	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9539	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9540	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9541	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9542	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9543	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9544	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9545	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9546	0 \
				9547	-c "HTTP/1.0 200 OK" \
				9548	-c "Protocol is TLSv1.3" \
				9549	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9550	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9551	-c "NamedGroup: secp384r1 ( 18 )" \
				9552	-c "Verifying peer X.509 certificate... ok" \
				9553	-C "received HelloRetryRequest message"
				9554
				9555	requires_gnutls_tls1_3
				9556	requires_gnutls_next_no_ticket
				9557	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9558	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9559	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9560	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9561	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9562	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9563	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9564	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9565	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9566	0 \
				9567	-c "HTTP/1.0 200 OK" \
				9568	-c "Protocol is TLSv1.3" \
				9569	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9570	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9571	-c "NamedGroup: secp384r1 ( 18 )" \
				9572	-c "Verifying peer X.509 certificate... ok" \
				9573	-C "received HelloRetryRequest message"
				9574
				9575	requires_gnutls_tls1_3
				9576	requires_gnutls_next_no_ticket
				9577	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9578	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9579	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9580	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9581	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9582	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9583	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9584	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9585	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9586	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9587	0 \
				9588	-c "HTTP/1.0 200 OK" \
				9589	-c "Protocol is TLSv1.3" \
				9590	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9591	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9592	-c "NamedGroup: secp384r1 ( 18 )" \
				9593	-c "Verifying peer X.509 certificate... ok" \
				9594	-C "received HelloRetryRequest message"
				9595
				9596	requires_gnutls_tls1_3
				9597	requires_gnutls_next_no_ticket
				9598	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9599	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9600	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9601	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9602	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9603	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9604	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9605	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9606	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9607	0 \
				9608	-c "HTTP/1.0 200 OK" \
				9609	-c "Protocol is TLSv1.3" \
				9610	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9611	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9612	-c "NamedGroup: secp521r1 ( 19 )" \
				9613	-c "Verifying peer X.509 certificate... ok" \
				9614	-C "received HelloRetryRequest message"
				9615
				9616	requires_gnutls_tls1_3
				9617	requires_gnutls_next_no_ticket
				9618	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9619	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9620	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9621	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9622	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9623	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9624	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9625	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9626	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9627	0 \
				9628	-c "HTTP/1.0 200 OK" \
				9629	-c "Protocol is TLSv1.3" \
				9630	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9631	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9632	-c "NamedGroup: secp521r1 ( 19 )" \
				9633	-c "Verifying peer X.509 certificate... ok" \
				9634	-C "received HelloRetryRequest message"
				9635
				9636	requires_gnutls_tls1_3
				9637	requires_gnutls_next_no_ticket
				9638	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9639	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9640	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9641	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9642	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9643	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9644	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9645	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9646	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9647	0 \
				9648	-c "HTTP/1.0 200 OK" \
				9649	-c "Protocol is TLSv1.3" \
				9650	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9651	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9652	-c "NamedGroup: secp521r1 ( 19 )" \
				9653	-c "Verifying peer X.509 certificate... ok" \
				9654	-C "received HelloRetryRequest message"
				9655
				9656	requires_gnutls_tls1_3
				9657	requires_gnutls_next_no_ticket
				9658	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9659	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9660	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9661	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9662	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9663	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9664	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9665	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9666	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9667	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9668	0 \
				9669	-c "HTTP/1.0 200 OK" \
				9670	-c "Protocol is TLSv1.3" \
				9671	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9672	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9673	-c "NamedGroup: secp521r1 ( 19 )" \
				9674	-c "Verifying peer X.509 certificate... ok" \
				9675	-C "received HelloRetryRequest message"
				9676
				9677	requires_gnutls_tls1_3
				9678	requires_gnutls_next_no_ticket
				9679	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9680	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9681	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9682	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9683	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9684	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9685	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9686	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9687	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9688	0 \
				9689	-c "HTTP/1.0 200 OK" \
				9690	-c "Protocol is TLSv1.3" \
				9691	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9692	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9693	-c "NamedGroup: x25519 ( 1d )" \
				9694	-c "Verifying peer X.509 certificate... ok" \
				9695	-C "received HelloRetryRequest message"
				9696
				9697	requires_gnutls_tls1_3
				9698	requires_gnutls_next_no_ticket
				9699	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9700	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9701	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9702	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9703	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9704	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9705	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9706	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9707	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9708	0 \
				9709	-c "HTTP/1.0 200 OK" \
				9710	-c "Protocol is TLSv1.3" \
				9711	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9712	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9713	-c "NamedGroup: x25519 ( 1d )" \
				9714	-c "Verifying peer X.509 certificate... ok" \
				9715	-C "received HelloRetryRequest message"
				9716
				9717	requires_gnutls_tls1_3
				9718	requires_gnutls_next_no_ticket
				9719	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9720	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9721	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9722	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9723	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9724	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9725	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9726	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9727	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9728	0 \
				9729	-c "HTTP/1.0 200 OK" \
				9730	-c "Protocol is TLSv1.3" \
				9731	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9732	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9733	-c "NamedGroup: x25519 ( 1d )" \
				9734	-c "Verifying peer X.509 certificate... ok" \
				9735	-C "received HelloRetryRequest message"
				9736
				9737	requires_gnutls_tls1_3
				9738	requires_gnutls_next_no_ticket
				9739	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9740	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9741	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9742	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9743	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9744	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9745	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9746	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9747	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9748	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9749	0 \
				9750	-c "HTTP/1.0 200 OK" \
				9751	-c "Protocol is TLSv1.3" \
				9752	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9753	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9754	-c "NamedGroup: x25519 ( 1d )" \
				9755	-c "Verifying peer X.509 certificate... ok" \
				9756	-C "received HelloRetryRequest message"
				9757
				9758	requires_gnutls_tls1_3
				9759	requires_gnutls_next_no_ticket
				9760	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9761	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9762	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9763	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9764	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9765	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9766	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9767	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9768	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9769	0 \
				9770	-c "HTTP/1.0 200 OK" \
				9771	-c "Protocol is TLSv1.3" \
				9772	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9773	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9774	-c "NamedGroup: x448 ( 1e )" \
				9775	-c "Verifying peer X.509 certificate... ok" \
				9776	-C "received HelloRetryRequest message"
				9777
				9778	requires_gnutls_tls1_3
				9779	requires_gnutls_next_no_ticket
				9780	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9781	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9782	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9783	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9784	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9785	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9786	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9787	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9788	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9789	0 \
				9790	-c "HTTP/1.0 200 OK" \
				9791	-c "Protocol is TLSv1.3" \
				9792	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9793	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9794	-c "NamedGroup: x448 ( 1e )" \
				9795	-c "Verifying peer X.509 certificate... ok" \
				9796	-C "received HelloRetryRequest message"
				9797
				9798	requires_gnutls_tls1_3
				9799	requires_gnutls_next_no_ticket
				9800	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9801	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9802	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9803	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9804	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9805	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9806	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9807	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9808	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9809	0 \
				9810	-c "HTTP/1.0 200 OK" \
				9811	-c "Protocol is TLSv1.3" \
				9812	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9813	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9814	-c "NamedGroup: x448 ( 1e )" \
				9815	-c "Verifying peer X.509 certificate... ok" \
				9816	-C "received HelloRetryRequest message"
				9817
				9818	requires_gnutls_tls1_3
				9819	requires_gnutls_next_no_ticket
				9820	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9821	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9822	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9823	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9824	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9825	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9826	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9827	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	9828	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	9829	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9830	0 \
				9831	-c "HTTP/1.0 200 OK" \
				9832	-c "Protocol is TLSv1.3" \
				9833	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9834	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9835	-c "NamedGroup: x448 ( 1e )" \
				9836	-c "Verifying peer X.509 certificate... ok" \
				9837	-C "received HelloRetryRequest message"
				9838
				9839	requires_gnutls_tls1_3
				9840	requires_gnutls_next_no_ticket
				9841	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9842	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	9843	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	9844	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	9845	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9846	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9847	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				9848	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				9849	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				9850	0 \
				9851	-c "HTTP/1.0 200 OK" \
				9852	-c "Protocol is TLSv1.3" \
				9853	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9854	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9855	-c "NamedGroup: ffdhe2048 ( 100 )" \
				9856	-c "Verifying peer X.509 certificate... ok" \
				9857	-C "received HelloRetryRequest message"
				9858
				9859	requires_gnutls_tls1_3
				9860	requires_gnutls_next_no_ticket
				9861	requires_gnutls_next_disable_tls13_compat
				9862	requires_config_enabled MBEDTLS_SSL_CLI_C
				9863	requires_config_enabled MBEDTLS_DEBUG_C
				9864	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9865	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9866	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9867	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				9868	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				9869	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				9870	0 \
				9871	-c "HTTP/1.0 200 OK" \
				9872	-c "Protocol is TLSv1.3" \
				9873	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9874	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9875	-c "NamedGroup: ffdhe2048 ( 100 )" \
				9876	-c "Verifying peer X.509 certificate... ok" \
				9877	-C "received HelloRetryRequest message"
				9878
				9879	requires_gnutls_tls1_3
				9880	requires_gnutls_next_no_ticket
				9881	requires_gnutls_next_disable_tls13_compat
				9882	requires_config_enabled MBEDTLS_SSL_CLI_C
				9883	requires_config_enabled MBEDTLS_DEBUG_C
				9884	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9885	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9886	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9887	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				9888	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				9889	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				9890	0 \
				9891	-c "HTTP/1.0 200 OK" \
				9892	-c "Protocol is TLSv1.3" \
				9893	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9894	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9895	-c "NamedGroup: ffdhe2048 ( 100 )" \
				9896	-c "Verifying peer X.509 certificate... ok" \
				9897	-C "received HelloRetryRequest message"
				9898
				9899	requires_gnutls_tls1_3
				9900	requires_gnutls_next_no_ticket
				9901	requires_gnutls_next_disable_tls13_compat
				9902	requires_config_enabled MBEDTLS_SSL_CLI_C
				9903	requires_config_enabled MBEDTLS_DEBUG_C
				9904	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9905	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9906	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9907	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9908	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				9909	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				9910	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				9911	0 \
				9912	-c "HTTP/1.0 200 OK" \
				9913	-c "Protocol is TLSv1.3" \
				9914	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9915	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9916	-c "NamedGroup: ffdhe2048 ( 100 )" \
				9917	-c "Verifying peer X.509 certificate... ok" \
				9918	-C "received HelloRetryRequest message"
				9919
				9920	requires_gnutls_tls1_3
				9921	requires_gnutls_next_no_ticket
				9922	requires_gnutls_next_disable_tls13_compat
				9923	requires_config_enabled MBEDTLS_SSL_CLI_C
				9924	requires_config_enabled MBEDTLS_DEBUG_C
				9925	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9926	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9927	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9928	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				9929	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				9930	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				9931	0 \
				9932	-c "HTTP/1.0 200 OK" \
				9933	-c "Protocol is TLSv1.3" \
				9934	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9935	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				9936	-c "NamedGroup: ffdhe8192 ( 104 )" \
				9937	-c "Verifying peer X.509 certificate... ok" \
				9938	-C "received HelloRetryRequest message"
				9939
				9940	requires_gnutls_tls1_3
				9941	requires_gnutls_next_no_ticket
				9942	requires_gnutls_next_disable_tls13_compat
				9943	requires_config_enabled MBEDTLS_SSL_CLI_C
				9944	requires_config_enabled MBEDTLS_DEBUG_C
				9945	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9946	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9947	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9948	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				9949	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				9950	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				9951	0 \
				9952	-c "HTTP/1.0 200 OK" \
				9953	-c "Protocol is TLSv1.3" \
				9954	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9955	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				9956	-c "NamedGroup: ffdhe8192 ( 104 )" \
				9957	-c "Verifying peer X.509 certificate... ok" \
				9958	-C "received HelloRetryRequest message"
				9959
				9960	requires_gnutls_tls1_3
				9961	requires_gnutls_next_no_ticket
				9962	requires_gnutls_next_disable_tls13_compat
				9963	requires_config_enabled MBEDTLS_SSL_CLI_C
				9964	requires_config_enabled MBEDTLS_DEBUG_C
				9965	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9966	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9967	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9968	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				9969	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				9970	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				9971	0 \
				9972	-c "HTTP/1.0 200 OK" \
				9973	-c "Protocol is TLSv1.3" \
				9974	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9975	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				9976	-c "NamedGroup: ffdhe8192 ( 104 )" \
				9977	-c "Verifying peer X.509 certificate... ok" \
				9978	-C "received HelloRetryRequest message"
				9979
				9980	requires_gnutls_tls1_3
				9981	requires_gnutls_next_no_ticket
				9982	requires_gnutls_next_disable_tls13_compat
				9983	requires_config_enabled MBEDTLS_SSL_CLI_C
				9984	requires_config_enabled MBEDTLS_DEBUG_C
				9985	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				9986	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				9987	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	9988	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	9989	run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				9990	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				9991	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				9992	0 \
				9993	-c "HTTP/1.0 200 OK" \
				9994	-c "Protocol is TLSv1.3" \
				9995	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				9996	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				9997	-c "NamedGroup: ffdhe8192 ( 104 )" \
				9998	-c "Verifying peer X.509 certificate... ok" \
				9999	-C "received HelloRetryRequest message"
				10000
				10001	requires_gnutls_tls1_3
				10002	requires_gnutls_next_no_ticket
				10003	requires_gnutls_next_disable_tls13_compat
				10004	requires_config_enabled MBEDTLS_SSL_CLI_C
				10005	requires_config_enabled MBEDTLS_DEBUG_C
				10006	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				10007	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10008	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10009	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10010	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10011	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10012	0 \
				10013	-c "HTTP/1.0 200 OK" \
				10014	-c "Protocol is TLSv1.3" \
				10015	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10016	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				10017	-c "NamedGroup: secp256r1 ( 17 )" \
				10018	-c "Verifying peer X.509 certificate... ok" \
				10019	-C "received HelloRetryRequest message"
				10020
				10021	requires_gnutls_tls1_3
				10022	requires_gnutls_next_no_ticket
				10023	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10024	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10025	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10026	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10027	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10028	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10029	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10030	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10031	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10032	0 \
				10033	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	10034	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10035	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10036	-c "Certificate Verify: Signature algorithm ( 0503 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	10037	-c "NamedGroup: secp256r1 ( 17 )" \
				10038	-c "Verifying peer X.509 certificate... ok" \
				10039	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	10040
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10041	requires_gnutls_tls1_3
				10042	requires_gnutls_next_no_ticket
				10043	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10044	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10045	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10046	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	10047	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10048	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10049	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10050	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10051	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10052	0 \
				10053	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	10054	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10055	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10056	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	10057	-c "NamedGroup: secp256r1 ( 17 )" \
				10058	-c "Verifying peer X.509 certificate... ok" \
				10059	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	10060
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10061	requires_gnutls_tls1_3
				10062	requires_gnutls_next_no_ticket
				10063	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10064	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10065	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10066	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	10067	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10068	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10069	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10070	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10071	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10072	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10073	0 \
				10074	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	10075	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10076	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10077	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	10078	-c "NamedGroup: secp256r1 ( 17 )" \
				10079	-c "Verifying peer X.509 certificate... ok" \
				10080	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	10081
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10082	requires_gnutls_tls1_3
				10083	requires_gnutls_next_no_ticket
				10084	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10085	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10086	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10087	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	10088	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10089	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10090	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10091	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10092	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10093	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10094	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	10095	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10096	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10097	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				10098	-c "NamedGroup: secp384r1 ( 18 )" \
				10099	-c "Verifying peer X.509 certificate... ok" \
				10100	-C "received HelloRetryRequest message"
				10101
				10102	requires_gnutls_tls1_3
				10103	requires_gnutls_next_no_ticket
				10104	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10105	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10106	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10107	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10108	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10109	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10110	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10111	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10112	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10113	0 \
				10114	-c "HTTP/1.0 200 OK" \
				10115	-c "Protocol is TLSv1.3" \
				10116	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10117	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				10118	-c "NamedGroup: secp384r1 ( 18 )" \
				10119	-c "Verifying peer X.509 certificate... ok" \
				10120	-C "received HelloRetryRequest message"
				10121
				10122	requires_gnutls_tls1_3
				10123	requires_gnutls_next_no_ticket
				10124	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10125	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10126	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10127	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10128	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10129	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10130	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10131	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10132	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10133	0 \
				10134	-c "HTTP/1.0 200 OK" \
				10135	-c "Protocol is TLSv1.3" \
				10136	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10137	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	10138	-c "NamedGroup: secp384r1 ( 18 )" \
				10139	-c "Verifying peer X.509 certificate... ok" \
				10140	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	10141
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10142	requires_gnutls_tls1_3
				10143	requires_gnutls_next_no_ticket
				10144	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10145	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10146	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10147	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	10148	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10149	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10150	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10151	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10152	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10153	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10154	0 \
				10155	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	10156	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10157	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10158	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	10159	-c "NamedGroup: secp384r1 ( 18 )" \
				10160	-c "Verifying peer X.509 certificate... ok" \
				10161	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	10162
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10163	requires_gnutls_tls1_3
				10164	requires_gnutls_next_no_ticket
				10165	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10166	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10167	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10168	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	10169	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10170	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10171	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10172	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10173	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10174	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10175	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	10176	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10177	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10178	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				10179	-c "NamedGroup: secp521r1 ( 19 )" \
				10180	-c "Verifying peer X.509 certificate... ok" \
				10181	-C "received HelloRetryRequest message"
				10182
				10183	requires_gnutls_tls1_3
				10184	requires_gnutls_next_no_ticket
				10185	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10186	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10187	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10188	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10189	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10190	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10191	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10192	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10193	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10194	0 \
				10195	-c "HTTP/1.0 200 OK" \
				10196	-c "Protocol is TLSv1.3" \
				10197	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10198	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				10199	-c "NamedGroup: secp521r1 ( 19 )" \
				10200	-c "Verifying peer X.509 certificate... ok" \
				10201	-C "received HelloRetryRequest message"
				10202
				10203	requires_gnutls_tls1_3
				10204	requires_gnutls_next_no_ticket
				10205	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10206	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10207	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10208	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10209	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10210	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10211	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10212	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10213	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10214	0 \
				10215	-c "HTTP/1.0 200 OK" \
				10216	-c "Protocol is TLSv1.3" \
				10217	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10218	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	10219	-c "NamedGroup: secp521r1 ( 19 )" \
				10220	-c "Verifying peer X.509 certificate... ok" \
				10221	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	10222
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10223	requires_gnutls_tls1_3
				10224	requires_gnutls_next_no_ticket
				10225	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10226	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10227	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10228	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	10229	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10230	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10231	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10232	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10233	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10234	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10235	0 \
				10236	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	10237	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10238	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10239	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	10240	-c "NamedGroup: secp521r1 ( 19 )" \
				10241	-c "Verifying peer X.509 certificate... ok" \
				10242	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	10243
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10244	requires_gnutls_tls1_3
				10245	requires_gnutls_next_no_ticket
				10246	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10247	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10248	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10249	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	10250	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10251	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10252	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10253	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10254	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10255	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10256	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	10257	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10258	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10259	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				10260	-c "NamedGroup: x25519 ( 1d )" \
				10261	-c "Verifying peer X.509 certificate... ok" \
				10262	-C "received HelloRetryRequest message"
				10263
				10264	requires_gnutls_tls1_3
				10265	requires_gnutls_next_no_ticket
				10266	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10267	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10268	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10269	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10270	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10271	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10272	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10273	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10274	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10275	0 \
				10276	-c "HTTP/1.0 200 OK" \
				10277	-c "Protocol is TLSv1.3" \
				10278	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10279	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				10280	-c "NamedGroup: x25519 ( 1d )" \
				10281	-c "Verifying peer X.509 certificate... ok" \
				10282	-C "received HelloRetryRequest message"
				10283
				10284	requires_gnutls_tls1_3
				10285	requires_gnutls_next_no_ticket
				10286	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10287	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10288	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10289	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10290	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10291	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10292	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10293	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10294	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10295	0 \
				10296	-c "HTTP/1.0 200 OK" \
				10297	-c "Protocol is TLSv1.3" \
				10298	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10299	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	10300	-c "NamedGroup: x25519 ( 1d )" \
				10301	-c "Verifying peer X.509 certificate... ok" \
				10302	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	10303
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10304	requires_gnutls_tls1_3
				10305	requires_gnutls_next_no_ticket
				10306	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10307	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10308	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10309	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	10310	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10311	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10312	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10313	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10314	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10315	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10316	0 \
				10317	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	10318	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10319	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10320	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	10321	-c "NamedGroup: x25519 ( 1d )" \
				10322	-c "Verifying peer X.509 certificate... ok" \
				10323	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	10324
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10325	requires_gnutls_tls1_3
				10326	requires_gnutls_next_no_ticket
				10327	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10328	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10329	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10330	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	10331	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10332	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10333	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10334	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10335	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10336	0 \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10337	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	10338	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10339	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10340	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				10341	-c "NamedGroup: x448 ( 1e )" \
				10342	-c "Verifying peer X.509 certificate... ok" \
				10343	-C "received HelloRetryRequest message"
				10344
				10345	requires_gnutls_tls1_3
				10346	requires_gnutls_next_no_ticket
				10347	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10348	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10349	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10350	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10351	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10352	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10353	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10354	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10355	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10356	0 \
				10357	-c "HTTP/1.0 200 OK" \
				10358	-c "Protocol is TLSv1.3" \
				10359	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10360	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				10361	-c "NamedGroup: x448 ( 1e )" \
				10362	-c "Verifying peer X.509 certificate... ok" \
				10363	-C "received HelloRetryRequest message"
				10364
				10365	requires_gnutls_tls1_3
				10366	requires_gnutls_next_no_ticket
				10367	requires_gnutls_next_disable_tls13_compat
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10368	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10369	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10370	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10371	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10372	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10373	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10374	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10375	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
Ronald Cron	9d0a3e8	2022-04-05 16:13:38 +0200	[diff] [blame]	10376	0 \
				10377	-c "HTTP/1.0 200 OK" \
				10378	-c "Protocol is TLSv1.3" \
				10379	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10380	-c "Certificate Verify: Signature algorithm ( 0603 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	10381	-c "NamedGroup: x448 ( 1e )" \
				10382	-c "Verifying peer X.509 certificate... ok" \
				10383	-C "received HelloRetryRequest message"
Jerry Yu	dda036d	2021-11-30 11:19:41 +0800	[diff] [blame]	10384
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10385	requires_gnutls_tls1_3
				10386	requires_gnutls_next_no_ticket
				10387	requires_gnutls_next_disable_tls13_compat
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10388	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10389	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10390	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron	ae93725	2021-12-10 09:55:15 +0100	[diff] [blame]	10391	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Jerry Yu	31018ad	2021-11-26 20:36:17 +0800	[diff] [blame]	10392	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10393	requires_config_enabled PSA_WANT_ALG_ECDH
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	10394	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10395	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10396	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10397	0 \
				10398	-c "HTTP/1.0 200 OK" \
Ronald Cron	a1b8f6e	2022-03-18 14:04:12 +0100	[diff] [blame]	10399	-c "Protocol is TLSv1.3" \
Jerry Yu	cdcb683	2021-11-29 16:50:13 +0800	[diff] [blame]	10400	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
XiaokangQian	8031ba7	2022-03-22 12:53:45 +0000	[diff] [blame]	10401	-c "Certificate Verify: Signature algorithm ( 0804 )" \
Jerry Yu	7de7985	2022-03-23 16:50:47 +0800	[diff] [blame]	10402	-c "NamedGroup: x448 ( 1e )" \
				10403	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	8031ba7	2022-03-22 12:53:45 +0000	[diff] [blame]	10404	-C "received HelloRetryRequest message"
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	10405
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	10406	requires_gnutls_tls1_3
				10407	requires_gnutls_next_no_ticket
				10408	requires_gnutls_next_disable_tls13_compat
				10409	requires_config_enabled MBEDTLS_SSL_CLI_C
				10410	requires_config_enabled MBEDTLS_DEBUG_C
				10411	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				10412	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10413	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	10414	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				10415	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				10416	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				10417	0 \
				10418	-c "HTTP/1.0 200 OK" \
				10419	-c "Protocol is TLSv1.3" \
				10420	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10421	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				10422	-c "NamedGroup: ffdhe2048 ( 100 )" \
				10423	-c "Verifying peer X.509 certificate... ok" \
				10424	-C "received HelloRetryRequest message"
				10425
				10426	requires_gnutls_tls1_3
				10427	requires_gnutls_next_no_ticket
				10428	requires_gnutls_next_disable_tls13_compat
				10429	requires_config_enabled MBEDTLS_SSL_CLI_C
				10430	requires_config_enabled MBEDTLS_DEBUG_C
				10431	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				10432	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10433	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	10434	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				10435	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				10436	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				10437	0 \
				10438	-c "HTTP/1.0 200 OK" \
				10439	-c "Protocol is TLSv1.3" \
				10440	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10441	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				10442	-c "NamedGroup: ffdhe2048 ( 100 )" \
				10443	-c "Verifying peer X.509 certificate... ok" \
				10444	-C "received HelloRetryRequest message"
				10445
				10446	requires_gnutls_tls1_3
				10447	requires_gnutls_next_no_ticket
				10448	requires_gnutls_next_disable_tls13_compat
				10449	requires_config_enabled MBEDTLS_SSL_CLI_C
				10450	requires_config_enabled MBEDTLS_DEBUG_C
				10451	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				10452	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10453	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	10454	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				10455	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				10456	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				10457	0 \
				10458	-c "HTTP/1.0 200 OK" \
				10459	-c "Protocol is TLSv1.3" \
				10460	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10461	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				10462	-c "NamedGroup: ffdhe2048 ( 100 )" \
				10463	-c "Verifying peer X.509 certificate... ok" \
				10464	-C "received HelloRetryRequest message"
				10465
				10466	requires_gnutls_tls1_3
				10467	requires_gnutls_next_no_ticket
				10468	requires_gnutls_next_disable_tls13_compat
				10469	requires_config_enabled MBEDTLS_SSL_CLI_C
				10470	requires_config_enabled MBEDTLS_DEBUG_C
				10471	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				10472	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10473	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10474	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	10475	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				10476	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				10477	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				10478	0 \
				10479	-c "HTTP/1.0 200 OK" \
				10480	-c "Protocol is TLSv1.3" \
				10481	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10482	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				10483	-c "NamedGroup: ffdhe2048 ( 100 )" \
				10484	-c "Verifying peer X.509 certificate... ok" \
				10485	-C "received HelloRetryRequest message"
				10486
				10487	requires_gnutls_tls1_3
				10488	requires_gnutls_next_no_ticket
				10489	requires_gnutls_next_disable_tls13_compat
				10490	requires_config_enabled MBEDTLS_SSL_CLI_C
				10491	requires_config_enabled MBEDTLS_DEBUG_C
				10492	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				10493	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10494	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	10495	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				10496	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				10497	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				10498	0 \
				10499	-c "HTTP/1.0 200 OK" \
				10500	-c "Protocol is TLSv1.3" \
				10501	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10502	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				10503	-c "NamedGroup: ffdhe8192 ( 104 )" \
				10504	-c "Verifying peer X.509 certificate... ok" \
				10505	-C "received HelloRetryRequest message"
				10506
				10507	requires_gnutls_tls1_3
				10508	requires_gnutls_next_no_ticket
				10509	requires_gnutls_next_disable_tls13_compat
				10510	requires_config_enabled MBEDTLS_SSL_CLI_C
				10511	requires_config_enabled MBEDTLS_DEBUG_C
				10512	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				10513	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10514	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	10515	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				10516	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				10517	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				10518	0 \
				10519	-c "HTTP/1.0 200 OK" \
				10520	-c "Protocol is TLSv1.3" \
				10521	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10522	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				10523	-c "NamedGroup: ffdhe8192 ( 104 )" \
				10524	-c "Verifying peer X.509 certificate... ok" \
				10525	-C "received HelloRetryRequest message"
				10526
				10527	requires_gnutls_tls1_3
				10528	requires_gnutls_next_no_ticket
				10529	requires_gnutls_next_disable_tls13_compat
				10530	requires_config_enabled MBEDTLS_SSL_CLI_C
				10531	requires_config_enabled MBEDTLS_DEBUG_C
				10532	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				10533	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10534	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	10535	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				10536	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				10537	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				10538	0 \
				10539	-c "HTTP/1.0 200 OK" \
				10540	-c "Protocol is TLSv1.3" \
				10541	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10542	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				10543	-c "NamedGroup: ffdhe8192 ( 104 )" \
				10544	-c "Verifying peer X.509 certificate... ok" \
				10545	-C "received HelloRetryRequest message"
				10546
				10547	requires_gnutls_tls1_3
				10548	requires_gnutls_next_no_ticket
				10549	requires_gnutls_next_disable_tls13_compat
				10550	requires_config_enabled MBEDTLS_SSL_CLI_C
				10551	requires_config_enabled MBEDTLS_DEBUG_C
				10552	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				10553	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10554	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10555	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	10556	run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				10557	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				10558	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				10559	0 \
				10560	-c "HTTP/1.0 200 OK" \
				10561	-c "Protocol is TLSv1.3" \
				10562	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				10563	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				10564	-c "NamedGroup: ffdhe8192 ( 104 )" \
				10565	-c "Verifying peer X.509 certificate... ok" \
				10566	-C "received HelloRetryRequest message"
				10567
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10568	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10569	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10570	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10571	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10572	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10573	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10574	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10575	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10576	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10577	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10578	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10579	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10580	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10581	0 \
				10582	-s "Protocol is TLSv1.3" \
				10583	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10584	-s "received signature algorithm: 0x403" \
				10585	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10586	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10587	-c "Protocol is TLSv1.3" \
				10588	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10589	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				10590	-c "NamedGroup: secp256r1 ( 17 )" \
				10591	-c "Verifying peer X.509 certificate... ok" \
				10592	-C "received HelloRetryRequest message"
				10593
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10594	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10595	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10596	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10597	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10598	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10599	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10600	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10601	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10602	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10603	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10604	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10605	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10606	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10607	0 \
				10608	-s "Protocol is TLSv1.3" \
				10609	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10610	-s "received signature algorithm: 0x503" \
				10611	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10612	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10613	-c "Protocol is TLSv1.3" \
				10614	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10615	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				10616	-c "NamedGroup: secp256r1 ( 17 )" \
				10617	-c "Verifying peer X.509 certificate... ok" \
				10618	-C "received HelloRetryRequest message"
				10619
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10620	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10621	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10622	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10623	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10624	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10625	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10626	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10627	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10628	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10629	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10630	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10631	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10632	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10633	0 \
				10634	-s "Protocol is TLSv1.3" \
				10635	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10636	-s "received signature algorithm: 0x603" \
				10637	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10638	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10639	-c "Protocol is TLSv1.3" \
				10640	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10641	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				10642	-c "NamedGroup: secp256r1 ( 17 )" \
				10643	-c "Verifying peer X.509 certificate... ok" \
				10644	-C "received HelloRetryRequest message"
				10645
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10646	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10647	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10648	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10649	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10650	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10651	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10652	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10653	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10654	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10655	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10656	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10657	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10658	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10659	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10660	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10661	0 \
				10662	-s "Protocol is TLSv1.3" \
				10663	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10664	-s "received signature algorithm: 0x804" \
				10665	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10666	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10667	-c "Protocol is TLSv1.3" \
				10668	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10669	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				10670	-c "NamedGroup: secp256r1 ( 17 )" \
				10671	-c "Verifying peer X.509 certificate... ok" \
				10672	-C "received HelloRetryRequest message"
				10673
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10674	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10675	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10676	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10677	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10678	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10679	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10680	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10681	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10682	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10683	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10684	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10685	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10686	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10687	0 \
				10688	-s "Protocol is TLSv1.3" \
				10689	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10690	-s "received signature algorithm: 0x403" \
				10691	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10692	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10693	-c "Protocol is TLSv1.3" \
				10694	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10695	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				10696	-c "NamedGroup: secp384r1 ( 18 )" \
				10697	-c "Verifying peer X.509 certificate... ok" \
				10698	-C "received HelloRetryRequest message"
				10699
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10700	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10701	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10702	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10703	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10704	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10705	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10706	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10707	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10708	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10709	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10710	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10711	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10712	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10713	0 \
				10714	-s "Protocol is TLSv1.3" \
				10715	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10716	-s "received signature algorithm: 0x503" \
				10717	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10718	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10719	-c "Protocol is TLSv1.3" \
				10720	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10721	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				10722	-c "NamedGroup: secp384r1 ( 18 )" \
				10723	-c "Verifying peer X.509 certificate... ok" \
				10724	-C "received HelloRetryRequest message"
				10725
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10726	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10727	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10728	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10729	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10730	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10731	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10732	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10733	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10734	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10735	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10736	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10737	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10738	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10739	0 \
				10740	-s "Protocol is TLSv1.3" \
				10741	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10742	-s "received signature algorithm: 0x603" \
				10743	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10744	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10745	-c "Protocol is TLSv1.3" \
				10746	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10747	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				10748	-c "NamedGroup: secp384r1 ( 18 )" \
				10749	-c "Verifying peer X.509 certificate... ok" \
				10750	-C "received HelloRetryRequest message"
				10751
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10752	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10753	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10754	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10755	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10756	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10757	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10758	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10759	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10760	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10761	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10762	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10763	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10764	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10765	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10766	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10767	0 \
				10768	-s "Protocol is TLSv1.3" \
				10769	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10770	-s "received signature algorithm: 0x804" \
				10771	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10772	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10773	-c "Protocol is TLSv1.3" \
				10774	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10775	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				10776	-c "NamedGroup: secp384r1 ( 18 )" \
				10777	-c "Verifying peer X.509 certificate... ok" \
				10778	-C "received HelloRetryRequest message"
				10779
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10780	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10781	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10782	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10783	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10784	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10785	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10786	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10787	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10788	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10789	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10790	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10791	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10792	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10793	0 \
				10794	-s "Protocol is TLSv1.3" \
				10795	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10796	-s "received signature algorithm: 0x403" \
				10797	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10798	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10799	-c "Protocol is TLSv1.3" \
				10800	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10801	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				10802	-c "NamedGroup: secp521r1 ( 19 )" \
				10803	-c "Verifying peer X.509 certificate... ok" \
				10804	-C "received HelloRetryRequest message"
				10805
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10806	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10807	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10808	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10809	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10810	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10811	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10812	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10813	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10814	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10815	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10816	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10817	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10818	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10819	0 \
				10820	-s "Protocol is TLSv1.3" \
				10821	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10822	-s "received signature algorithm: 0x503" \
				10823	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10824	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10825	-c "Protocol is TLSv1.3" \
				10826	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10827	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				10828	-c "NamedGroup: secp521r1 ( 19 )" \
				10829	-c "Verifying peer X.509 certificate... ok" \
				10830	-C "received HelloRetryRequest message"
				10831
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10832	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10833	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10834	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10835	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10836	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10837	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10838	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10839	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10840	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10841	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10842	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10843	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10844	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10845	0 \
				10846	-s "Protocol is TLSv1.3" \
				10847	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10848	-s "received signature algorithm: 0x603" \
				10849	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10850	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10851	-c "Protocol is TLSv1.3" \
				10852	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10853	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				10854	-c "NamedGroup: secp521r1 ( 19 )" \
				10855	-c "Verifying peer X.509 certificate... ok" \
				10856	-C "received HelloRetryRequest message"
				10857
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10858	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10859	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10860	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10861	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10862	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10863	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10864	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10865	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10866	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10867	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10868	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10869	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10870	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10871	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10872	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10873	0 \
				10874	-s "Protocol is TLSv1.3" \
				10875	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10876	-s "received signature algorithm: 0x804" \
				10877	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10878	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10879	-c "Protocol is TLSv1.3" \
				10880	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10881	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				10882	-c "NamedGroup: secp521r1 ( 19 )" \
				10883	-c "Verifying peer X.509 certificate... ok" \
				10884	-C "received HelloRetryRequest message"
				10885
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10886	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10887	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10888	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10889	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10890	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10891	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10892	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10893	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10894	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10895	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10896	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10897	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10898	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10899	0 \
				10900	-s "Protocol is TLSv1.3" \
				10901	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10902	-s "received signature algorithm: 0x403" \
				10903	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10904	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10905	-c "Protocol is TLSv1.3" \
				10906	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10907	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				10908	-c "NamedGroup: x25519 ( 1d )" \
				10909	-c "Verifying peer X.509 certificate... ok" \
				10910	-C "received HelloRetryRequest message"
				10911
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10912	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10913	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10914	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10915	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10916	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10917	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10918	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10919	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10920	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10921	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10922	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10923	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10924	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10925	0 \
				10926	-s "Protocol is TLSv1.3" \
				10927	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10928	-s "received signature algorithm: 0x503" \
				10929	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10930	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10931	-c "Protocol is TLSv1.3" \
				10932	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10933	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				10934	-c "NamedGroup: x25519 ( 1d )" \
				10935	-c "Verifying peer X.509 certificate... ok" \
				10936	-C "received HelloRetryRequest message"
				10937
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10938	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10939	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10940	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10941	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10942	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10943	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10944	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10945	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10946	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10947	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10948	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10949	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10950	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10951	0 \
				10952	-s "Protocol is TLSv1.3" \
				10953	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10954	-s "received signature algorithm: 0x603" \
				10955	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10956	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10957	-c "Protocol is TLSv1.3" \
				10958	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10959	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				10960	-c "NamedGroup: x25519 ( 1d )" \
				10961	-c "Verifying peer X.509 certificate... ok" \
				10962	-C "received HelloRetryRequest message"
				10963
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10964	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10965	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10966	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10967	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10968	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10969	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10970	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10971	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10972	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10973	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				10974	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10975	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10976	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	10977	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				10978	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10979	0 \
				10980	-s "Protocol is TLSv1.3" \
				10981	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				10982	-s "received signature algorithm: 0x804" \
				10983	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	10984	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10985	-c "Protocol is TLSv1.3" \
				10986	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				10987	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				10988	-c "NamedGroup: x25519 ( 1d )" \
				10989	-c "Verifying peer X.509 certificate... ok" \
				10990	-C "received HelloRetryRequest message"
				10991
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	10992	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10993	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10994	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10995	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	10996	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	10997	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	10998	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	10999	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11000	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11001	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11002	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11003	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11004	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11005	0 \
				11006	-s "Protocol is TLSv1.3" \
				11007	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				11008	-s "received signature algorithm: 0x403" \
				11009	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11010	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11011	-c "Protocol is TLSv1.3" \
				11012	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				11013	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				11014	-c "NamedGroup: x448 ( 1e )" \
				11015	-c "Verifying peer X.509 certificate... ok" \
				11016	-C "received HelloRetryRequest message"
				11017
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11018	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11019	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11020	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11021	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11022	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11023	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11024	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11025	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11026	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11027	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11028	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11029	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11030	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11031	0 \
				11032	-s "Protocol is TLSv1.3" \
				11033	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				11034	-s "received signature algorithm: 0x503" \
				11035	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11036	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11037	-c "Protocol is TLSv1.3" \
				11038	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				11039	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				11040	-c "NamedGroup: x448 ( 1e )" \
				11041	-c "Verifying peer X.509 certificate... ok" \
				11042	-C "received HelloRetryRequest message"
				11043
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11044	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11045	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11046	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11047	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11048	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11049	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11050	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11051	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11052	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11053	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11054	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11055	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11056	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11057	0 \
				11058	-s "Protocol is TLSv1.3" \
				11059	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				11060	-s "received signature algorithm: 0x603" \
				11061	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11062	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11063	-c "Protocol is TLSv1.3" \
				11064	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				11065	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				11066	-c "NamedGroup: x448 ( 1e )" \
				11067	-c "Verifying peer X.509 certificate... ok" \
				11068	-C "received HelloRetryRequest message"
				11069
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11070	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11071	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11072	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11073	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11074	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11075	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11076	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11077	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11078	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11079	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11080	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11081	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11082	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11083	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11084	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11085	0 \
				11086	-s "Protocol is TLSv1.3" \
				11087	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				11088	-s "received signature algorithm: 0x804" \
				11089	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11090	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11091	-c "Protocol is TLSv1.3" \
				11092	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				11093	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				11094	-c "NamedGroup: x448 ( 1e )" \
				11095	-c "Verifying peer X.509 certificate... ok" \
				11096	-C "received HelloRetryRequest message"
				11097
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11098	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11099	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11100	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11101	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11102	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11103	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11104	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11105	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11106	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11107	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11108	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				11109	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11110	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				11111	0 \
				11112	-s "Protocol is TLSv1.3" \
				11113	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				11114	-s "received signature algorithm: 0x403" \
				11115	-s "got named group: ffdhe2048(0100)" \
				11116	-s "Certificate verification was skipped" \
				11117	-c "Protocol is TLSv1.3" \
				11118	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				11119	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				11120	-c "NamedGroup: ffdhe2048 ( 100 )" \
				11121	-c "Verifying peer X.509 certificate... ok" \
				11122	-C "received HelloRetryRequest message"
				11123
				11124	requires_config_enabled MBEDTLS_SSL_SRV_C
				11125	requires_config_enabled MBEDTLS_DEBUG_C
				11126	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11127	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11128	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11129	requires_config_enabled MBEDTLS_SSL_CLI_C
				11130	requires_config_enabled MBEDTLS_DEBUG_C
				11131	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11132	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11133	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11134	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				11135	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11136	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				11137	0 \
				11138	-s "Protocol is TLSv1.3" \
				11139	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				11140	-s "received signature algorithm: 0x503" \
				11141	-s "got named group: ffdhe2048(0100)" \
				11142	-s "Certificate verification was skipped" \
				11143	-c "Protocol is TLSv1.3" \
				11144	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				11145	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				11146	-c "NamedGroup: ffdhe2048 ( 100 )" \
				11147	-c "Verifying peer X.509 certificate... ok" \
				11148	-C "received HelloRetryRequest message"
				11149
				11150	requires_config_enabled MBEDTLS_SSL_SRV_C
				11151	requires_config_enabled MBEDTLS_DEBUG_C
				11152	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11153	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11154	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11155	requires_config_enabled MBEDTLS_SSL_CLI_C
				11156	requires_config_enabled MBEDTLS_DEBUG_C
				11157	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11158	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11159	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11160	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				11161	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11162	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				11163	0 \
				11164	-s "Protocol is TLSv1.3" \
				11165	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				11166	-s "received signature algorithm: 0x603" \
				11167	-s "got named group: ffdhe2048(0100)" \
				11168	-s "Certificate verification was skipped" \
				11169	-c "Protocol is TLSv1.3" \
				11170	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				11171	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				11172	-c "NamedGroup: ffdhe2048 ( 100 )" \
				11173	-c "Verifying peer X.509 certificate... ok" \
				11174	-C "received HelloRetryRequest message"
				11175
				11176	requires_config_enabled MBEDTLS_SSL_SRV_C
				11177	requires_config_enabled MBEDTLS_DEBUG_C
				11178	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11179	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11180	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11181	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11182	requires_config_enabled MBEDTLS_SSL_CLI_C
				11183	requires_config_enabled MBEDTLS_DEBUG_C
				11184	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11185	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11186	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11187	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11188	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				11189	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11190	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				11191	0 \
				11192	-s "Protocol is TLSv1.3" \
				11193	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				11194	-s "received signature algorithm: 0x804" \
				11195	-s "got named group: ffdhe2048(0100)" \
				11196	-s "Certificate verification was skipped" \
				11197	-c "Protocol is TLSv1.3" \
				11198	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				11199	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				11200	-c "NamedGroup: ffdhe2048 ( 100 )" \
				11201	-c "Verifying peer X.509 certificate... ok" \
				11202	-C "received HelloRetryRequest message"
				11203
				11204	requires_config_enabled MBEDTLS_SSL_SRV_C
				11205	requires_config_enabled MBEDTLS_DEBUG_C
				11206	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11207	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11208	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11209	requires_config_enabled MBEDTLS_SSL_CLI_C
				11210	requires_config_enabled MBEDTLS_DEBUG_C
				11211	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11212	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11213	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11214	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				11215	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11216	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				11217	0 \
				11218	-s "Protocol is TLSv1.3" \
				11219	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				11220	-s "received signature algorithm: 0x403" \
				11221	-s "got named group: ffdhe8192(0104)" \
				11222	-s "Certificate verification was skipped" \
				11223	-c "Protocol is TLSv1.3" \
				11224	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				11225	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				11226	-c "NamedGroup: ffdhe8192 ( 104 )" \
				11227	-c "Verifying peer X.509 certificate... ok" \
				11228	-C "received HelloRetryRequest message"
				11229
				11230	requires_config_enabled MBEDTLS_SSL_SRV_C
				11231	requires_config_enabled MBEDTLS_DEBUG_C
				11232	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11233	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11234	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11235	requires_config_enabled MBEDTLS_SSL_CLI_C
				11236	requires_config_enabled MBEDTLS_DEBUG_C
				11237	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11238	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11239	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11240	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				11241	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11242	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				11243	0 \
				11244	-s "Protocol is TLSv1.3" \
				11245	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				11246	-s "received signature algorithm: 0x503" \
				11247	-s "got named group: ffdhe8192(0104)" \
				11248	-s "Certificate verification was skipped" \
				11249	-c "Protocol is TLSv1.3" \
				11250	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				11251	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				11252	-c "NamedGroup: ffdhe8192 ( 104 )" \
				11253	-c "Verifying peer X.509 certificate... ok" \
				11254	-C "received HelloRetryRequest message"
				11255
				11256	requires_config_enabled MBEDTLS_SSL_SRV_C
				11257	requires_config_enabled MBEDTLS_DEBUG_C
				11258	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11259	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11260	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11261	requires_config_enabled MBEDTLS_SSL_CLI_C
				11262	requires_config_enabled MBEDTLS_DEBUG_C
				11263	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11264	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11265	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11266	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				11267	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11268	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				11269	0 \
				11270	-s "Protocol is TLSv1.3" \
				11271	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				11272	-s "received signature algorithm: 0x603" \
				11273	-s "got named group: ffdhe8192(0104)" \
				11274	-s "Certificate verification was skipped" \
				11275	-c "Protocol is TLSv1.3" \
				11276	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				11277	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				11278	-c "NamedGroup: ffdhe8192 ( 104 )" \
				11279	-c "Verifying peer X.509 certificate... ok" \
				11280	-C "received HelloRetryRequest message"
				11281
				11282	requires_config_enabled MBEDTLS_SSL_SRV_C
				11283	requires_config_enabled MBEDTLS_DEBUG_C
				11284	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11285	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11286	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11287	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11288	requires_config_enabled MBEDTLS_SSL_CLI_C
				11289	requires_config_enabled MBEDTLS_DEBUG_C
				11290	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11291	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11292	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11293	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11294	run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				11295	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11296	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				11297	0 \
				11298	-s "Protocol is TLSv1.3" \
				11299	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
				11300	-s "received signature algorithm: 0x804" \
				11301	-s "got named group: ffdhe8192(0104)" \
				11302	-s "Certificate verification was skipped" \
				11303	-c "Protocol is TLSv1.3" \
				11304	-c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
				11305	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				11306	-c "NamedGroup: ffdhe8192 ( 104 )" \
				11307	-c "Verifying peer X.509 certificate... ok" \
				11308	-C "received HelloRetryRequest message"
				11309
				11310	requires_config_enabled MBEDTLS_SSL_SRV_C
				11311	requires_config_enabled MBEDTLS_DEBUG_C
				11312	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11313	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11314	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11315	requires_config_enabled MBEDTLS_SSL_CLI_C
				11316	requires_config_enabled MBEDTLS_DEBUG_C
				11317	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11318	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11319	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11320	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11321	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11322	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11323	0 \
				11324	-s "Protocol is TLSv1.3" \
				11325	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11326	-s "received signature algorithm: 0x403" \
				11327	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11328	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11329	-c "Protocol is TLSv1.3" \
				11330	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11331	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				11332	-c "NamedGroup: secp256r1 ( 17 )" \
				11333	-c "Verifying peer X.509 certificate... ok" \
				11334	-C "received HelloRetryRequest message"
				11335
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11336	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11337	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11338	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11339	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11340	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11341	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11342	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11343	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11344	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11345	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11346	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11347	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11348	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11349	0 \
				11350	-s "Protocol is TLSv1.3" \
				11351	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11352	-s "received signature algorithm: 0x503" \
				11353	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11354	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11355	-c "Protocol is TLSv1.3" \
				11356	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11357	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				11358	-c "NamedGroup: secp256r1 ( 17 )" \
				11359	-c "Verifying peer X.509 certificate... ok" \
				11360	-C "received HelloRetryRequest message"
				11361
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11362	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11363	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11364	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11365	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11366	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11367	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11368	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11369	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11370	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11371	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11372	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11373	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11374	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11375	0 \
				11376	-s "Protocol is TLSv1.3" \
				11377	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11378	-s "received signature algorithm: 0x603" \
				11379	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11380	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11381	-c "Protocol is TLSv1.3" \
				11382	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11383	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				11384	-c "NamedGroup: secp256r1 ( 17 )" \
				11385	-c "Verifying peer X.509 certificate... ok" \
				11386	-C "received HelloRetryRequest message"
				11387
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11388	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11389	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11390	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11391	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11392	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11393	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11394	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11395	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11396	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11397	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11398	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11399	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11400	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11401	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11402	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11403	0 \
				11404	-s "Protocol is TLSv1.3" \
				11405	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11406	-s "received signature algorithm: 0x804" \
				11407	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11408	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11409	-c "Protocol is TLSv1.3" \
				11410	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11411	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				11412	-c "NamedGroup: secp256r1 ( 17 )" \
				11413	-c "Verifying peer X.509 certificate... ok" \
				11414	-C "received HelloRetryRequest message"
				11415
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11416	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11417	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11418	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11419	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11420	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11421	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11422	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11423	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11424	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11425	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11426	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11427	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11428	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11429	0 \
				11430	-s "Protocol is TLSv1.3" \
				11431	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11432	-s "received signature algorithm: 0x403" \
				11433	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11434	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11435	-c "Protocol is TLSv1.3" \
				11436	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11437	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				11438	-c "NamedGroup: secp384r1 ( 18 )" \
				11439	-c "Verifying peer X.509 certificate... ok" \
				11440	-C "received HelloRetryRequest message"
				11441
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11442	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11443	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11444	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11445	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11446	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11447	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11448	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11449	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11450	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11451	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11452	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11453	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11454	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11455	0 \
				11456	-s "Protocol is TLSv1.3" \
				11457	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11458	-s "received signature algorithm: 0x503" \
				11459	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11460	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11461	-c "Protocol is TLSv1.3" \
				11462	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11463	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				11464	-c "NamedGroup: secp384r1 ( 18 )" \
				11465	-c "Verifying peer X.509 certificate... ok" \
				11466	-C "received HelloRetryRequest message"
				11467
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11468	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11469	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11470	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11471	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11472	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11473	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11474	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11475	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11476	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11477	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11478	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11479	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11480	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11481	0 \
				11482	-s "Protocol is TLSv1.3" \
				11483	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11484	-s "received signature algorithm: 0x603" \
				11485	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11486	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11487	-c "Protocol is TLSv1.3" \
				11488	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11489	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				11490	-c "NamedGroup: secp384r1 ( 18 )" \
				11491	-c "Verifying peer X.509 certificate... ok" \
				11492	-C "received HelloRetryRequest message"
				11493
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11494	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11495	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11496	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11497	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11498	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11499	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11500	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11501	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11502	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11503	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11504	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11505	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11506	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11507	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11508	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11509	0 \
				11510	-s "Protocol is TLSv1.3" \
				11511	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11512	-s "received signature algorithm: 0x804" \
				11513	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11514	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11515	-c "Protocol is TLSv1.3" \
				11516	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11517	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				11518	-c "NamedGroup: secp384r1 ( 18 )" \
				11519	-c "Verifying peer X.509 certificate... ok" \
				11520	-C "received HelloRetryRequest message"
				11521
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11522	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11523	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11524	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11525	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11526	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11527	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11528	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11529	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11530	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11531	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11532	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11533	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11534	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11535	0 \
				11536	-s "Protocol is TLSv1.3" \
				11537	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11538	-s "received signature algorithm: 0x403" \
				11539	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11540	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11541	-c "Protocol is TLSv1.3" \
				11542	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11543	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				11544	-c "NamedGroup: secp521r1 ( 19 )" \
				11545	-c "Verifying peer X.509 certificate... ok" \
				11546	-C "received HelloRetryRequest message"
				11547
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11548	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11549	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11550	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11551	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11552	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11553	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11554	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11555	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11556	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11557	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11558	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11559	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11560	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11561	0 \
				11562	-s "Protocol is TLSv1.3" \
				11563	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11564	-s "received signature algorithm: 0x503" \
				11565	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11566	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11567	-c "Protocol is TLSv1.3" \
				11568	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11569	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				11570	-c "NamedGroup: secp521r1 ( 19 )" \
				11571	-c "Verifying peer X.509 certificate... ok" \
				11572	-C "received HelloRetryRequest message"
				11573
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11574	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11575	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11576	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11577	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11578	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11579	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11580	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11581	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11582	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11583	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11584	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11585	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11586	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11587	0 \
				11588	-s "Protocol is TLSv1.3" \
				11589	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11590	-s "received signature algorithm: 0x603" \
				11591	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11592	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11593	-c "Protocol is TLSv1.3" \
				11594	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11595	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				11596	-c "NamedGroup: secp521r1 ( 19 )" \
				11597	-c "Verifying peer X.509 certificate... ok" \
				11598	-C "received HelloRetryRequest message"
				11599
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11600	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11601	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11602	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11603	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11604	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11605	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11606	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11607	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11608	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11609	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11610	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11611	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11612	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11613	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11614	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11615	0 \
				11616	-s "Protocol is TLSv1.3" \
				11617	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11618	-s "received signature algorithm: 0x804" \
				11619	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11620	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11621	-c "Protocol is TLSv1.3" \
				11622	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11623	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				11624	-c "NamedGroup: secp521r1 ( 19 )" \
				11625	-c "Verifying peer X.509 certificate... ok" \
				11626	-C "received HelloRetryRequest message"
				11627
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11628	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11629	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11630	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11631	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11632	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11633	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11634	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11635	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11636	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11637	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11638	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11639	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11640	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11641	0 \
				11642	-s "Protocol is TLSv1.3" \
				11643	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11644	-s "received signature algorithm: 0x403" \
				11645	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11646	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11647	-c "Protocol is TLSv1.3" \
				11648	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11649	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				11650	-c "NamedGroup: x25519 ( 1d )" \
				11651	-c "Verifying peer X.509 certificate... ok" \
				11652	-C "received HelloRetryRequest message"
				11653
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11654	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11655	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11656	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11657	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11658	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11659	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11660	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11661	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11662	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11663	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11664	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11665	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11666	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11667	0 \
				11668	-s "Protocol is TLSv1.3" \
				11669	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11670	-s "received signature algorithm: 0x503" \
				11671	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11672	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11673	-c "Protocol is TLSv1.3" \
				11674	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11675	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				11676	-c "NamedGroup: x25519 ( 1d )" \
				11677	-c "Verifying peer X.509 certificate... ok" \
				11678	-C "received HelloRetryRequest message"
				11679
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11680	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11681	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11682	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11683	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11684	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11685	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11686	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11687	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11688	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11689	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11690	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11691	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11692	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11693	0 \
				11694	-s "Protocol is TLSv1.3" \
				11695	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11696	-s "received signature algorithm: 0x603" \
				11697	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11698	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11699	-c "Protocol is TLSv1.3" \
				11700	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11701	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				11702	-c "NamedGroup: x25519 ( 1d )" \
				11703	-c "Verifying peer X.509 certificate... ok" \
				11704	-C "received HelloRetryRequest message"
				11705
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11706	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11707	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11708	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11709	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11710	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11711	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11712	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11713	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11714	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11715	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11716	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11717	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11718	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11719	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11720	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11721	0 \
				11722	-s "Protocol is TLSv1.3" \
				11723	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11724	-s "received signature algorithm: 0x804" \
				11725	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11726	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11727	-c "Protocol is TLSv1.3" \
				11728	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11729	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				11730	-c "NamedGroup: x25519 ( 1d )" \
				11731	-c "Verifying peer X.509 certificate... ok" \
				11732	-C "received HelloRetryRequest message"
				11733
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11734	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11735	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11736	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11737	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11738	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11739	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11740	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11741	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11742	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11743	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11744	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11745	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11746	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11747	0 \
				11748	-s "Protocol is TLSv1.3" \
				11749	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11750	-s "received signature algorithm: 0x403" \
				11751	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11752	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11753	-c "Protocol is TLSv1.3" \
				11754	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11755	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				11756	-c "NamedGroup: x448 ( 1e )" \
				11757	-c "Verifying peer X.509 certificate... ok" \
				11758	-C "received HelloRetryRequest message"
				11759
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11760	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11761	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11762	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11763	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11764	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11765	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11766	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11767	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11768	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11769	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11770	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11771	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11772	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11773	0 \
				11774	-s "Protocol is TLSv1.3" \
				11775	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11776	-s "received signature algorithm: 0x503" \
				11777	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11778	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11779	-c "Protocol is TLSv1.3" \
				11780	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11781	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				11782	-c "NamedGroup: x448 ( 1e )" \
				11783	-c "Verifying peer X.509 certificate... ok" \
				11784	-C "received HelloRetryRequest message"
				11785
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11786	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11787	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11788	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11789	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11790	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11791	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11792	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11793	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11794	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11795	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11796	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11797	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11798	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11799	0 \
				11800	-s "Protocol is TLSv1.3" \
				11801	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11802	-s "received signature algorithm: 0x603" \
				11803	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11804	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11805	-c "Protocol is TLSv1.3" \
				11806	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11807	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				11808	-c "NamedGroup: x448 ( 1e )" \
				11809	-c "Verifying peer X.509 certificate... ok" \
				11810	-C "received HelloRetryRequest message"
				11811
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11812	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11813	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11814	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11815	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11816	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11817	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11818	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11819	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11820	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11821	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11822	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11823	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11824	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	11825	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11826	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11827	0 \
				11828	-s "Protocol is TLSv1.3" \
				11829	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11830	-s "received signature algorithm: 0x804" \
				11831	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	11832	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11833	-c "Protocol is TLSv1.3" \
				11834	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11835	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				11836	-c "NamedGroup: x448 ( 1e )" \
				11837	-c "Verifying peer X.509 certificate... ok" \
				11838	-C "received HelloRetryRequest message"
				11839
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	11840	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11841	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11842	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11843	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11844	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11845	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	11846	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	11847	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	11848	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11849	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11850	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
				11851	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11852	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				11853	0 \
				11854	-s "Protocol is TLSv1.3" \
				11855	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11856	-s "received signature algorithm: 0x403" \
				11857	-s "got named group: ffdhe2048(0100)" \
				11858	-s "Certificate verification was skipped" \
				11859	-c "Protocol is TLSv1.3" \
				11860	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11861	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				11862	-c "NamedGroup: ffdhe2048 ( 100 )" \
				11863	-c "Verifying peer X.509 certificate... ok" \
				11864	-C "received HelloRetryRequest message"
				11865
				11866	requires_config_enabled MBEDTLS_SSL_SRV_C
				11867	requires_config_enabled MBEDTLS_DEBUG_C
				11868	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11869	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11870	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11871	requires_config_enabled MBEDTLS_SSL_CLI_C
				11872	requires_config_enabled MBEDTLS_DEBUG_C
				11873	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11874	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11875	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11876	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
				11877	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11878	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				11879	0 \
				11880	-s "Protocol is TLSv1.3" \
				11881	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11882	-s "received signature algorithm: 0x503" \
				11883	-s "got named group: ffdhe2048(0100)" \
				11884	-s "Certificate verification was skipped" \
				11885	-c "Protocol is TLSv1.3" \
				11886	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11887	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				11888	-c "NamedGroup: ffdhe2048 ( 100 )" \
				11889	-c "Verifying peer X.509 certificate... ok" \
				11890	-C "received HelloRetryRequest message"
				11891
				11892	requires_config_enabled MBEDTLS_SSL_SRV_C
				11893	requires_config_enabled MBEDTLS_DEBUG_C
				11894	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11895	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11896	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11897	requires_config_enabled MBEDTLS_SSL_CLI_C
				11898	requires_config_enabled MBEDTLS_DEBUG_C
				11899	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11900	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11901	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11902	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
				11903	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11904	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				11905	0 \
				11906	-s "Protocol is TLSv1.3" \
				11907	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11908	-s "received signature algorithm: 0x603" \
				11909	-s "got named group: ffdhe2048(0100)" \
				11910	-s "Certificate verification was skipped" \
				11911	-c "Protocol is TLSv1.3" \
				11912	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11913	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				11914	-c "NamedGroup: ffdhe2048 ( 100 )" \
				11915	-c "Verifying peer X.509 certificate... ok" \
				11916	-C "received HelloRetryRequest message"
				11917
				11918	requires_config_enabled MBEDTLS_SSL_SRV_C
				11919	requires_config_enabled MBEDTLS_DEBUG_C
				11920	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11921	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11922	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11923	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11924	requires_config_enabled MBEDTLS_SSL_CLI_C
				11925	requires_config_enabled MBEDTLS_DEBUG_C
				11926	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11927	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				11928	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11929	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11930	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
				11931	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11932	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				11933	0 \
				11934	-s "Protocol is TLSv1.3" \
				11935	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11936	-s "received signature algorithm: 0x804" \
				11937	-s "got named group: ffdhe2048(0100)" \
				11938	-s "Certificate verification was skipped" \
				11939	-c "Protocol is TLSv1.3" \
				11940	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11941	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				11942	-c "NamedGroup: ffdhe2048 ( 100 )" \
				11943	-c "Verifying peer X.509 certificate... ok" \
				11944	-C "received HelloRetryRequest message"
				11945
				11946	requires_config_enabled MBEDTLS_SSL_SRV_C
				11947	requires_config_enabled MBEDTLS_DEBUG_C
				11948	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11949	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11950	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11951	requires_config_enabled MBEDTLS_SSL_CLI_C
				11952	requires_config_enabled MBEDTLS_DEBUG_C
				11953	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11954	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11955	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11956	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp256r1_sha256" \
				11957	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11958	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				11959	0 \
				11960	-s "Protocol is TLSv1.3" \
				11961	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11962	-s "received signature algorithm: 0x403" \
				11963	-s "got named group: ffdhe8192(0104)" \
				11964	-s "Certificate verification was skipped" \
				11965	-c "Protocol is TLSv1.3" \
				11966	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11967	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				11968	-c "NamedGroup: ffdhe8192 ( 104 )" \
				11969	-c "Verifying peer X.509 certificate... ok" \
				11970	-C "received HelloRetryRequest message"
				11971
				11972	requires_config_enabled MBEDTLS_SSL_SRV_C
				11973	requires_config_enabled MBEDTLS_DEBUG_C
				11974	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11975	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11976	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11977	requires_config_enabled MBEDTLS_SSL_CLI_C
				11978	requires_config_enabled MBEDTLS_DEBUG_C
				11979	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				11980	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	11981	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	11982	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp384r1_sha384" \
				11983	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				11984	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				11985	0 \
				11986	-s "Protocol is TLSv1.3" \
				11987	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				11988	-s "received signature algorithm: 0x503" \
				11989	-s "got named group: ffdhe8192(0104)" \
				11990	-s "Certificate verification was skipped" \
				11991	-c "Protocol is TLSv1.3" \
				11992	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				11993	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				11994	-c "NamedGroup: ffdhe8192 ( 104 )" \
				11995	-c "Verifying peer X.509 certificate... ok" \
				11996	-C "received HelloRetryRequest message"
				11997
				11998	requires_config_enabled MBEDTLS_SSL_SRV_C
				11999	requires_config_enabled MBEDTLS_DEBUG_C
				12000	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12001	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12002	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12003	requires_config_enabled MBEDTLS_SSL_CLI_C
				12004	requires_config_enabled MBEDTLS_DEBUG_C
				12005	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12006	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12007	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12008	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,ecdsa_secp521r1_sha512" \
				12009	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12010	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				12011	0 \
				12012	-s "Protocol is TLSv1.3" \
				12013	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				12014	-s "received signature algorithm: 0x603" \
				12015	-s "got named group: ffdhe8192(0104)" \
				12016	-s "Certificate verification was skipped" \
				12017	-c "Protocol is TLSv1.3" \
				12018	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				12019	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				12020	-c "NamedGroup: ffdhe8192 ( 104 )" \
				12021	-c "Verifying peer X.509 certificate... ok" \
				12022	-C "received HelloRetryRequest message"
				12023
				12024	requires_config_enabled MBEDTLS_SSL_SRV_C
				12025	requires_config_enabled MBEDTLS_DEBUG_C
				12026	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12027	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12028	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12029	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12030	requires_config_enabled MBEDTLS_SSL_CLI_C
				12031	requires_config_enabled MBEDTLS_DEBUG_C
				12032	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12033	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12034	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12035	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12036	run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe8192,rsa_pss_rsae_sha256" \
				12037	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12038	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				12039	0 \
				12040	-s "Protocol is TLSv1.3" \
				12041	-s "server hello, chosen ciphersuite: TLS1-3-AES-256-GCM-SHA384 ( id=4866 )" \
				12042	-s "received signature algorithm: 0x804" \
				12043	-s "got named group: ffdhe8192(0104)" \
				12044	-s "Certificate verification was skipped" \
				12045	-c "Protocol is TLSv1.3" \
				12046	-c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
				12047	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				12048	-c "NamedGroup: ffdhe8192 ( 104 )" \
				12049	-c "Verifying peer X.509 certificate... ok" \
				12050	-C "received HelloRetryRequest message"
				12051
				12052	requires_config_enabled MBEDTLS_SSL_SRV_C
				12053	requires_config_enabled MBEDTLS_DEBUG_C
				12054	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12055	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12056	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12057	requires_config_enabled MBEDTLS_SSL_CLI_C
				12058	requires_config_enabled MBEDTLS_DEBUG_C
				12059	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12060	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12061	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12062	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12063	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12064	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12065	0 \
				12066	-s "Protocol is TLSv1.3" \
				12067	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12068	-s "received signature algorithm: 0x403" \
				12069	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12070	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12071	-c "Protocol is TLSv1.3" \
				12072	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12073	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				12074	-c "NamedGroup: secp256r1 ( 17 )" \
				12075	-c "Verifying peer X.509 certificate... ok" \
				12076	-C "received HelloRetryRequest message"
				12077
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12078	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12079	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12080	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12081	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12082	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12083	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12084	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12085	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12086	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12087	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12088	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12089	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12090	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12091	0 \
				12092	-s "Protocol is TLSv1.3" \
				12093	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12094	-s "received signature algorithm: 0x503" \
				12095	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12096	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12097	-c "Protocol is TLSv1.3" \
				12098	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12099	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				12100	-c "NamedGroup: secp256r1 ( 17 )" \
				12101	-c "Verifying peer X.509 certificate... ok" \
				12102	-C "received HelloRetryRequest message"
				12103
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12104	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12105	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12106	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12107	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12108	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12109	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12110	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12111	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12112	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12113	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12114	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12115	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12116	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12117	0 \
				12118	-s "Protocol is TLSv1.3" \
				12119	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12120	-s "received signature algorithm: 0x603" \
				12121	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12122	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12123	-c "Protocol is TLSv1.3" \
				12124	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12125	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				12126	-c "NamedGroup: secp256r1 ( 17 )" \
				12127	-c "Verifying peer X.509 certificate... ok" \
				12128	-C "received HelloRetryRequest message"
				12129
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12130	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12131	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12132	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12133	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12134	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12135	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12136	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12137	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12138	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12139	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12140	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12141	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12142	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12143	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12144	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12145	0 \
				12146	-s "Protocol is TLSv1.3" \
				12147	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12148	-s "received signature algorithm: 0x804" \
				12149	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12150	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12151	-c "Protocol is TLSv1.3" \
				12152	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12153	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				12154	-c "NamedGroup: secp256r1 ( 17 )" \
				12155	-c "Verifying peer X.509 certificate... ok" \
				12156	-C "received HelloRetryRequest message"
				12157
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12158	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12159	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12160	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12161	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12162	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12163	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12164	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12165	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12166	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12167	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12168	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12169	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12170	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12171	0 \
				12172	-s "Protocol is TLSv1.3" \
				12173	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12174	-s "received signature algorithm: 0x403" \
				12175	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12176	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12177	-c "Protocol is TLSv1.3" \
				12178	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12179	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				12180	-c "NamedGroup: secp384r1 ( 18 )" \
				12181	-c "Verifying peer X.509 certificate... ok" \
				12182	-C "received HelloRetryRequest message"
				12183
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12184	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12185	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12186	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12187	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12188	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12189	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12190	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12191	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12192	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12193	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12194	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12195	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12196	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12197	0 \
				12198	-s "Protocol is TLSv1.3" \
				12199	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12200	-s "received signature algorithm: 0x503" \
				12201	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12202	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12203	-c "Protocol is TLSv1.3" \
				12204	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12205	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				12206	-c "NamedGroup: secp384r1 ( 18 )" \
				12207	-c "Verifying peer X.509 certificate... ok" \
				12208	-C "received HelloRetryRequest message"
				12209
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12210	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12211	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12212	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12213	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12214	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12215	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12216	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12217	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12218	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12219	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12220	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12221	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12222	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12223	0 \
				12224	-s "Protocol is TLSv1.3" \
				12225	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12226	-s "received signature algorithm: 0x603" \
				12227	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12228	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12229	-c "Protocol is TLSv1.3" \
				12230	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12231	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				12232	-c "NamedGroup: secp384r1 ( 18 )" \
				12233	-c "Verifying peer X.509 certificate... ok" \
				12234	-C "received HelloRetryRequest message"
				12235
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12236	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12237	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12238	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12239	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12240	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12241	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12242	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12243	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12244	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12245	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12246	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12247	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12248	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12249	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12250	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12251	0 \
				12252	-s "Protocol is TLSv1.3" \
				12253	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12254	-s "received signature algorithm: 0x804" \
				12255	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12256	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12257	-c "Protocol is TLSv1.3" \
				12258	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12259	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				12260	-c "NamedGroup: secp384r1 ( 18 )" \
				12261	-c "Verifying peer X.509 certificate... ok" \
				12262	-C "received HelloRetryRequest message"
				12263
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12264	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12265	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12266	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12267	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12268	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12269	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12270	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12271	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12272	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12273	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12274	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12275	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12276	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12277	0 \
				12278	-s "Protocol is TLSv1.3" \
				12279	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12280	-s "received signature algorithm: 0x403" \
				12281	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12282	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12283	-c "Protocol is TLSv1.3" \
				12284	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12285	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				12286	-c "NamedGroup: secp521r1 ( 19 )" \
				12287	-c "Verifying peer X.509 certificate... ok" \
				12288	-C "received HelloRetryRequest message"
				12289
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12290	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12291	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12292	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12293	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12294	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12295	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12296	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12297	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12298	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12299	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12300	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12301	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12302	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12303	0 \
				12304	-s "Protocol is TLSv1.3" \
				12305	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12306	-s "received signature algorithm: 0x503" \
				12307	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12308	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12309	-c "Protocol is TLSv1.3" \
				12310	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12311	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				12312	-c "NamedGroup: secp521r1 ( 19 )" \
				12313	-c "Verifying peer X.509 certificate... ok" \
				12314	-C "received HelloRetryRequest message"
				12315
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12316	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12317	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12318	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12319	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12320	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12321	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12322	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12323	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12324	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12325	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12326	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12327	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12328	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12329	0 \
				12330	-s "Protocol is TLSv1.3" \
				12331	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12332	-s "received signature algorithm: 0x603" \
				12333	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12334	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12335	-c "Protocol is TLSv1.3" \
				12336	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12337	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				12338	-c "NamedGroup: secp521r1 ( 19 )" \
				12339	-c "Verifying peer X.509 certificate... ok" \
				12340	-C "received HelloRetryRequest message"
				12341
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12342	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12343	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12344	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12345	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12346	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12347	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12348	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12349	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12350	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12351	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12352	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12353	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12354	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12355	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12356	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12357	0 \
				12358	-s "Protocol is TLSv1.3" \
				12359	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12360	-s "received signature algorithm: 0x804" \
				12361	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12362	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12363	-c "Protocol is TLSv1.3" \
				12364	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12365	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				12366	-c "NamedGroup: secp521r1 ( 19 )" \
				12367	-c "Verifying peer X.509 certificate... ok" \
				12368	-C "received HelloRetryRequest message"
				12369
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12370	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12371	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12372	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12373	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12374	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12375	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12376	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12377	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12378	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12379	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12380	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12381	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12382	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12383	0 \
				12384	-s "Protocol is TLSv1.3" \
				12385	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12386	-s "received signature algorithm: 0x403" \
				12387	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12388	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12389	-c "Protocol is TLSv1.3" \
				12390	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12391	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				12392	-c "NamedGroup: x25519 ( 1d )" \
				12393	-c "Verifying peer X.509 certificate... ok" \
				12394	-C "received HelloRetryRequest message"
				12395
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12396	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12397	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12398	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12399	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12400	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12401	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12402	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12403	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12404	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12405	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12406	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12407	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12408	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12409	0 \
				12410	-s "Protocol is TLSv1.3" \
				12411	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12412	-s "received signature algorithm: 0x503" \
				12413	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12414	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12415	-c "Protocol is TLSv1.3" \
				12416	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12417	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				12418	-c "NamedGroup: x25519 ( 1d )" \
				12419	-c "Verifying peer X.509 certificate... ok" \
				12420	-C "received HelloRetryRequest message"
				12421
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12422	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12423	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12424	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12425	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12426	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12427	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12428	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12429	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12430	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12431	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12432	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12433	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12434	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12435	0 \
				12436	-s "Protocol is TLSv1.3" \
				12437	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12438	-s "received signature algorithm: 0x603" \
				12439	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12440	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12441	-c "Protocol is TLSv1.3" \
				12442	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12443	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				12444	-c "NamedGroup: x25519 ( 1d )" \
				12445	-c "Verifying peer X.509 certificate... ok" \
				12446	-C "received HelloRetryRequest message"
				12447
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12448	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12449	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12450	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12451	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12452	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12453	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12454	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12455	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12456	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12457	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12458	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12459	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12460	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12461	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12462	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12463	0 \
				12464	-s "Protocol is TLSv1.3" \
				12465	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12466	-s "received signature algorithm: 0x804" \
				12467	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12468	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12469	-c "Protocol is TLSv1.3" \
				12470	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12471	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				12472	-c "NamedGroup: x25519 ( 1d )" \
				12473	-c "Verifying peer X.509 certificate... ok" \
				12474	-C "received HelloRetryRequest message"
				12475
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12476	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12477	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12478	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12479	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12480	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12481	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12482	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12483	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12484	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12485	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12486	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12487	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12488	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12489	0 \
				12490	-s "Protocol is TLSv1.3" \
				12491	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12492	-s "received signature algorithm: 0x403" \
				12493	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12494	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12495	-c "Protocol is TLSv1.3" \
				12496	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12497	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				12498	-c "NamedGroup: x448 ( 1e )" \
				12499	-c "Verifying peer X.509 certificate... ok" \
				12500	-C "received HelloRetryRequest message"
				12501
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12502	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12503	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12504	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12505	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12506	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12507	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12508	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12509	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12510	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12511	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12512	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12513	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12514	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12515	0 \
				12516	-s "Protocol is TLSv1.3" \
				12517	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12518	-s "received signature algorithm: 0x503" \
				12519	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12520	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12521	-c "Protocol is TLSv1.3" \
				12522	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12523	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				12524	-c "NamedGroup: x448 ( 1e )" \
				12525	-c "Verifying peer X.509 certificate... ok" \
				12526	-C "received HelloRetryRequest message"
				12527
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12528	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12529	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12530	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12531	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12532	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12533	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12534	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12535	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12536	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12537	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12538	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12539	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12540	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12541	0 \
				12542	-s "Protocol is TLSv1.3" \
				12543	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12544	-s "received signature algorithm: 0x603" \
				12545	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12546	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12547	-c "Protocol is TLSv1.3" \
				12548	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12549	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				12550	-c "NamedGroup: x448 ( 1e )" \
				12551	-c "Verifying peer X.509 certificate... ok" \
				12552	-C "received HelloRetryRequest message"
				12553
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12554	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12555	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12556	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12557	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12558	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12559	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12560	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12561	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12562	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12563	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12564	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12565	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12566	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12567	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12568	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12569	0 \
				12570	-s "Protocol is TLSv1.3" \
				12571	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12572	-s "received signature algorithm: 0x804" \
				12573	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12574	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12575	-c "Protocol is TLSv1.3" \
				12576	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12577	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				12578	-c "NamedGroup: x448 ( 1e )" \
				12579	-c "Verifying peer X.509 certificate... ok" \
				12580	-C "received HelloRetryRequest message"
				12581
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12582	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12583	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12584	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12585	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12586	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12587	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12588	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12589	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12590	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12591	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12592	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				12593	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12594	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				12595	0 \
				12596	-s "Protocol is TLSv1.3" \
				12597	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12598	-s "received signature algorithm: 0x403" \
				12599	-s "got named group: ffdhe2048(0100)" \
				12600	-s "Certificate verification was skipped" \
				12601	-c "Protocol is TLSv1.3" \
				12602	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12603	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				12604	-c "NamedGroup: ffdhe2048 ( 100 )" \
				12605	-c "Verifying peer X.509 certificate... ok" \
				12606	-C "received HelloRetryRequest message"
				12607
				12608	requires_config_enabled MBEDTLS_SSL_SRV_C
				12609	requires_config_enabled MBEDTLS_DEBUG_C
				12610	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12611	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12612	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12613	requires_config_enabled MBEDTLS_SSL_CLI_C
				12614	requires_config_enabled MBEDTLS_DEBUG_C
				12615	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12616	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12617	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12618	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				12619	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12620	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				12621	0 \
				12622	-s "Protocol is TLSv1.3" \
				12623	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12624	-s "received signature algorithm: 0x503" \
				12625	-s "got named group: ffdhe2048(0100)" \
				12626	-s "Certificate verification was skipped" \
				12627	-c "Protocol is TLSv1.3" \
				12628	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12629	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				12630	-c "NamedGroup: ffdhe2048 ( 100 )" \
				12631	-c "Verifying peer X.509 certificate... ok" \
				12632	-C "received HelloRetryRequest message"
				12633
				12634	requires_config_enabled MBEDTLS_SSL_SRV_C
				12635	requires_config_enabled MBEDTLS_DEBUG_C
				12636	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12637	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12638	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12639	requires_config_enabled MBEDTLS_SSL_CLI_C
				12640	requires_config_enabled MBEDTLS_DEBUG_C
				12641	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12642	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12643	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12644	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				12645	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12646	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				12647	0 \
				12648	-s "Protocol is TLSv1.3" \
				12649	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12650	-s "received signature algorithm: 0x603" \
				12651	-s "got named group: ffdhe2048(0100)" \
				12652	-s "Certificate verification was skipped" \
				12653	-c "Protocol is TLSv1.3" \
				12654	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12655	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				12656	-c "NamedGroup: ffdhe2048 ( 100 )" \
				12657	-c "Verifying peer X.509 certificate... ok" \
				12658	-C "received HelloRetryRequest message"
				12659
				12660	requires_config_enabled MBEDTLS_SSL_SRV_C
				12661	requires_config_enabled MBEDTLS_DEBUG_C
				12662	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12663	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12664	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12665	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12666	requires_config_enabled MBEDTLS_SSL_CLI_C
				12667	requires_config_enabled MBEDTLS_DEBUG_C
				12668	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12669	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12670	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12671	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12672	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				12673	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12674	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				12675	0 \
				12676	-s "Protocol is TLSv1.3" \
				12677	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12678	-s "received signature algorithm: 0x804" \
				12679	-s "got named group: ffdhe2048(0100)" \
				12680	-s "Certificate verification was skipped" \
				12681	-c "Protocol is TLSv1.3" \
				12682	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12683	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				12684	-c "NamedGroup: ffdhe2048 ( 100 )" \
				12685	-c "Verifying peer X.509 certificate... ok" \
				12686	-C "received HelloRetryRequest message"
				12687
				12688	requires_config_enabled MBEDTLS_SSL_SRV_C
				12689	requires_config_enabled MBEDTLS_DEBUG_C
				12690	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12691	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12692	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12693	requires_config_enabled MBEDTLS_SSL_CLI_C
				12694	requires_config_enabled MBEDTLS_DEBUG_C
				12695	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12696	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12697	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12698	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				12699	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12700	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				12701	0 \
				12702	-s "Protocol is TLSv1.3" \
				12703	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12704	-s "received signature algorithm: 0x403" \
				12705	-s "got named group: ffdhe8192(0104)" \
				12706	-s "Certificate verification was skipped" \
				12707	-c "Protocol is TLSv1.3" \
				12708	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12709	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				12710	-c "NamedGroup: ffdhe8192 ( 104 )" \
				12711	-c "Verifying peer X.509 certificate... ok" \
				12712	-C "received HelloRetryRequest message"
				12713
				12714	requires_config_enabled MBEDTLS_SSL_SRV_C
				12715	requires_config_enabled MBEDTLS_DEBUG_C
				12716	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12717	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12718	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12719	requires_config_enabled MBEDTLS_SSL_CLI_C
				12720	requires_config_enabled MBEDTLS_DEBUG_C
				12721	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12722	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12723	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12724	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				12725	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12726	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				12727	0 \
				12728	-s "Protocol is TLSv1.3" \
				12729	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12730	-s "received signature algorithm: 0x503" \
				12731	-s "got named group: ffdhe8192(0104)" \
				12732	-s "Certificate verification was skipped" \
				12733	-c "Protocol is TLSv1.3" \
				12734	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12735	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				12736	-c "NamedGroup: ffdhe8192 ( 104 )" \
				12737	-c "Verifying peer X.509 certificate... ok" \
				12738	-C "received HelloRetryRequest message"
				12739
				12740	requires_config_enabled MBEDTLS_SSL_SRV_C
				12741	requires_config_enabled MBEDTLS_DEBUG_C
				12742	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12743	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12744	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12745	requires_config_enabled MBEDTLS_SSL_CLI_C
				12746	requires_config_enabled MBEDTLS_DEBUG_C
				12747	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12748	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12749	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12750	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				12751	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12752	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				12753	0 \
				12754	-s "Protocol is TLSv1.3" \
				12755	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12756	-s "received signature algorithm: 0x603" \
				12757	-s "got named group: ffdhe8192(0104)" \
				12758	-s "Certificate verification was skipped" \
				12759	-c "Protocol is TLSv1.3" \
				12760	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12761	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				12762	-c "NamedGroup: ffdhe8192 ( 104 )" \
				12763	-c "Verifying peer X.509 certificate... ok" \
				12764	-C "received HelloRetryRequest message"
				12765
				12766	requires_config_enabled MBEDTLS_SSL_SRV_C
				12767	requires_config_enabled MBEDTLS_DEBUG_C
				12768	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12769	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12770	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12771	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12772	requires_config_enabled MBEDTLS_SSL_CLI_C
				12773	requires_config_enabled MBEDTLS_DEBUG_C
				12774	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12775	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12776	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12777	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12778	run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				12779	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12780	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				12781	0 \
				12782	-s "Protocol is TLSv1.3" \
				12783	-s "server hello, chosen ciphersuite: TLS1-3-CHACHA20-POLY1305-SHA256 ( id=4867 )" \
				12784	-s "received signature algorithm: 0x804" \
				12785	-s "got named group: ffdhe8192(0104)" \
				12786	-s "Certificate verification was skipped" \
				12787	-c "Protocol is TLSv1.3" \
				12788	-c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
				12789	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				12790	-c "NamedGroup: ffdhe8192 ( 104 )" \
				12791	-c "Verifying peer X.509 certificate... ok" \
				12792	-C "received HelloRetryRequest message"
				12793
				12794	requires_config_enabled MBEDTLS_SSL_SRV_C
				12795	requires_config_enabled MBEDTLS_DEBUG_C
				12796	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12797	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12798	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	12799	requires_config_enabled MBEDTLS_SSL_CLI_C
				12800	requires_config_enabled MBEDTLS_DEBUG_C
				12801	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				12802	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12803	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12804	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12805	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12806	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12807	0 \
				12808	-s "Protocol is TLSv1.3" \
				12809	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				12810	-s "received signature algorithm: 0x403" \
				12811	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12812	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12813	-c "Protocol is TLSv1.3" \
				12814	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				12815	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				12816	-c "NamedGroup: secp256r1 ( 17 )" \
				12817	-c "Verifying peer X.509 certificate... ok" \
				12818	-C "received HelloRetryRequest message"
				12819
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12820	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12821	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12822	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12823	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12824	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12825	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12826	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12827	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12828	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12829	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12830	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12831	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12832	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12833	0 \
				12834	-s "Protocol is TLSv1.3" \
				12835	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				12836	-s "received signature algorithm: 0x503" \
				12837	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12838	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12839	-c "Protocol is TLSv1.3" \
				12840	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				12841	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				12842	-c "NamedGroup: secp256r1 ( 17 )" \
				12843	-c "Verifying peer X.509 certificate... ok" \
				12844	-C "received HelloRetryRequest message"
				12845
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12846	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12847	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12848	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12849	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12850	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12851	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12852	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12853	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12854	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12855	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12856	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12857	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12858	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12859	0 \
				12860	-s "Protocol is TLSv1.3" \
				12861	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				12862	-s "received signature algorithm: 0x603" \
				12863	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12864	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12865	-c "Protocol is TLSv1.3" \
				12866	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				12867	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				12868	-c "NamedGroup: secp256r1 ( 17 )" \
				12869	-c "Verifying peer X.509 certificate... ok" \
				12870	-C "received HelloRetryRequest message"
				12871
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12872	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12873	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12874	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12875	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12876	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12877	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12878	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12879	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12880	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12881	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12882	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12883	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12884	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12885	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12886	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12887	0 \
				12888	-s "Protocol is TLSv1.3" \
				12889	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				12890	-s "received signature algorithm: 0x804" \
				12891	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12892	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12893	-c "Protocol is TLSv1.3" \
				12894	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				12895	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				12896	-c "NamedGroup: secp256r1 ( 17 )" \
				12897	-c "Verifying peer X.509 certificate... ok" \
				12898	-C "received HelloRetryRequest message"
				12899
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12900	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12901	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12902	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12903	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12904	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12905	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12906	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12907	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12908	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12909	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12910	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12911	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12912	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12913	0 \
				12914	-s "Protocol is TLSv1.3" \
				12915	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				12916	-s "received signature algorithm: 0x403" \
				12917	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12918	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12919	-c "Protocol is TLSv1.3" \
				12920	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				12921	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				12922	-c "NamedGroup: secp384r1 ( 18 )" \
				12923	-c "Verifying peer X.509 certificate... ok" \
				12924	-C "received HelloRetryRequest message"
				12925
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12926	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12927	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12928	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12929	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12930	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12931	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12932	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12933	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12934	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12935	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12936	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12937	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12938	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12939	0 \
				12940	-s "Protocol is TLSv1.3" \
				12941	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				12942	-s "received signature algorithm: 0x503" \
				12943	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12944	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12945	-c "Protocol is TLSv1.3" \
				12946	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				12947	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				12948	-c "NamedGroup: secp384r1 ( 18 )" \
				12949	-c "Verifying peer X.509 certificate... ok" \
				12950	-C "received HelloRetryRequest message"
				12951
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12952	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12953	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12954	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12955	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12956	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12957	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12958	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12959	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12960	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12961	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12962	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12963	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12964	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12965	0 \
				12966	-s "Protocol is TLSv1.3" \
				12967	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				12968	-s "received signature algorithm: 0x603" \
				12969	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12970	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12971	-c "Protocol is TLSv1.3" \
				12972	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				12973	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				12974	-c "NamedGroup: secp384r1 ( 18 )" \
				12975	-c "Verifying peer X.509 certificate... ok" \
				12976	-C "received HelloRetryRequest message"
				12977
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	12978	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12979	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12980	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12981	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12982	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12983	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12984	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	12985	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	12986	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12987	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				12988	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	12989	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12990	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	12991	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				12992	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12993	0 \
				12994	-s "Protocol is TLSv1.3" \
				12995	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				12996	-s "received signature algorithm: 0x804" \
				12997	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	12998	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	12999	-c "Protocol is TLSv1.3" \
				13000	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13001	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				13002	-c "NamedGroup: secp384r1 ( 18 )" \
				13003	-c "Verifying peer X.509 certificate... ok" \
				13004	-C "received HelloRetryRequest message"
				13005
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13006	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13007	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13008	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13009	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13010	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13011	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13012	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13013	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13014	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13015	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13016	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13017	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13018	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13019	0 \
				13020	-s "Protocol is TLSv1.3" \
				13021	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13022	-s "received signature algorithm: 0x403" \
				13023	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13024	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13025	-c "Protocol is TLSv1.3" \
				13026	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13027	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				13028	-c "NamedGroup: secp521r1 ( 19 )" \
				13029	-c "Verifying peer X.509 certificate... ok" \
				13030	-C "received HelloRetryRequest message"
				13031
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13032	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13033	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13034	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13035	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13036	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13037	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13038	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13039	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13040	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13041	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13042	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13043	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13044	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13045	0 \
				13046	-s "Protocol is TLSv1.3" \
				13047	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13048	-s "received signature algorithm: 0x503" \
				13049	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13050	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13051	-c "Protocol is TLSv1.3" \
				13052	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13053	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				13054	-c "NamedGroup: secp521r1 ( 19 )" \
				13055	-c "Verifying peer X.509 certificate... ok" \
				13056	-C "received HelloRetryRequest message"
				13057
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13058	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13059	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13060	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13061	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13062	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13063	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13064	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13065	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13066	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13067	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13068	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13069	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13070	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13071	0 \
				13072	-s "Protocol is TLSv1.3" \
				13073	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13074	-s "received signature algorithm: 0x603" \
				13075	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13076	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13077	-c "Protocol is TLSv1.3" \
				13078	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13079	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				13080	-c "NamedGroup: secp521r1 ( 19 )" \
				13081	-c "Verifying peer X.509 certificate... ok" \
				13082	-C "received HelloRetryRequest message"
				13083
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13084	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13085	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13086	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13087	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13088	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13089	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13090	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13091	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13092	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13093	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13094	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13095	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13096	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13097	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13098	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13099	0 \
				13100	-s "Protocol is TLSv1.3" \
				13101	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13102	-s "received signature algorithm: 0x804" \
				13103	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13104	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13105	-c "Protocol is TLSv1.3" \
				13106	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13107	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				13108	-c "NamedGroup: secp521r1 ( 19 )" \
				13109	-c "Verifying peer X.509 certificate... ok" \
				13110	-C "received HelloRetryRequest message"
				13111
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13112	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13113	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13114	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13115	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13116	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13117	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13118	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13119	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13120	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13121	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13122	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13123	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13124	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13125	0 \
				13126	-s "Protocol is TLSv1.3" \
				13127	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13128	-s "received signature algorithm: 0x403" \
				13129	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13130	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13131	-c "Protocol is TLSv1.3" \
				13132	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13133	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				13134	-c "NamedGroup: x25519 ( 1d )" \
				13135	-c "Verifying peer X.509 certificate... ok" \
				13136	-C "received HelloRetryRequest message"
				13137
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13138	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13139	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13140	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13141	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13142	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13143	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13144	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13145	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13146	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13147	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13148	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13149	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13150	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13151	0 \
				13152	-s "Protocol is TLSv1.3" \
				13153	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13154	-s "received signature algorithm: 0x503" \
				13155	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13156	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13157	-c "Protocol is TLSv1.3" \
				13158	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13159	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				13160	-c "NamedGroup: x25519 ( 1d )" \
				13161	-c "Verifying peer X.509 certificate... ok" \
				13162	-C "received HelloRetryRequest message"
				13163
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13164	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13165	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13166	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13167	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13168	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13169	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13170	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13171	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13172	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13173	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13174	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13175	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13176	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13177	0 \
				13178	-s "Protocol is TLSv1.3" \
				13179	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13180	-s "received signature algorithm: 0x603" \
				13181	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13182	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13183	-c "Protocol is TLSv1.3" \
				13184	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13185	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				13186	-c "NamedGroup: x25519 ( 1d )" \
				13187	-c "Verifying peer X.509 certificate... ok" \
				13188	-C "received HelloRetryRequest message"
				13189
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13190	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13191	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13192	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13193	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13194	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13195	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13196	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13197	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13198	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13199	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13200	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13201	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13202	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13203	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13204	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13205	0 \
				13206	-s "Protocol is TLSv1.3" \
				13207	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13208	-s "received signature algorithm: 0x804" \
				13209	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13210	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13211	-c "Protocol is TLSv1.3" \
				13212	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13213	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				13214	-c "NamedGroup: x25519 ( 1d )" \
				13215	-c "Verifying peer X.509 certificate... ok" \
				13216	-C "received HelloRetryRequest message"
				13217
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13218	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13219	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13220	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13221	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13222	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13223	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13224	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13225	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13226	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13227	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13228	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13229	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13230	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13231	0 \
				13232	-s "Protocol is TLSv1.3" \
				13233	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13234	-s "received signature algorithm: 0x403" \
				13235	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13236	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13237	-c "Protocol is TLSv1.3" \
				13238	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13239	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				13240	-c "NamedGroup: x448 ( 1e )" \
				13241	-c "Verifying peer X.509 certificate... ok" \
				13242	-C "received HelloRetryRequest message"
				13243
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13244	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13245	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13246	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13247	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13248	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13249	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13250	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13251	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13252	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13253	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13254	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13255	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13256	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13257	0 \
				13258	-s "Protocol is TLSv1.3" \
				13259	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13260	-s "received signature algorithm: 0x503" \
				13261	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13262	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13263	-c "Protocol is TLSv1.3" \
				13264	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13265	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				13266	-c "NamedGroup: x448 ( 1e )" \
				13267	-c "Verifying peer X.509 certificate... ok" \
				13268	-C "received HelloRetryRequest message"
				13269
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13270	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13271	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13272	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13273	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13274	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13275	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13276	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13277	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13278	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13279	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13280	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13281	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13282	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13283	0 \
				13284	-s "Protocol is TLSv1.3" \
				13285	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13286	-s "received signature algorithm: 0x603" \
				13287	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13288	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13289	-c "Protocol is TLSv1.3" \
				13290	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13291	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				13292	-c "NamedGroup: x448 ( 1e )" \
				13293	-c "Verifying peer X.509 certificate... ok" \
				13294	-C "received HelloRetryRequest message"
				13295
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13296	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13297	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13298	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13299	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13300	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13301	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13302	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13303	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13304	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13305	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13306	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13307	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13308	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13309	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13310	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13311	0 \
				13312	-s "Protocol is TLSv1.3" \
				13313	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13314	-s "received signature algorithm: 0x804" \
				13315	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13316	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13317	-c "Protocol is TLSv1.3" \
				13318	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13319	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				13320	-c "NamedGroup: x448 ( 1e )" \
				13321	-c "Verifying peer X.509 certificate... ok" \
				13322	-C "received HelloRetryRequest message"
				13323
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13324	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13325	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13326	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13327	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13328	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13329	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13330	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13331	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13332	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13333	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13334	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				13335	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13336	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				13337	0 \
				13338	-s "Protocol is TLSv1.3" \
				13339	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13340	-s "received signature algorithm: 0x403" \
				13341	-s "got named group: ffdhe2048(0100)" \
				13342	-s "Certificate verification was skipped" \
				13343	-c "Protocol is TLSv1.3" \
				13344	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13345	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				13346	-c "NamedGroup: ffdhe2048 ( 100 )" \
				13347	-c "Verifying peer X.509 certificate... ok" \
				13348	-C "received HelloRetryRequest message"
				13349
				13350	requires_config_enabled MBEDTLS_SSL_SRV_C
				13351	requires_config_enabled MBEDTLS_DEBUG_C
				13352	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13353	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13354	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13355	requires_config_enabled MBEDTLS_SSL_CLI_C
				13356	requires_config_enabled MBEDTLS_DEBUG_C
				13357	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13358	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13359	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13360	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				13361	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13362	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				13363	0 \
				13364	-s "Protocol is TLSv1.3" \
				13365	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13366	-s "received signature algorithm: 0x503" \
				13367	-s "got named group: ffdhe2048(0100)" \
				13368	-s "Certificate verification was skipped" \
				13369	-c "Protocol is TLSv1.3" \
				13370	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13371	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				13372	-c "NamedGroup: ffdhe2048 ( 100 )" \
				13373	-c "Verifying peer X.509 certificate... ok" \
				13374	-C "received HelloRetryRequest message"
				13375
				13376	requires_config_enabled MBEDTLS_SSL_SRV_C
				13377	requires_config_enabled MBEDTLS_DEBUG_C
				13378	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13379	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13380	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13381	requires_config_enabled MBEDTLS_SSL_CLI_C
				13382	requires_config_enabled MBEDTLS_DEBUG_C
				13383	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13384	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13385	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13386	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				13387	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13388	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				13389	0 \
				13390	-s "Protocol is TLSv1.3" \
				13391	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13392	-s "received signature algorithm: 0x603" \
				13393	-s "got named group: ffdhe2048(0100)" \
				13394	-s "Certificate verification was skipped" \
				13395	-c "Protocol is TLSv1.3" \
				13396	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13397	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				13398	-c "NamedGroup: ffdhe2048 ( 100 )" \
				13399	-c "Verifying peer X.509 certificate... ok" \
				13400	-C "received HelloRetryRequest message"
				13401
				13402	requires_config_enabled MBEDTLS_SSL_SRV_C
				13403	requires_config_enabled MBEDTLS_DEBUG_C
				13404	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13405	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13406	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13407	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13408	requires_config_enabled MBEDTLS_SSL_CLI_C
				13409	requires_config_enabled MBEDTLS_DEBUG_C
				13410	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13411	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13412	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13413	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13414	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				13415	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13416	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				13417	0 \
				13418	-s "Protocol is TLSv1.3" \
				13419	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13420	-s "received signature algorithm: 0x804" \
				13421	-s "got named group: ffdhe2048(0100)" \
				13422	-s "Certificate verification was skipped" \
				13423	-c "Protocol is TLSv1.3" \
				13424	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13425	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				13426	-c "NamedGroup: ffdhe2048 ( 100 )" \
				13427	-c "Verifying peer X.509 certificate... ok" \
				13428	-C "received HelloRetryRequest message"
				13429
				13430	requires_config_enabled MBEDTLS_SSL_SRV_C
				13431	requires_config_enabled MBEDTLS_DEBUG_C
				13432	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13433	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13434	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13435	requires_config_enabled MBEDTLS_SSL_CLI_C
				13436	requires_config_enabled MBEDTLS_DEBUG_C
				13437	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13438	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13439	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13440	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				13441	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13442	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				13443	0 \
				13444	-s "Protocol is TLSv1.3" \
				13445	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13446	-s "received signature algorithm: 0x403" \
				13447	-s "got named group: ffdhe8192(0104)" \
				13448	-s "Certificate verification was skipped" \
				13449	-c "Protocol is TLSv1.3" \
				13450	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13451	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				13452	-c "NamedGroup: ffdhe8192 ( 104 )" \
				13453	-c "Verifying peer X.509 certificate... ok" \
				13454	-C "received HelloRetryRequest message"
				13455
				13456	requires_config_enabled MBEDTLS_SSL_SRV_C
				13457	requires_config_enabled MBEDTLS_DEBUG_C
				13458	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13459	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13460	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13461	requires_config_enabled MBEDTLS_SSL_CLI_C
				13462	requires_config_enabled MBEDTLS_DEBUG_C
				13463	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13464	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13465	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13466	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				13467	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13468	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				13469	0 \
				13470	-s "Protocol is TLSv1.3" \
				13471	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13472	-s "received signature algorithm: 0x503" \
				13473	-s "got named group: ffdhe8192(0104)" \
				13474	-s "Certificate verification was skipped" \
				13475	-c "Protocol is TLSv1.3" \
				13476	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13477	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				13478	-c "NamedGroup: ffdhe8192 ( 104 )" \
				13479	-c "Verifying peer X.509 certificate... ok" \
				13480	-C "received HelloRetryRequest message"
				13481
				13482	requires_config_enabled MBEDTLS_SSL_SRV_C
				13483	requires_config_enabled MBEDTLS_DEBUG_C
				13484	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13485	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13486	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13487	requires_config_enabled MBEDTLS_SSL_CLI_C
				13488	requires_config_enabled MBEDTLS_DEBUG_C
				13489	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13490	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13491	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13492	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				13493	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13494	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				13495	0 \
				13496	-s "Protocol is TLSv1.3" \
				13497	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13498	-s "received signature algorithm: 0x603" \
				13499	-s "got named group: ffdhe8192(0104)" \
				13500	-s "Certificate verification was skipped" \
				13501	-c "Protocol is TLSv1.3" \
				13502	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13503	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				13504	-c "NamedGroup: ffdhe8192 ( 104 )" \
				13505	-c "Verifying peer X.509 certificate... ok" \
				13506	-C "received HelloRetryRequest message"
				13507
				13508	requires_config_enabled MBEDTLS_SSL_SRV_C
				13509	requires_config_enabled MBEDTLS_DEBUG_C
				13510	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13511	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13512	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13513	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13514	requires_config_enabled MBEDTLS_SSL_CLI_C
				13515	requires_config_enabled MBEDTLS_DEBUG_C
				13516	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13517	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13518	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13519	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13520	run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				13521	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13522	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				13523	0 \
				13524	-s "Protocol is TLSv1.3" \
				13525	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-SHA256 ( id=4868 )" \
				13526	-s "received signature algorithm: 0x804" \
				13527	-s "got named group: ffdhe8192(0104)" \
				13528	-s "Certificate verification was skipped" \
				13529	-c "Protocol is TLSv1.3" \
				13530	-c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
				13531	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				13532	-c "NamedGroup: ffdhe8192 ( 104 )" \
				13533	-c "Verifying peer X.509 certificate... ok" \
				13534	-C "received HelloRetryRequest message"
				13535
				13536	requires_config_enabled MBEDTLS_SSL_SRV_C
				13537	requires_config_enabled MBEDTLS_DEBUG_C
				13538	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13539	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13540	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	13541	requires_config_enabled MBEDTLS_SSL_CLI_C
				13542	requires_config_enabled MBEDTLS_DEBUG_C
				13543	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				13544	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13545	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13546	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13547	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13548	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13549	0 \
				13550	-s "Protocol is TLSv1.3" \
				13551	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13552	-s "received signature algorithm: 0x403" \
				13553	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13554	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13555	-c "Protocol is TLSv1.3" \
				13556	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13557	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				13558	-c "NamedGroup: secp256r1 ( 17 )" \
				13559	-c "Verifying peer X.509 certificate... ok" \
				13560	-C "received HelloRetryRequest message"
				13561
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13562	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13563	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13564	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13565	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13566	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13567	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13568	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13569	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13570	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13571	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13572	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13573	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13574	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13575	0 \
				13576	-s "Protocol is TLSv1.3" \
				13577	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13578	-s "received signature algorithm: 0x503" \
				13579	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13580	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13581	-c "Protocol is TLSv1.3" \
				13582	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13583	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				13584	-c "NamedGroup: secp256r1 ( 17 )" \
				13585	-c "Verifying peer X.509 certificate... ok" \
				13586	-C "received HelloRetryRequest message"
				13587
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13588	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13589	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13590	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13591	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13592	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13593	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13594	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13595	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13596	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13597	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13598	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13599	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13600	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13601	0 \
				13602	-s "Protocol is TLSv1.3" \
				13603	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13604	-s "received signature algorithm: 0x603" \
				13605	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13606	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13607	-c "Protocol is TLSv1.3" \
				13608	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13609	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				13610	-c "NamedGroup: secp256r1 ( 17 )" \
				13611	-c "Verifying peer X.509 certificate... ok" \
				13612	-C "received HelloRetryRequest message"
				13613
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13614	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13615	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13616	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13617	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13618	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13619	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13620	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13621	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13622	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13623	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13624	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13625	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13626	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13627	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13628	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13629	0 \
				13630	-s "Protocol is TLSv1.3" \
				13631	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13632	-s "received signature algorithm: 0x804" \
				13633	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13634	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13635	-c "Protocol is TLSv1.3" \
				13636	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13637	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				13638	-c "NamedGroup: secp256r1 ( 17 )" \
				13639	-c "Verifying peer X.509 certificate... ok" \
				13640	-C "received HelloRetryRequest message"
				13641
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13642	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13643	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13644	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13645	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13646	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13647	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13648	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13649	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13650	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13651	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13652	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13653	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13654	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13655	0 \
				13656	-s "Protocol is TLSv1.3" \
				13657	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13658	-s "received signature algorithm: 0x403" \
				13659	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13660	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13661	-c "Protocol is TLSv1.3" \
				13662	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13663	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				13664	-c "NamedGroup: secp384r1 ( 18 )" \
				13665	-c "Verifying peer X.509 certificate... ok" \
				13666	-C "received HelloRetryRequest message"
				13667
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13668	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13669	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13670	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13671	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13672	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13673	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13674	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13675	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13676	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13677	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13678	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13679	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13680	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13681	0 \
				13682	-s "Protocol is TLSv1.3" \
				13683	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13684	-s "received signature algorithm: 0x503" \
				13685	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13686	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13687	-c "Protocol is TLSv1.3" \
				13688	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13689	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				13690	-c "NamedGroup: secp384r1 ( 18 )" \
				13691	-c "Verifying peer X.509 certificate... ok" \
				13692	-C "received HelloRetryRequest message"
				13693
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13694	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13695	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13696	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13697	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13698	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13699	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13700	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13701	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13702	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13703	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13704	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13705	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13706	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13707	0 \
				13708	-s "Protocol is TLSv1.3" \
				13709	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13710	-s "received signature algorithm: 0x603" \
				13711	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13712	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13713	-c "Protocol is TLSv1.3" \
				13714	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13715	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				13716	-c "NamedGroup: secp384r1 ( 18 )" \
				13717	-c "Verifying peer X.509 certificate... ok" \
				13718	-C "received HelloRetryRequest message"
				13719
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13720	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13721	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13722	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13723	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13724	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13725	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13726	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13727	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13728	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13729	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13730	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13731	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13732	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13733	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13734	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13735	0 \
				13736	-s "Protocol is TLSv1.3" \
				13737	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13738	-s "received signature algorithm: 0x804" \
				13739	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13740	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13741	-c "Protocol is TLSv1.3" \
				13742	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13743	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				13744	-c "NamedGroup: secp384r1 ( 18 )" \
				13745	-c "Verifying peer X.509 certificate... ok" \
				13746	-C "received HelloRetryRequest message"
				13747
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13748	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13749	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13750	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13751	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13752	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13753	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13754	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13755	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13756	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13757	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13758	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13759	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13760	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13761	0 \
				13762	-s "Protocol is TLSv1.3" \
				13763	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13764	-s "received signature algorithm: 0x403" \
				13765	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13766	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13767	-c "Protocol is TLSv1.3" \
				13768	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13769	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				13770	-c "NamedGroup: secp521r1 ( 19 )" \
				13771	-c "Verifying peer X.509 certificate... ok" \
				13772	-C "received HelloRetryRequest message"
				13773
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13774	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13775	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13776	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13777	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13778	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13779	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13780	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13781	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13782	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13783	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13784	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13785	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13786	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13787	0 \
				13788	-s "Protocol is TLSv1.3" \
				13789	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13790	-s "received signature algorithm: 0x503" \
				13791	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13792	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13793	-c "Protocol is TLSv1.3" \
				13794	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13795	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				13796	-c "NamedGroup: secp521r1 ( 19 )" \
				13797	-c "Verifying peer X.509 certificate... ok" \
				13798	-C "received HelloRetryRequest message"
				13799
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13800	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13801	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13802	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13803	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13804	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13805	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13806	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13807	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13808	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13809	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13810	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13811	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13812	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13813	0 \
				13814	-s "Protocol is TLSv1.3" \
				13815	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13816	-s "received signature algorithm: 0x603" \
				13817	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13818	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13819	-c "Protocol is TLSv1.3" \
				13820	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13821	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				13822	-c "NamedGroup: secp521r1 ( 19 )" \
				13823	-c "Verifying peer X.509 certificate... ok" \
				13824	-C "received HelloRetryRequest message"
				13825
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13826	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13827	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13828	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13829	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13830	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13831	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13832	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13833	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13834	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13835	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13836	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13837	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13838	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13839	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13840	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13841	0 \
				13842	-s "Protocol is TLSv1.3" \
				13843	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13844	-s "received signature algorithm: 0x804" \
				13845	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13846	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13847	-c "Protocol is TLSv1.3" \
				13848	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13849	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				13850	-c "NamedGroup: secp521r1 ( 19 )" \
				13851	-c "Verifying peer X.509 certificate... ok" \
				13852	-C "received HelloRetryRequest message"
				13853
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13854	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13855	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13856	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13857	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13858	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13859	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13860	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13861	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13862	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13863	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13864	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13865	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13866	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13867	0 \
				13868	-s "Protocol is TLSv1.3" \
				13869	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13870	-s "received signature algorithm: 0x403" \
				13871	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13872	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13873	-c "Protocol is TLSv1.3" \
				13874	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13875	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				13876	-c "NamedGroup: x25519 ( 1d )" \
				13877	-c "Verifying peer X.509 certificate... ok" \
				13878	-C "received HelloRetryRequest message"
				13879
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13880	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13881	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13882	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13883	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13884	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13885	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13886	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13887	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13888	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13889	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13890	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13891	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13892	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13893	0 \
				13894	-s "Protocol is TLSv1.3" \
				13895	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13896	-s "received signature algorithm: 0x503" \
				13897	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13898	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13899	-c "Protocol is TLSv1.3" \
				13900	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13901	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				13902	-c "NamedGroup: x25519 ( 1d )" \
				13903	-c "Verifying peer X.509 certificate... ok" \
				13904	-C "received HelloRetryRequest message"
				13905
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13906	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13907	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13908	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13909	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13910	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13911	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13912	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13913	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13914	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13915	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13916	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13917	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13918	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13919	0 \
				13920	-s "Protocol is TLSv1.3" \
				13921	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13922	-s "received signature algorithm: 0x603" \
				13923	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13924	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13925	-c "Protocol is TLSv1.3" \
				13926	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13927	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				13928	-c "NamedGroup: x25519 ( 1d )" \
				13929	-c "Verifying peer X.509 certificate... ok" \
				13930	-C "received HelloRetryRequest message"
				13931
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13932	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13933	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13934	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13935	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13936	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13937	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13938	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13939	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13940	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13941	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				13942	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13943	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13944	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13945	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13946	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13947	0 \
				13948	-s "Protocol is TLSv1.3" \
				13949	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13950	-s "received signature algorithm: 0x804" \
				13951	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13952	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13953	-c "Protocol is TLSv1.3" \
				13954	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13955	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				13956	-c "NamedGroup: x25519 ( 1d )" \
				13957	-c "Verifying peer X.509 certificate... ok" \
				13958	-C "received HelloRetryRequest message"
				13959
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13960	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13961	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13962	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13963	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13964	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13965	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13966	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13967	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13968	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13969	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13970	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13971	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13972	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13973	0 \
				13974	-s "Protocol is TLSv1.3" \
				13975	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				13976	-s "received signature algorithm: 0x403" \
				13977	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	13978	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13979	-c "Protocol is TLSv1.3" \
				13980	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				13981	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				13982	-c "NamedGroup: x448 ( 1e )" \
				13983	-c "Verifying peer X.509 certificate... ok" \
				13984	-C "received HelloRetryRequest message"
				13985
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	13986	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13987	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13988	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13989	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13990	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13991	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	13992	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	13993	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13994	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	13995	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13996	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	13997	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				13998	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	13999	0 \
				14000	-s "Protocol is TLSv1.3" \
				14001	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				14002	-s "received signature algorithm: 0x503" \
				14003	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14004	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	14005	-c "Protocol is TLSv1.3" \
				14006	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				14007	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				14008	-c "NamedGroup: x448 ( 1e )" \
				14009	-c "Verifying peer X.509 certificate... ok" \
				14010	-C "received HelloRetryRequest message"
				14011
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	14012	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14013	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14014	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	14015	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14016	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	14017	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14018	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14019	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	14020	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14021	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	14022	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14023	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14024	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	14025	0 \
				14026	-s "Protocol is TLSv1.3" \
				14027	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				14028	-s "received signature algorithm: 0x603" \
				14029	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14030	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	14031	-c "Protocol is TLSv1.3" \
				14032	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				14033	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				14034	-c "NamedGroup: x448 ( 1e )" \
				14035	-c "Verifying peer X.509 certificate... ok" \
				14036	-C "received HelloRetryRequest message"
				14037
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	14038	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14039	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14040	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	14041	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				14042	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14043	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	14044	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14045	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14046	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	14047	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				14048	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14049	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	14050	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14051	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14052	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	14053	0 \
				14054	-s "Protocol is TLSv1.3" \
				14055	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				14056	-s "received signature algorithm: 0x804" \
				14057	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14058	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	14059	-c "Protocol is TLSv1.3" \
				14060	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				14061	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				14062	-c "NamedGroup: x448 ( 1e )" \
				14063	-c "Verifying peer X.509 certificate... ok" \
				14064	-C "received HelloRetryRequest message"
				14065
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14066	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	14067	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14068	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14069	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14070	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14071	requires_config_enabled MBEDTLS_SSL_CLI_C
				14072	requires_config_enabled MBEDTLS_DEBUG_C
				14073	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14074	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14075	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14076	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
				14077	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14078	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048" \
				14079	0 \
				14080	-s "Protocol is TLSv1.3" \
				14081	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				14082	-s "received signature algorithm: 0x403" \
				14083	-s "got named group: ffdhe2048(0100)" \
				14084	-s "Certificate verification was skipped" \
				14085	-c "Protocol is TLSv1.3" \
				14086	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				14087	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				14088	-c "NamedGroup: ffdhe2048 ( 100 )" \
				14089	-c "Verifying peer X.509 certificate... ok" \
				14090	-C "received HelloRetryRequest message"
				14091
				14092	requires_config_enabled MBEDTLS_SSL_SRV_C
				14093	requires_config_enabled MBEDTLS_DEBUG_C
				14094	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14095	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14096	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14097	requires_config_enabled MBEDTLS_SSL_CLI_C
				14098	requires_config_enabled MBEDTLS_DEBUG_C
				14099	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14100	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14101	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14102	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
				14103	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14104	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe2048" \
				14105	0 \
				14106	-s "Protocol is TLSv1.3" \
				14107	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				14108	-s "received signature algorithm: 0x503" \
				14109	-s "got named group: ffdhe2048(0100)" \
				14110	-s "Certificate verification was skipped" \
				14111	-c "Protocol is TLSv1.3" \
				14112	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				14113	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				14114	-c "NamedGroup: ffdhe2048 ( 100 )" \
				14115	-c "Verifying peer X.509 certificate... ok" \
				14116	-C "received HelloRetryRequest message"
				14117
				14118	requires_config_enabled MBEDTLS_SSL_SRV_C
				14119	requires_config_enabled MBEDTLS_DEBUG_C
				14120	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14121	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14122	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14123	requires_config_enabled MBEDTLS_SSL_CLI_C
				14124	requires_config_enabled MBEDTLS_DEBUG_C
				14125	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14126	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14127	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14128	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
				14129	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14130	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe2048" \
				14131	0 \
				14132	-s "Protocol is TLSv1.3" \
				14133	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				14134	-s "received signature algorithm: 0x603" \
				14135	-s "got named group: ffdhe2048(0100)" \
				14136	-s "Certificate verification was skipped" \
				14137	-c "Protocol is TLSv1.3" \
				14138	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				14139	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				14140	-c "NamedGroup: ffdhe2048 ( 100 )" \
				14141	-c "Verifying peer X.509 certificate... ok" \
				14142	-C "received HelloRetryRequest message"
				14143
				14144	requires_config_enabled MBEDTLS_SSL_SRV_C
				14145	requires_config_enabled MBEDTLS_DEBUG_C
				14146	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14147	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				14148	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14149	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14150	requires_config_enabled MBEDTLS_SSL_CLI_C
				14151	requires_config_enabled MBEDTLS_DEBUG_C
				14152	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14153	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				14154	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14155	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14156	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
				14157	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14158	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe2048" \
				14159	0 \
				14160	-s "Protocol is TLSv1.3" \
				14161	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				14162	-s "received signature algorithm: 0x804" \
				14163	-s "got named group: ffdhe2048(0100)" \
				14164	-s "Certificate verification was skipped" \
				14165	-c "Protocol is TLSv1.3" \
				14166	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				14167	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				14168	-c "NamedGroup: ffdhe2048 ( 100 )" \
				14169	-c "Verifying peer X.509 certificate... ok" \
				14170	-C "received HelloRetryRequest message"
				14171
				14172	requires_config_enabled MBEDTLS_SSL_SRV_C
				14173	requires_config_enabled MBEDTLS_DEBUG_C
				14174	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14175	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14176	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14177	requires_config_enabled MBEDTLS_SSL_CLI_C
				14178	requires_config_enabled MBEDTLS_DEBUG_C
				14179	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14180	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14181	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14182	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp256r1_sha256" \
				14183	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14184	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192" \
				14185	0 \
				14186	-s "Protocol is TLSv1.3" \
				14187	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				14188	-s "received signature algorithm: 0x403" \
				14189	-s "got named group: ffdhe8192(0104)" \
				14190	-s "Certificate verification was skipped" \
				14191	-c "Protocol is TLSv1.3" \
				14192	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				14193	-c "Certificate Verify: Signature algorithm ( 0403 )" \
				14194	-c "NamedGroup: ffdhe8192 ( 104 )" \
				14195	-c "Verifying peer X.509 certificate... ok" \
				14196	-C "received HelloRetryRequest message"
				14197
				14198	requires_config_enabled MBEDTLS_SSL_SRV_C
				14199	requires_config_enabled MBEDTLS_DEBUG_C
				14200	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14201	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14202	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14203	requires_config_enabled MBEDTLS_SSL_CLI_C
				14204	requires_config_enabled MBEDTLS_DEBUG_C
				14205	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14206	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14207	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14208	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp384r1_sha384" \
				14209	"$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14210	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 curves=ffdhe8192" \
				14211	0 \
				14212	-s "Protocol is TLSv1.3" \
				14213	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				14214	-s "received signature algorithm: 0x503" \
				14215	-s "got named group: ffdhe8192(0104)" \
				14216	-s "Certificate verification was skipped" \
				14217	-c "Protocol is TLSv1.3" \
				14218	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				14219	-c "Certificate Verify: Signature algorithm ( 0503 )" \
				14220	-c "NamedGroup: ffdhe8192 ( 104 )" \
				14221	-c "Verifying peer X.509 certificate... ok" \
				14222	-C "received HelloRetryRequest message"
				14223
				14224	requires_config_enabled MBEDTLS_SSL_SRV_C
				14225	requires_config_enabled MBEDTLS_DEBUG_C
				14226	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14227	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14228	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14229	requires_config_enabled MBEDTLS_SSL_CLI_C
				14230	requires_config_enabled MBEDTLS_DEBUG_C
				14231	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14232	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14233	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14234	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,ecdsa_secp521r1_sha512" \
				14235	"$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14236	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 curves=ffdhe8192" \
				14237	0 \
				14238	-s "Protocol is TLSv1.3" \
				14239	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				14240	-s "received signature algorithm: 0x603" \
				14241	-s "got named group: ffdhe8192(0104)" \
				14242	-s "Certificate verification was skipped" \
				14243	-c "Protocol is TLSv1.3" \
				14244	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				14245	-c "Certificate Verify: Signature algorithm ( 0603 )" \
				14246	-c "NamedGroup: ffdhe8192 ( 104 )" \
				14247	-c "Verifying peer X.509 certificate... ok" \
				14248	-C "received HelloRetryRequest message"
				14249
				14250	requires_config_enabled MBEDTLS_SSL_SRV_C
				14251	requires_config_enabled MBEDTLS_DEBUG_C
				14252	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14253	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				14254	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14255	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14256	requires_config_enabled MBEDTLS_SSL_CLI_C
				14257	requires_config_enabled MBEDTLS_DEBUG_C
				14258	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14259	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
				14260	requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14261	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14262	run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
				14263	"$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14264	"$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 curves=ffdhe8192" \
				14265	0 \
				14266	-s "Protocol is TLSv1.3" \
				14267	-s "server hello, chosen ciphersuite: TLS1-3-AES-128-CCM-8-SHA256 ( id=4869 )" \
				14268	-s "received signature algorithm: 0x804" \
				14269	-s "got named group: ffdhe8192(0104)" \
				14270	-s "Certificate verification was skipped" \
				14271	-c "Protocol is TLSv1.3" \
				14272	-c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
				14273	-c "Certificate Verify: Signature algorithm ( 0804 )" \
				14274	-c "NamedGroup: ffdhe8192 ( 104 )" \
				14275	-c "Verifying peer X.509 certificate... ok" \
				14276	-C "received HelloRetryRequest message"
				14277
				14278	requires_config_enabled MBEDTLS_SSL_SRV_C
				14279	requires_config_enabled MBEDTLS_DEBUG_C
				14280	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14281	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14282	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14283	requires_openssl_tls1_3
				14284	run_test "TLS 1.3 O->m: HRR secp256r1 -> secp384r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14285	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14286	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:P-384 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14287	0 \
				14288	-s "Protocol is TLSv1.3" \
				14289	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14290	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14291	-s "HRR selected_group: secp384r1"
				14292
				14293	requires_config_enabled MBEDTLS_SSL_SRV_C
				14294	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14295	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14296	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14297	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14298	requires_openssl_tls1_3
				14299	run_test "TLS 1.3 O->m: HRR secp256r1 -> secp521r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14300	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14301	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:P-521 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14302	0 \
				14303	-s "Protocol is TLSv1.3" \
				14304	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14305	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14306	-s "HRR selected_group: secp521r1"
				14307
				14308	requires_config_enabled MBEDTLS_SSL_SRV_C
				14309	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14310	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14311	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14312	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14313	requires_openssl_tls1_3
				14314	run_test "TLS 1.3 O->m: HRR secp256r1 -> x25519" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14315	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14316	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:X25519 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14317	0 \
				14318	-s "Protocol is TLSv1.3" \
				14319	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14320	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14321	-s "HRR selected_group: x25519"
				14322
				14323	requires_config_enabled MBEDTLS_SSL_SRV_C
				14324	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14325	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14326	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14327	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14328	requires_openssl_tls1_3
				14329	run_test "TLS 1.3 O->m: HRR secp256r1 -> x448" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14330	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14331	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:X448 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14332	0 \
				14333	-s "Protocol is TLSv1.3" \
				14334	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14335	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14336	-s "HRR selected_group: x448"
				14337
				14338	requires_config_enabled MBEDTLS_SSL_SRV_C
				14339	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14340	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14341	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14342	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14343	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14344	run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe2048" \
				14345	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14346	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:ffdhe2048 -msg -tls1_3" \
				14347	0 \
				14348	-s "Protocol is TLSv1.3" \
				14349	-s "got named group: ffdhe2048(0100)" \
				14350	-s "Certificate verification was skipped" \
				14351	-s "HRR selected_group: ffdhe2048"
				14352
				14353	requires_config_enabled MBEDTLS_SSL_SRV_C
				14354	requires_config_enabled MBEDTLS_DEBUG_C
				14355	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14356	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14357	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14358	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	14359	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14360	run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe8192" \
				14361	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14362	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-256:ffdhe8192 -msg -tls1_3" \
				14363	0 \
				14364	-s "Protocol is TLSv1.3" \
				14365	-s "got named group: ffdhe8192(0104)" \
				14366	-s "Certificate verification was skipped" \
				14367	-s "HRR selected_group: ffdhe8192"
				14368
				14369	requires_config_enabled MBEDTLS_SSL_SRV_C
				14370	requires_config_enabled MBEDTLS_DEBUG_C
				14371	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14372	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14373	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14374	requires_openssl_tls1_3
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14375	run_test "TLS 1.3 O->m: HRR secp384r1 -> secp256r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14376	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14377	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:P-256 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14378	0 \
				14379	-s "Protocol is TLSv1.3" \
				14380	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14381	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14382	-s "HRR selected_group: secp256r1"
				14383
				14384	requires_config_enabled MBEDTLS_SSL_SRV_C
				14385	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14386	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14387	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14388	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14389	requires_openssl_tls1_3
				14390	run_test "TLS 1.3 O->m: HRR secp384r1 -> secp521r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14391	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14392	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:P-521 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14393	0 \
				14394	-s "Protocol is TLSv1.3" \
				14395	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14396	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14397	-s "HRR selected_group: secp521r1"
				14398
				14399	requires_config_enabled MBEDTLS_SSL_SRV_C
				14400	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14401	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14402	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14403	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14404	requires_openssl_tls1_3
				14405	run_test "TLS 1.3 O->m: HRR secp384r1 -> x25519" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14406	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14407	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:X25519 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14408	0 \
				14409	-s "Protocol is TLSv1.3" \
				14410	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14411	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14412	-s "HRR selected_group: x25519"
				14413
				14414	requires_config_enabled MBEDTLS_SSL_SRV_C
				14415	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14416	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14417	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14418	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14419	requires_openssl_tls1_3
				14420	run_test "TLS 1.3 O->m: HRR secp384r1 -> x448" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14421	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14422	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:X448 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14423	0 \
				14424	-s "Protocol is TLSv1.3" \
				14425	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14426	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14427	-s "HRR selected_group: x448"
				14428
				14429	requires_config_enabled MBEDTLS_SSL_SRV_C
				14430	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14431	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14432	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14433	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14434	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14435	run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe2048" \
				14436	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14437	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:ffdhe2048 -msg -tls1_3" \
				14438	0 \
				14439	-s "Protocol is TLSv1.3" \
				14440	-s "got named group: ffdhe2048(0100)" \
				14441	-s "Certificate verification was skipped" \
				14442	-s "HRR selected_group: ffdhe2048"
				14443
				14444	requires_config_enabled MBEDTLS_SSL_SRV_C
				14445	requires_config_enabled MBEDTLS_DEBUG_C
				14446	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14447	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14448	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14449	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	14450	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14451	run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe8192" \
				14452	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14453	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-384:ffdhe8192 -msg -tls1_3" \
				14454	0 \
				14455	-s "Protocol is TLSv1.3" \
				14456	-s "got named group: ffdhe8192(0104)" \
				14457	-s "Certificate verification was skipped" \
				14458	-s "HRR selected_group: ffdhe8192"
				14459
				14460	requires_config_enabled MBEDTLS_SSL_SRV_C
				14461	requires_config_enabled MBEDTLS_DEBUG_C
				14462	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14463	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14464	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14465	requires_openssl_tls1_3
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14466	run_test "TLS 1.3 O->m: HRR secp521r1 -> secp256r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14467	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14468	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:P-256 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14469	0 \
				14470	-s "Protocol is TLSv1.3" \
				14471	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14472	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14473	-s "HRR selected_group: secp256r1"
				14474
				14475	requires_config_enabled MBEDTLS_SSL_SRV_C
				14476	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14477	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14478	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14479	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14480	requires_openssl_tls1_3
				14481	run_test "TLS 1.3 O->m: HRR secp521r1 -> secp384r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14482	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14483	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:P-384 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14484	0 \
				14485	-s "Protocol is TLSv1.3" \
				14486	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14487	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14488	-s "HRR selected_group: secp384r1"
				14489
				14490	requires_config_enabled MBEDTLS_SSL_SRV_C
				14491	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14492	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14493	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14494	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14495	requires_openssl_tls1_3
				14496	run_test "TLS 1.3 O->m: HRR secp521r1 -> x25519" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14497	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14498	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:X25519 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14499	0 \
				14500	-s "Protocol is TLSv1.3" \
				14501	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14502	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14503	-s "HRR selected_group: x25519"
				14504
				14505	requires_config_enabled MBEDTLS_SSL_SRV_C
				14506	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14507	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14508	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14509	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14510	requires_openssl_tls1_3
				14511	run_test "TLS 1.3 O->m: HRR secp521r1 -> x448" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14512	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14513	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:X448 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14514	0 \
				14515	-s "Protocol is TLSv1.3" \
				14516	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14517	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14518	-s "HRR selected_group: x448"
				14519
				14520	requires_config_enabled MBEDTLS_SSL_SRV_C
				14521	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14522	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14523	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14524	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14525	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14526	run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe2048" \
				14527	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14528	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:ffdhe2048 -msg -tls1_3" \
				14529	0 \
				14530	-s "Protocol is TLSv1.3" \
				14531	-s "got named group: ffdhe2048(0100)" \
				14532	-s "Certificate verification was skipped" \
				14533	-s "HRR selected_group: ffdhe2048"
				14534
				14535	requires_config_enabled MBEDTLS_SSL_SRV_C
				14536	requires_config_enabled MBEDTLS_DEBUG_C
				14537	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14538	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14539	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14540	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	14541	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14542	run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe8192" \
				14543	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14544	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups P-521:ffdhe8192 -msg -tls1_3" \
				14545	0 \
				14546	-s "Protocol is TLSv1.3" \
				14547	-s "got named group: ffdhe8192(0104)" \
				14548	-s "Certificate verification was skipped" \
				14549	-s "HRR selected_group: ffdhe8192"
				14550
				14551	requires_config_enabled MBEDTLS_SSL_SRV_C
				14552	requires_config_enabled MBEDTLS_DEBUG_C
				14553	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14554	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14555	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14556	requires_openssl_tls1_3
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14557	run_test "TLS 1.3 O->m: HRR x25519 -> secp256r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14558	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14559	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-256 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14560	0 \
				14561	-s "Protocol is TLSv1.3" \
				14562	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14563	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14564	-s "HRR selected_group: secp256r1"
				14565
				14566	requires_config_enabled MBEDTLS_SSL_SRV_C
				14567	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14568	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14569	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14570	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14571	requires_openssl_tls1_3
				14572	run_test "TLS 1.3 O->m: HRR x25519 -> secp384r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14573	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14574	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-384 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14575	0 \
				14576	-s "Protocol is TLSv1.3" \
				14577	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14578	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14579	-s "HRR selected_group: secp384r1"
				14580
				14581	requires_config_enabled MBEDTLS_SSL_SRV_C
				14582	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14583	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14584	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14585	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14586	requires_openssl_tls1_3
				14587	run_test "TLS 1.3 O->m: HRR x25519 -> secp521r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14588	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14589	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:P-521 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14590	0 \
				14591	-s "Protocol is TLSv1.3" \
				14592	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14593	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14594	-s "HRR selected_group: secp521r1"
				14595
				14596	requires_config_enabled MBEDTLS_SSL_SRV_C
				14597	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14598	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14599	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14600	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14601	requires_openssl_tls1_3
				14602	run_test "TLS 1.3 O->m: HRR x25519 -> x448" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14603	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14604	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:X448 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14605	0 \
				14606	-s "Protocol is TLSv1.3" \
				14607	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14608	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14609	-s "HRR selected_group: x448"
				14610
				14611	requires_config_enabled MBEDTLS_SSL_SRV_C
				14612	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14613	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14614	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14615	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14616	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14617	run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe2048" \
				14618	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14619	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:ffdhe2048 -msg -tls1_3" \
				14620	0 \
				14621	-s "Protocol is TLSv1.3" \
				14622	-s "got named group: ffdhe2048(0100)" \
				14623	-s "Certificate verification was skipped" \
				14624	-s "HRR selected_group: ffdhe2048"
				14625
				14626	requires_config_enabled MBEDTLS_SSL_SRV_C
				14627	requires_config_enabled MBEDTLS_DEBUG_C
				14628	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14629	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14630	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14631	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	14632	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14633	run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe8192" \
				14634	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14635	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X25519:ffdhe8192 -msg -tls1_3" \
				14636	0 \
				14637	-s "Protocol is TLSv1.3" \
				14638	-s "got named group: ffdhe8192(0104)" \
				14639	-s "Certificate verification was skipped" \
				14640	-s "HRR selected_group: ffdhe8192"
				14641
				14642	requires_config_enabled MBEDTLS_SSL_SRV_C
				14643	requires_config_enabled MBEDTLS_DEBUG_C
				14644	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14645	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14646	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14647	requires_openssl_tls1_3
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14648	run_test "TLS 1.3 O->m: HRR x448 -> secp256r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14649	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14650	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-256 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14651	0 \
				14652	-s "Protocol is TLSv1.3" \
				14653	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14654	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14655	-s "HRR selected_group: secp256r1"
				14656
				14657	requires_config_enabled MBEDTLS_SSL_SRV_C
				14658	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14659	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14660	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14661	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14662	requires_openssl_tls1_3
				14663	run_test "TLS 1.3 O->m: HRR x448 -> secp384r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14664	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14665	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-384 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14666	0 \
				14667	-s "Protocol is TLSv1.3" \
				14668	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14669	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14670	-s "HRR selected_group: secp384r1"
				14671
				14672	requires_config_enabled MBEDTLS_SSL_SRV_C
				14673	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14674	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14675	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14676	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14677	requires_openssl_tls1_3
				14678	run_test "TLS 1.3 O->m: HRR x448 -> secp521r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14679	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14680	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:P-521 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14681	0 \
				14682	-s "Protocol is TLSv1.3" \
				14683	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14684	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14685	-s "HRR selected_group: secp521r1"
				14686
				14687	requires_config_enabled MBEDTLS_SSL_SRV_C
				14688	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14689	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14690	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14691	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14692	requires_openssl_tls1_3
				14693	run_test "TLS 1.3 O->m: HRR x448 -> x25519" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14694	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14695	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:X25519 -msg -tls1_3" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14696	0 \
				14697	-s "Protocol is TLSv1.3" \
				14698	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14699	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14700	-s "HRR selected_group: x25519"
				14701
				14702	requires_config_enabled MBEDTLS_SSL_SRV_C
				14703	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14704	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14705	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14706	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14707	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14708	run_test "TLS 1.3 O->m: HRR x448 -> ffdhe2048" \
				14709	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14710	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:ffdhe2048 -msg -tls1_3" \
				14711	0 \
				14712	-s "Protocol is TLSv1.3" \
				14713	-s "got named group: ffdhe2048(0100)" \
				14714	-s "Certificate verification was skipped" \
				14715	-s "HRR selected_group: ffdhe2048"
				14716
				14717	requires_config_enabled MBEDTLS_SSL_SRV_C
				14718	requires_config_enabled MBEDTLS_DEBUG_C
				14719	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14720	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14721	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14722	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	14723	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14724	run_test "TLS 1.3 O->m: HRR x448 -> ffdhe8192" \
				14725	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14726	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups X448:ffdhe8192 -msg -tls1_3" \
				14727	0 \
				14728	-s "Protocol is TLSv1.3" \
				14729	-s "got named group: ffdhe8192(0104)" \
				14730	-s "Certificate verification was skipped" \
				14731	-s "HRR selected_group: ffdhe8192"
				14732
				14733	requires_config_enabled MBEDTLS_SSL_SRV_C
				14734	requires_config_enabled MBEDTLS_DEBUG_C
				14735	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14736	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14737	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14738	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14739	run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp256r1" \
				14740	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14741	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:P-256 -msg -tls1_3" \
				14742	0 \
				14743	-s "Protocol is TLSv1.3" \
				14744	-s "got named group: secp256r1(0017)" \
				14745	-s "Certificate verification was skipped" \
				14746	-s "HRR selected_group: secp256r1"
				14747
				14748	requires_config_enabled MBEDTLS_SSL_SRV_C
				14749	requires_config_enabled MBEDTLS_DEBUG_C
				14750	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14751	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14752	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14753	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14754	run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp384r1" \
				14755	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14756	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:P-384 -msg -tls1_3" \
				14757	0 \
				14758	-s "Protocol is TLSv1.3" \
				14759	-s "got named group: secp384r1(0018)" \
				14760	-s "Certificate verification was skipped" \
				14761	-s "HRR selected_group: secp384r1"
				14762
				14763	requires_config_enabled MBEDTLS_SSL_SRV_C
				14764	requires_config_enabled MBEDTLS_DEBUG_C
				14765	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14766	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14767	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14768	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14769	run_test "TLS 1.3 O->m: HRR ffdhe2048 -> secp521r1" \
				14770	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14771	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:P-521 -msg -tls1_3" \
				14772	0 \
				14773	-s "Protocol is TLSv1.3" \
				14774	-s "got named group: secp521r1(0019)" \
				14775	-s "Certificate verification was skipped" \
				14776	-s "HRR selected_group: secp521r1"
				14777
				14778	requires_config_enabled MBEDTLS_SSL_SRV_C
				14779	requires_config_enabled MBEDTLS_DEBUG_C
				14780	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14781	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14782	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14783	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14784	run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x25519" \
				14785	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14786	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:X25519 -msg -tls1_3" \
				14787	0 \
				14788	-s "Protocol is TLSv1.3" \
				14789	-s "got named group: x25519(001d)" \
				14790	-s "Certificate verification was skipped" \
				14791	-s "HRR selected_group: x25519"
				14792
				14793	requires_config_enabled MBEDTLS_SSL_SRV_C
				14794	requires_config_enabled MBEDTLS_DEBUG_C
				14795	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14796	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14797	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14798	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14799	run_test "TLS 1.3 O->m: HRR ffdhe2048 -> x448" \
				14800	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14801	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:X448 -msg -tls1_3" \
				14802	0 \
				14803	-s "Protocol is TLSv1.3" \
				14804	-s "got named group: x448(001e)" \
				14805	-s "Certificate verification was skipped" \
				14806	-s "HRR selected_group: x448"
				14807
				14808	requires_config_enabled MBEDTLS_SSL_SRV_C
				14809	requires_config_enabled MBEDTLS_DEBUG_C
				14810	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14811	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14812	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14813	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	14814	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14815	run_test "TLS 1.3 O->m: HRR ffdhe2048 -> ffdhe8192" \
				14816	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14817	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe2048:ffdhe8192 -msg -tls1_3" \
				14818	0 \
				14819	-s "Protocol is TLSv1.3" \
				14820	-s "got named group: ffdhe8192(0104)" \
				14821	-s "Certificate verification was skipped" \
				14822	-s "HRR selected_group: ffdhe8192"
				14823
				14824	requires_config_enabled MBEDTLS_SSL_SRV_C
				14825	requires_config_enabled MBEDTLS_DEBUG_C
				14826	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14827	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14828	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14829	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	14830	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14831	run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp256r1" \
				14832	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14833	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-256 -msg -tls1_3" \
				14834	0 \
				14835	-s "Protocol is TLSv1.3" \
				14836	-s "got named group: secp256r1(0017)" \
				14837	-s "Certificate verification was skipped" \
				14838	-s "HRR selected_group: secp256r1"
				14839
				14840	requires_config_enabled MBEDTLS_SSL_SRV_C
				14841	requires_config_enabled MBEDTLS_DEBUG_C
				14842	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14843	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14844	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14845	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	14846	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14847	run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp384r1" \
				14848	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14849	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-384 -msg -tls1_3" \
				14850	0 \
				14851	-s "Protocol is TLSv1.3" \
				14852	-s "got named group: secp384r1(0018)" \
				14853	-s "Certificate verification was skipped" \
				14854	-s "HRR selected_group: secp384r1"
				14855
				14856	requires_config_enabled MBEDTLS_SSL_SRV_C
				14857	requires_config_enabled MBEDTLS_DEBUG_C
				14858	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14859	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14860	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14861	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	14862	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14863	run_test "TLS 1.3 O->m: HRR ffdhe8192 -> secp521r1" \
				14864	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14865	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:P-521 -msg -tls1_3" \
				14866	0 \
				14867	-s "Protocol is TLSv1.3" \
				14868	-s "got named group: secp521r1(0019)" \
				14869	-s "Certificate verification was skipped" \
				14870	-s "HRR selected_group: secp521r1"
				14871
				14872	requires_config_enabled MBEDTLS_SSL_SRV_C
				14873	requires_config_enabled MBEDTLS_DEBUG_C
				14874	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14875	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14876	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14877	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	14878	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14879	run_test "TLS 1.3 O->m: HRR ffdhe8192 -> x25519" \
				14880	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14881	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:X25519 -msg -tls1_3" \
				14882	0 \
				14883	-s "Protocol is TLSv1.3" \
				14884	-s "got named group: x25519(001d)" \
				14885	-s "Certificate verification was skipped" \
				14886	-s "HRR selected_group: x25519"
				14887
				14888	requires_config_enabled MBEDTLS_SSL_SRV_C
				14889	requires_config_enabled MBEDTLS_DEBUG_C
				14890	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14891	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14892	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14893	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	14894	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14895	run_test "TLS 1.3 O->m: HRR ffdhe8192 -> x448" \
				14896	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14897	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:X448 -msg -tls1_3" \
				14898	0 \
				14899	-s "Protocol is TLSv1.3" \
				14900	-s "got named group: x448(001e)" \
				14901	-s "Certificate verification was skipped" \
				14902	-s "HRR selected_group: x448"
				14903
				14904	requires_config_enabled MBEDTLS_SSL_SRV_C
				14905	requires_config_enabled MBEDTLS_DEBUG_C
				14906	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14907	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14908	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	14909	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	14910	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14911	run_test "TLS 1.3 O->m: HRR ffdhe8192 -> ffdhe2048" \
				14912	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14913	"$O_NEXT_CLI_NO_CERT -CAfile data_files/test-ca2.crt -groups ffdhe8192:ffdhe2048 -msg -tls1_3" \
				14914	0 \
				14915	-s "Protocol is TLSv1.3" \
				14916	-s "got named group: ffdhe2048(0100)" \
				14917	-s "Certificate verification was skipped" \
				14918	-s "HRR selected_group: ffdhe2048"
				14919
				14920	requires_config_enabled MBEDTLS_SSL_SRV_C
				14921	requires_config_enabled MBEDTLS_DEBUG_C
				14922	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				14923	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14924	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14925	requires_gnutls_tls1_3
				14926	requires_gnutls_next_no_ticket
				14927	requires_gnutls_next_disable_tls13_compat
				14928	run_test "TLS 1.3 G->m: HRR secp256r1 -> secp384r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14929	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14930	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14931	0 \
				14932	-s "Protocol is TLSv1.3" \
				14933	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14934	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14935	-s "HRR selected_group: secp384r1"
				14936
				14937	requires_config_enabled MBEDTLS_SSL_SRV_C
				14938	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14939	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14940	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14941	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14942	requires_gnutls_tls1_3
				14943	requires_gnutls_next_no_ticket
				14944	requires_gnutls_next_disable_tls13_compat
				14945	run_test "TLS 1.3 G->m: HRR secp256r1 -> secp521r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14946	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14947	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14948	0 \
				14949	-s "Protocol is TLSv1.3" \
				14950	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14951	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14952	-s "HRR selected_group: secp521r1"
				14953
				14954	requires_config_enabled MBEDTLS_SSL_SRV_C
				14955	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14956	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14957	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14958	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14959	requires_gnutls_tls1_3
				14960	requires_gnutls_next_no_ticket
				14961	requires_gnutls_next_disable_tls13_compat
				14962	run_test "TLS 1.3 G->m: HRR secp256r1 -> x25519" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14963	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14964	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14965	0 \
				14966	-s "Protocol is TLSv1.3" \
				14967	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14968	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14969	-s "HRR selected_group: x25519"
				14970
				14971	requires_config_enabled MBEDTLS_SSL_SRV_C
				14972	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14973	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14974	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14975	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14976	requires_gnutls_tls1_3
				14977	requires_gnutls_next_no_ticket
				14978	requires_gnutls_next_disable_tls13_compat
				14979	run_test "TLS 1.3 G->m: HRR secp256r1 -> x448" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	14980	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	14981	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14982	0 \
				14983	-s "Protocol is TLSv1.3" \
				14984	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	14985	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14986	-s "HRR selected_group: x448"
				14987
				14988	requires_config_enabled MBEDTLS_SSL_SRV_C
				14989	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	14990	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14991	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	14992	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	14993	requires_gnutls_tls1_3
				14994	requires_gnutls_next_no_ticket
				14995	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	14996	run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe2048" \
				14997	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				14998	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				14999	0 \
				15000	-s "Protocol is TLSv1.3" \
				15001	-s "got named group: ffdhe2048(0100)" \
				15002	-s "Certificate verification was skipped" \
				15003	-s "HRR selected_group: ffdhe2048"
				15004
				15005	requires_config_enabled MBEDTLS_SSL_SRV_C
				15006	requires_config_enabled MBEDTLS_DEBUG_C
				15007	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15008	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15009	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15010	requires_gnutls_tls1_3
				15011	requires_gnutls_next_no_ticket
				15012	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15013	run_test "TLS 1.3 G->m: HRR secp256r1 -> ffdhe8192" \
				15014	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15015	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				15016	0 \
				15017	-s "Protocol is TLSv1.3" \
				15018	-s "got named group: ffdhe8192(0104)" \
				15019	-s "Certificate verification was skipped" \
				15020	-s "HRR selected_group: ffdhe8192"
				15021
				15022	requires_config_enabled MBEDTLS_SSL_SRV_C
				15023	requires_config_enabled MBEDTLS_DEBUG_C
				15024	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15025	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15026	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15027	requires_gnutls_tls1_3
				15028	requires_gnutls_next_no_ticket
				15029	requires_gnutls_next_disable_tls13_compat
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15030	run_test "TLS 1.3 G->m: HRR secp384r1 -> secp256r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15031	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15032	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15033	0 \
				15034	-s "Protocol is TLSv1.3" \
				15035	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15036	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15037	-s "HRR selected_group: secp256r1"
				15038
				15039	requires_config_enabled MBEDTLS_SSL_SRV_C
				15040	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15041	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15042	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15043	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15044	requires_gnutls_tls1_3
				15045	requires_gnutls_next_no_ticket
				15046	requires_gnutls_next_disable_tls13_compat
				15047	run_test "TLS 1.3 G->m: HRR secp384r1 -> secp521r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15048	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15049	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15050	0 \
				15051	-s "Protocol is TLSv1.3" \
				15052	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15053	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15054	-s "HRR selected_group: secp521r1"
				15055
				15056	requires_config_enabled MBEDTLS_SSL_SRV_C
				15057	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15058	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15059	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15060	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15061	requires_gnutls_tls1_3
				15062	requires_gnutls_next_no_ticket
				15063	requires_gnutls_next_disable_tls13_compat
				15064	run_test "TLS 1.3 G->m: HRR secp384r1 -> x25519" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15065	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15066	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15067	0 \
				15068	-s "Protocol is TLSv1.3" \
				15069	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15070	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15071	-s "HRR selected_group: x25519"
				15072
				15073	requires_config_enabled MBEDTLS_SSL_SRV_C
				15074	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15075	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15076	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15077	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15078	requires_gnutls_tls1_3
				15079	requires_gnutls_next_no_ticket
				15080	requires_gnutls_next_disable_tls13_compat
				15081	run_test "TLS 1.3 G->m: HRR secp384r1 -> x448" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15082	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15083	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15084	0 \
				15085	-s "Protocol is TLSv1.3" \
				15086	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15087	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15088	-s "HRR selected_group: x448"
				15089
				15090	requires_config_enabled MBEDTLS_SSL_SRV_C
				15091	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15092	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15093	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15094	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15095	requires_gnutls_tls1_3
				15096	requires_gnutls_next_no_ticket
				15097	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15098	run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe2048" \
				15099	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15100	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				15101	0 \
				15102	-s "Protocol is TLSv1.3" \
				15103	-s "got named group: ffdhe2048(0100)" \
				15104	-s "Certificate verification was skipped" \
				15105	-s "HRR selected_group: ffdhe2048"
				15106
				15107	requires_config_enabled MBEDTLS_SSL_SRV_C
				15108	requires_config_enabled MBEDTLS_DEBUG_C
				15109	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15110	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15111	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15112	requires_gnutls_tls1_3
				15113	requires_gnutls_next_no_ticket
				15114	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15115	run_test "TLS 1.3 G->m: HRR secp384r1 -> ffdhe8192" \
				15116	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15117	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				15118	0 \
				15119	-s "Protocol is TLSv1.3" \
				15120	-s "got named group: ffdhe8192(0104)" \
				15121	-s "Certificate verification was skipped" \
				15122	-s "HRR selected_group: ffdhe8192"
				15123
				15124	requires_config_enabled MBEDTLS_SSL_SRV_C
				15125	requires_config_enabled MBEDTLS_DEBUG_C
				15126	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15127	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15128	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15129	requires_gnutls_tls1_3
				15130	requires_gnutls_next_no_ticket
				15131	requires_gnutls_next_disable_tls13_compat
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15132	run_test "TLS 1.3 G->m: HRR secp521r1 -> secp256r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15133	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15134	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15135	0 \
				15136	-s "Protocol is TLSv1.3" \
				15137	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15138	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15139	-s "HRR selected_group: secp256r1"
				15140
				15141	requires_config_enabled MBEDTLS_SSL_SRV_C
				15142	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15143	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15144	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15145	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15146	requires_gnutls_tls1_3
				15147	requires_gnutls_next_no_ticket
				15148	requires_gnutls_next_disable_tls13_compat
				15149	run_test "TLS 1.3 G->m: HRR secp521r1 -> secp384r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15150	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15151	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15152	0 \
				15153	-s "Protocol is TLSv1.3" \
				15154	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15155	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15156	-s "HRR selected_group: secp384r1"
				15157
				15158	requires_config_enabled MBEDTLS_SSL_SRV_C
				15159	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15160	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15161	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15162	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15163	requires_gnutls_tls1_3
				15164	requires_gnutls_next_no_ticket
				15165	requires_gnutls_next_disable_tls13_compat
				15166	run_test "TLS 1.3 G->m: HRR secp521r1 -> x25519" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15167	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15168	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15169	0 \
				15170	-s "Protocol is TLSv1.3" \
				15171	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15172	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15173	-s "HRR selected_group: x25519"
				15174
				15175	requires_config_enabled MBEDTLS_SSL_SRV_C
				15176	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15177	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15178	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15179	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15180	requires_gnutls_tls1_3
				15181	requires_gnutls_next_no_ticket
				15182	requires_gnutls_next_disable_tls13_compat
				15183	run_test "TLS 1.3 G->m: HRR secp521r1 -> x448" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15184	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15185	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15186	0 \
				15187	-s "Protocol is TLSv1.3" \
				15188	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15189	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15190	-s "HRR selected_group: x448"
				15191
				15192	requires_config_enabled MBEDTLS_SSL_SRV_C
				15193	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15194	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15195	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15196	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15197	requires_gnutls_tls1_3
				15198	requires_gnutls_next_no_ticket
				15199	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15200	run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe2048" \
				15201	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15202	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				15203	0 \
				15204	-s "Protocol is TLSv1.3" \
				15205	-s "got named group: ffdhe2048(0100)" \
				15206	-s "Certificate verification was skipped" \
				15207	-s "HRR selected_group: ffdhe2048"
				15208
				15209	requires_config_enabled MBEDTLS_SSL_SRV_C
				15210	requires_config_enabled MBEDTLS_DEBUG_C
				15211	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15212	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15213	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15214	requires_gnutls_tls1_3
				15215	requires_gnutls_next_no_ticket
				15216	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15217	run_test "TLS 1.3 G->m: HRR secp521r1 -> ffdhe8192" \
				15218	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15219	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				15220	0 \
				15221	-s "Protocol is TLSv1.3" \
				15222	-s "got named group: ffdhe8192(0104)" \
				15223	-s "Certificate verification was skipped" \
				15224	-s "HRR selected_group: ffdhe8192"
				15225
				15226	requires_config_enabled MBEDTLS_SSL_SRV_C
				15227	requires_config_enabled MBEDTLS_DEBUG_C
				15228	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15229	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15230	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15231	requires_gnutls_tls1_3
				15232	requires_gnutls_next_no_ticket
				15233	requires_gnutls_next_disable_tls13_compat
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15234	run_test "TLS 1.3 G->m: HRR x25519 -> secp256r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15235	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15236	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15237	0 \
				15238	-s "Protocol is TLSv1.3" \
				15239	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15240	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15241	-s "HRR selected_group: secp256r1"
				15242
				15243	requires_config_enabled MBEDTLS_SSL_SRV_C
				15244	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15245	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15246	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15247	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15248	requires_gnutls_tls1_3
				15249	requires_gnutls_next_no_ticket
				15250	requires_gnutls_next_disable_tls13_compat
				15251	run_test "TLS 1.3 G->m: HRR x25519 -> secp384r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15252	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15253	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15254	0 \
				15255	-s "Protocol is TLSv1.3" \
				15256	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15257	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15258	-s "HRR selected_group: secp384r1"
				15259
				15260	requires_config_enabled MBEDTLS_SSL_SRV_C
				15261	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15262	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15263	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15264	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15265	requires_gnutls_tls1_3
				15266	requires_gnutls_next_no_ticket
				15267	requires_gnutls_next_disable_tls13_compat
				15268	run_test "TLS 1.3 G->m: HRR x25519 -> secp521r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15269	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15270	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15271	0 \
				15272	-s "Protocol is TLSv1.3" \
				15273	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15274	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15275	-s "HRR selected_group: secp521r1"
				15276
				15277	requires_config_enabled MBEDTLS_SSL_SRV_C
				15278	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15279	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15280	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15281	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15282	requires_gnutls_tls1_3
				15283	requires_gnutls_next_no_ticket
				15284	requires_gnutls_next_disable_tls13_compat
				15285	run_test "TLS 1.3 G->m: HRR x25519 -> x448" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15286	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15287	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15288	0 \
				15289	-s "Protocol is TLSv1.3" \
				15290	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15291	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15292	-s "HRR selected_group: x448"
				15293
				15294	requires_config_enabled MBEDTLS_SSL_SRV_C
				15295	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15296	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15297	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15298	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15299	requires_gnutls_tls1_3
				15300	requires_gnutls_next_no_ticket
				15301	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15302	run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe2048" \
				15303	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15304	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				15305	0 \
				15306	-s "Protocol is TLSv1.3" \
				15307	-s "got named group: ffdhe2048(0100)" \
				15308	-s "Certificate verification was skipped" \
				15309	-s "HRR selected_group: ffdhe2048"
				15310
				15311	requires_config_enabled MBEDTLS_SSL_SRV_C
				15312	requires_config_enabled MBEDTLS_DEBUG_C
				15313	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15314	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15315	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15316	requires_gnutls_tls1_3
				15317	requires_gnutls_next_no_ticket
				15318	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15319	run_test "TLS 1.3 G->m: HRR x25519 -> ffdhe8192" \
				15320	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15321	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				15322	0 \
				15323	-s "Protocol is TLSv1.3" \
				15324	-s "got named group: ffdhe8192(0104)" \
				15325	-s "Certificate verification was skipped" \
				15326	-s "HRR selected_group: ffdhe8192"
				15327
				15328	requires_config_enabled MBEDTLS_SSL_SRV_C
				15329	requires_config_enabled MBEDTLS_DEBUG_C
				15330	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15331	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15332	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15333	requires_gnutls_tls1_3
				15334	requires_gnutls_next_no_ticket
				15335	requires_gnutls_next_disable_tls13_compat
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15336	run_test "TLS 1.3 G->m: HRR x448 -> secp256r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15337	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15338	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15339	0 \
				15340	-s "Protocol is TLSv1.3" \
				15341	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15342	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15343	-s "HRR selected_group: secp256r1"
				15344
				15345	requires_config_enabled MBEDTLS_SSL_SRV_C
				15346	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15347	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15348	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15349	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15350	requires_gnutls_tls1_3
				15351	requires_gnutls_next_no_ticket
				15352	requires_gnutls_next_disable_tls13_compat
				15353	run_test "TLS 1.3 G->m: HRR x448 -> secp384r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15354	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15355	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15356	0 \
				15357	-s "Protocol is TLSv1.3" \
				15358	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15359	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15360	-s "HRR selected_group: secp384r1"
				15361
				15362	requires_config_enabled MBEDTLS_SSL_SRV_C
				15363	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15364	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15365	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15366	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15367	requires_gnutls_tls1_3
				15368	requires_gnutls_next_no_ticket
				15369	requires_gnutls_next_disable_tls13_compat
				15370	run_test "TLS 1.3 G->m: HRR x448 -> secp521r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15371	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15372	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15373	0 \
				15374	-s "Protocol is TLSv1.3" \
				15375	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15376	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15377	-s "HRR selected_group: secp521r1"
				15378
				15379	requires_config_enabled MBEDTLS_SSL_SRV_C
				15380	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15381	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15382	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15383	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15384	requires_gnutls_tls1_3
				15385	requires_gnutls_next_no_ticket
				15386	requires_gnutls_next_disable_tls13_compat
				15387	run_test "TLS 1.3 G->m: HRR x448 -> x25519" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15388	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15389	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15390	0 \
				15391	-s "Protocol is TLSv1.3" \
				15392	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	15393	-s "Certificate verification was skipped" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15394	-s "HRR selected_group: x25519"
				15395
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15396	requires_config_enabled MBEDTLS_SSL_SRV_C
				15397	requires_config_enabled MBEDTLS_DEBUG_C
				15398	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15399	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15400	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15401	requires_gnutls_tls1_3
				15402	requires_gnutls_next_no_ticket
				15403	requires_gnutls_next_disable_tls13_compat
				15404	run_test "TLS 1.3 G->m: HRR x448 -> ffdhe2048" \
				15405	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15406	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				15407	0 \
				15408	-s "Protocol is TLSv1.3" \
				15409	-s "got named group: ffdhe2048(0100)" \
				15410	-s "Certificate verification was skipped" \
				15411	-s "HRR selected_group: ffdhe2048"
				15412
				15413	requires_config_enabled MBEDTLS_SSL_SRV_C
				15414	requires_config_enabled MBEDTLS_DEBUG_C
				15415	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15416	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15417	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15418	requires_gnutls_tls1_3
				15419	requires_gnutls_next_no_ticket
				15420	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15421	run_test "TLS 1.3 G->m: HRR x448 -> ffdhe8192" \
				15422	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15423	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				15424	0 \
				15425	-s "Protocol is TLSv1.3" \
				15426	-s "got named group: ffdhe8192(0104)" \
				15427	-s "Certificate verification was skipped" \
				15428	-s "HRR selected_group: ffdhe8192"
				15429
				15430	requires_config_enabled MBEDTLS_SSL_SRV_C
				15431	requires_config_enabled MBEDTLS_DEBUG_C
				15432	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15433	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15434	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15435	requires_gnutls_tls1_3
				15436	requires_gnutls_next_no_ticket
				15437	requires_gnutls_next_disable_tls13_compat
				15438	run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp256r1" \
				15439	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15440	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
				15441	0 \
				15442	-s "Protocol is TLSv1.3" \
				15443	-s "got named group: secp256r1(0017)" \
				15444	-s "Certificate verification was skipped" \
				15445	-s "HRR selected_group: secp256r1"
				15446
				15447	requires_config_enabled MBEDTLS_SSL_SRV_C
				15448	requires_config_enabled MBEDTLS_DEBUG_C
				15449	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15450	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15451	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15452	requires_gnutls_tls1_3
				15453	requires_gnutls_next_no_ticket
				15454	requires_gnutls_next_disable_tls13_compat
				15455	run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp384r1" \
				15456	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15457	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
				15458	0 \
				15459	-s "Protocol is TLSv1.3" \
				15460	-s "got named group: secp384r1(0018)" \
				15461	-s "Certificate verification was skipped" \
				15462	-s "HRR selected_group: secp384r1"
				15463
				15464	requires_config_enabled MBEDTLS_SSL_SRV_C
				15465	requires_config_enabled MBEDTLS_DEBUG_C
				15466	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15467	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15468	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15469	requires_gnutls_tls1_3
				15470	requires_gnutls_next_no_ticket
				15471	requires_gnutls_next_disable_tls13_compat
				15472	run_test "TLS 1.3 G->m: HRR ffdhe2048 -> secp521r1" \
				15473	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15474	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
				15475	0 \
				15476	-s "Protocol is TLSv1.3" \
				15477	-s "got named group: secp521r1(0019)" \
				15478	-s "Certificate verification was skipped" \
				15479	-s "HRR selected_group: secp521r1"
				15480
				15481	requires_config_enabled MBEDTLS_SSL_SRV_C
				15482	requires_config_enabled MBEDTLS_DEBUG_C
				15483	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15484	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15485	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15486	requires_gnutls_tls1_3
				15487	requires_gnutls_next_no_ticket
				15488	requires_gnutls_next_disable_tls13_compat
				15489	run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x25519" \
				15490	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15491	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
				15492	0 \
				15493	-s "Protocol is TLSv1.3" \
				15494	-s "got named group: x25519(001d)" \
				15495	-s "Certificate verification was skipped" \
				15496	-s "HRR selected_group: x25519"
				15497
				15498	requires_config_enabled MBEDTLS_SSL_SRV_C
				15499	requires_config_enabled MBEDTLS_DEBUG_C
				15500	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15501	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15502	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15503	requires_gnutls_tls1_3
				15504	requires_gnutls_next_no_ticket
				15505	requires_gnutls_next_disable_tls13_compat
				15506	run_test "TLS 1.3 G->m: HRR ffdhe2048 -> x448" \
				15507	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15508	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
				15509	0 \
				15510	-s "Protocol is TLSv1.3" \
				15511	-s "got named group: x448(001e)" \
				15512	-s "Certificate verification was skipped" \
				15513	-s "HRR selected_group: x448"
				15514
				15515	requires_config_enabled MBEDTLS_SSL_SRV_C
				15516	requires_config_enabled MBEDTLS_DEBUG_C
				15517	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15518	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15519	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15520	requires_gnutls_tls1_3
				15521	requires_gnutls_next_no_ticket
				15522	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15523	run_test "TLS 1.3 G->m: HRR ffdhe2048 -> ffdhe8192" \
				15524	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15525	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				15526	0 \
				15527	-s "Protocol is TLSv1.3" \
				15528	-s "got named group: ffdhe8192(0104)" \
				15529	-s "Certificate verification was skipped" \
				15530	-s "HRR selected_group: ffdhe8192"
				15531
				15532	requires_config_enabled MBEDTLS_SSL_SRV_C
				15533	requires_config_enabled MBEDTLS_DEBUG_C
				15534	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15535	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15536	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15537	requires_gnutls_tls1_3
				15538	requires_gnutls_next_no_ticket
				15539	requires_gnutls_next_disable_tls13_compat
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15540	run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp256r1" \
				15541	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15542	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
				15543	0 \
				15544	-s "Protocol is TLSv1.3" \
				15545	-s "got named group: secp256r1(0017)" \
				15546	-s "Certificate verification was skipped" \
				15547	-s "HRR selected_group: secp256r1"
				15548
				15549	requires_config_enabled MBEDTLS_SSL_SRV_C
				15550	requires_config_enabled MBEDTLS_DEBUG_C
				15551	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15552	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15553	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15554	requires_gnutls_tls1_3
				15555	requires_gnutls_next_no_ticket
				15556	requires_gnutls_next_disable_tls13_compat
				15557	run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp384r1" \
				15558	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15559	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
				15560	0 \
				15561	-s "Protocol is TLSv1.3" \
				15562	-s "got named group: secp384r1(0018)" \
				15563	-s "Certificate verification was skipped" \
				15564	-s "HRR selected_group: secp384r1"
				15565
				15566	requires_config_enabled MBEDTLS_SSL_SRV_C
				15567	requires_config_enabled MBEDTLS_DEBUG_C
				15568	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15569	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15570	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15571	requires_gnutls_tls1_3
				15572	requires_gnutls_next_no_ticket
				15573	requires_gnutls_next_disable_tls13_compat
				15574	run_test "TLS 1.3 G->m: HRR ffdhe8192 -> secp521r1" \
				15575	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15576	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
				15577	0 \
				15578	-s "Protocol is TLSv1.3" \
				15579	-s "got named group: secp521r1(0019)" \
				15580	-s "Certificate verification was skipped" \
				15581	-s "HRR selected_group: secp521r1"
				15582
				15583	requires_config_enabled MBEDTLS_SSL_SRV_C
				15584	requires_config_enabled MBEDTLS_DEBUG_C
				15585	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15586	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15587	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15588	requires_gnutls_tls1_3
				15589	requires_gnutls_next_no_ticket
				15590	requires_gnutls_next_disable_tls13_compat
				15591	run_test "TLS 1.3 G->m: HRR ffdhe8192 -> x25519" \
				15592	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15593	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
				15594	0 \
				15595	-s "Protocol is TLSv1.3" \
				15596	-s "got named group: x25519(001d)" \
				15597	-s "Certificate verification was skipped" \
				15598	-s "HRR selected_group: x25519"
				15599
				15600	requires_config_enabled MBEDTLS_SSL_SRV_C
				15601	requires_config_enabled MBEDTLS_DEBUG_C
				15602	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15603	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15604	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15605	requires_gnutls_tls1_3
				15606	requires_gnutls_next_no_ticket
				15607	requires_gnutls_next_disable_tls13_compat
				15608	run_test "TLS 1.3 G->m: HRR ffdhe8192 -> x448" \
				15609	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15610	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
				15611	0 \
				15612	-s "Protocol is TLSv1.3" \
				15613	-s "got named group: x448(001e)" \
				15614	-s "Certificate verification was skipped" \
				15615	-s "HRR selected_group: x448"
				15616
				15617	requires_config_enabled MBEDTLS_SSL_SRV_C
				15618	requires_config_enabled MBEDTLS_DEBUG_C
				15619	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15620	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15621	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15622	requires_gnutls_tls1_3
				15623	requires_gnutls_next_no_ticket
				15624	requires_gnutls_next_disable_tls13_compat
				15625	run_test "TLS 1.3 G->m: HRR ffdhe8192 -> ffdhe2048" \
				15626	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				15627	"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca2.crt --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				15628	0 \
				15629	-s "Protocol is TLSv1.3" \
				15630	-s "got named group: ffdhe2048(0100)" \
				15631	-s "Certificate verification was skipped" \
				15632	-s "HRR selected_group: ffdhe2048"
				15633
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15634	requires_openssl_tls1_3
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15635	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15636	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15637	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15638	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15639	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	15640	run_test "TLS 1.3 m->O: HRR secp256r1 -> secp384r1" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15641	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15642	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	15643	0 \
				15644	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15645	-c "Protocol is TLSv1.3" \
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	15646	-c "NamedGroup: secp256r1 ( 17 )" \
				15647	-c "NamedGroup: secp384r1 ( 18 )" \
				15648	-c "Verifying peer X.509 certificate... ok" \
				15649	-c "received HelloRetryRequest message" \
				15650	-c "selected_group ( 24 )"
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15651
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15652	requires_openssl_tls1_3
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15653	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15654	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15655	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15656	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15657	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	8031ba7	2022-03-22 12:53:45 +0000	[diff] [blame]	15658	run_test "TLS 1.3 m->O: HRR secp256r1 -> secp521r1" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15659	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15660	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15661	0 \
				15662	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15663	-c "Protocol is TLSv1.3" \
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	15664	-c "NamedGroup: secp256r1 ( 17 )" \
				15665	-c "NamedGroup: secp521r1 ( 19 )" \
				15666	-c "Verifying peer X.509 certificate... ok" \
				15667	-c "received HelloRetryRequest message" \
				15668	-c "selected_group ( 25 )"
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15669
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15670	requires_openssl_tls1_3
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15671	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15672	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15673	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15674	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15675	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	8031ba7	2022-03-22 12:53:45 +0000	[diff] [blame]	15676	run_test "TLS 1.3 m->O: HRR secp256r1 -> x25519" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15677	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15678	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15679	0 \
				15680	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15681	-c "Protocol is TLSv1.3" \
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	15682	-c "NamedGroup: secp256r1 ( 17 )" \
				15683	-c "NamedGroup: x25519 ( 1d )" \
				15684	-c "Verifying peer X.509 certificate... ok" \
				15685	-c "received HelloRetryRequest message" \
				15686	-c "selected_group ( 29 )"
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15687
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15688	requires_openssl_tls1_3
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15689	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15690	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15691	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15692	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15693	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	8031ba7	2022-03-22 12:53:45 +0000	[diff] [blame]	15694	run_test "TLS 1.3 m->O: HRR secp256r1 -> x448" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15695	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15696	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15697	0 \
				15698	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15699	-c "Protocol is TLSv1.3" \
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	15700	-c "NamedGroup: secp256r1 ( 17 )" \
				15701	-c "NamedGroup: x448 ( 1e )" \
				15702	-c "Verifying peer X.509 certificate... ok" \
				15703	-c "received HelloRetryRequest message" \
				15704	-c "selected_group ( 30 )"
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	15705
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	15706	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15707	requires_config_enabled MBEDTLS_SSL_CLI_C
				15708	requires_config_enabled MBEDTLS_DEBUG_C
				15709	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15710	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15711	requires_config_enabled PSA_WANT_ALG_ECDH
				15712	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15713	run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe2048" \
				15714	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				15715	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe2048" \
				15716	0 \
				15717	-c "HTTP/1.0 200 ok" \
				15718	-c "Protocol is TLSv1.3" \
				15719	-c "NamedGroup: secp256r1 ( 17 )" \
				15720	-c "NamedGroup: ffdhe2048 ( 100 )" \
				15721	-c "Verifying peer X.509 certificate... ok" \
				15722	-c "received HelloRetryRequest message" \
				15723	-c "selected_group ( 256 )"
				15724
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	15725	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	15726	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15727	requires_config_enabled MBEDTLS_SSL_CLI_C
				15728	requires_config_enabled MBEDTLS_DEBUG_C
				15729	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15730	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15731	requires_config_enabled PSA_WANT_ALG_ECDH
				15732	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15733	run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe8192" \
				15734	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				15735	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \
				15736	0 \
				15737	-c "HTTP/1.0 200 ok" \
				15738	-c "Protocol is TLSv1.3" \
				15739	-c "NamedGroup: secp256r1 ( 17 )" \
				15740	-c "NamedGroup: ffdhe8192 ( 104 )" \
				15741	-c "Verifying peer X.509 certificate... ok" \
				15742	-c "received HelloRetryRequest message" \
				15743	-c "selected_group ( 260 )"
				15744
				15745	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15746	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15747	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15748	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15749	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15750	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15751	run_test "TLS 1.3 m->O: HRR secp384r1 -> secp256r1" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15752	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15753	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15754	0 \
				15755	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15756	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15757	-c "NamedGroup: secp384r1 ( 18 )" \
				15758	-c "NamedGroup: secp256r1 ( 17 )" \
				15759	-c "Verifying peer X.509 certificate... ok" \
				15760	-c "received HelloRetryRequest message" \
				15761	-c "selected_group ( 23 )"
				15762
				15763	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15764	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15765	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15766	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15767	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15768	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15769	run_test "TLS 1.3 m->O: HRR secp384r1 -> secp521r1" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15770	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15771	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15772	0 \
				15773	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15774	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15775	-c "NamedGroup: secp384r1 ( 18 )" \
				15776	-c "NamedGroup: secp521r1 ( 19 )" \
				15777	-c "Verifying peer X.509 certificate... ok" \
				15778	-c "received HelloRetryRequest message" \
				15779	-c "selected_group ( 25 )"
				15780
				15781	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15782	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15783	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15784	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15785	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15786	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15787	run_test "TLS 1.3 m->O: HRR secp384r1 -> x25519" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15788	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15789	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15790	0 \
				15791	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15792	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15793	-c "NamedGroup: secp384r1 ( 18 )" \
				15794	-c "NamedGroup: x25519 ( 1d )" \
				15795	-c "Verifying peer X.509 certificate... ok" \
				15796	-c "received HelloRetryRequest message" \
				15797	-c "selected_group ( 29 )"
				15798
				15799	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15800	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15801	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15802	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15803	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15804	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15805	run_test "TLS 1.3 m->O: HRR secp384r1 -> x448" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15806	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15807	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15808	0 \
				15809	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15810	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15811	-c "NamedGroup: secp384r1 ( 18 )" \
				15812	-c "NamedGroup: x448 ( 1e )" \
				15813	-c "Verifying peer X.509 certificate... ok" \
				15814	-c "received HelloRetryRequest message" \
				15815	-c "selected_group ( 30 )"
				15816
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	15817	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15818	requires_config_enabled MBEDTLS_SSL_CLI_C
				15819	requires_config_enabled MBEDTLS_DEBUG_C
				15820	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15821	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15822	requires_config_enabled PSA_WANT_ALG_ECDH
				15823	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15824	run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe2048" \
				15825	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				15826	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe2048" \
				15827	0 \
				15828	-c "HTTP/1.0 200 ok" \
				15829	-c "Protocol is TLSv1.3" \
				15830	-c "NamedGroup: secp384r1 ( 18 )" \
				15831	-c "NamedGroup: ffdhe2048 ( 100 )" \
				15832	-c "Verifying peer X.509 certificate... ok" \
				15833	-c "received HelloRetryRequest message" \
				15834	-c "selected_group ( 256 )"
				15835
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	15836	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	15837	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15838	requires_config_enabled MBEDTLS_SSL_CLI_C
				15839	requires_config_enabled MBEDTLS_DEBUG_C
				15840	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15841	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15842	requires_config_enabled PSA_WANT_ALG_ECDH
				15843	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15844	run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe8192" \
				15845	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				15846	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \
				15847	0 \
				15848	-c "HTTP/1.0 200 ok" \
				15849	-c "Protocol is TLSv1.3" \
				15850	-c "NamedGroup: secp384r1 ( 18 )" \
				15851	-c "NamedGroup: ffdhe8192 ( 104 )" \
				15852	-c "Verifying peer X.509 certificate... ok" \
				15853	-c "received HelloRetryRequest message" \
				15854	-c "selected_group ( 260 )"
				15855
				15856	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15857	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15858	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15859	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15860	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15861	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15862	run_test "TLS 1.3 m->O: HRR secp521r1 -> secp256r1" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15863	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15864	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15865	0 \
				15866	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15867	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15868	-c "NamedGroup: secp521r1 ( 19 )" \
				15869	-c "NamedGroup: secp256r1 ( 17 )" \
				15870	-c "Verifying peer X.509 certificate... ok" \
				15871	-c "received HelloRetryRequest message" \
				15872	-c "selected_group ( 23 )"
				15873
				15874	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15875	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15876	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15877	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15878	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15879	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15880	run_test "TLS 1.3 m->O: HRR secp521r1 -> secp384r1" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15881	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15882	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15883	0 \
				15884	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15885	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15886	-c "NamedGroup: secp521r1 ( 19 )" \
				15887	-c "NamedGroup: secp384r1 ( 18 )" \
				15888	-c "Verifying peer X.509 certificate... ok" \
				15889	-c "received HelloRetryRequest message" \
				15890	-c "selected_group ( 24 )"
				15891
				15892	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15893	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15894	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15895	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15896	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15897	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15898	run_test "TLS 1.3 m->O: HRR secp521r1 -> x25519" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15899	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15900	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15901	0 \
				15902	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15903	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15904	-c "NamedGroup: secp521r1 ( 19 )" \
				15905	-c "NamedGroup: x25519 ( 1d )" \
				15906	-c "Verifying peer X.509 certificate... ok" \
				15907	-c "received HelloRetryRequest message" \
				15908	-c "selected_group ( 29 )"
				15909
				15910	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15911	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15912	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15913	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15914	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15915	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15916	run_test "TLS 1.3 m->O: HRR secp521r1 -> x448" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15917	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15918	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15919	0 \
				15920	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15921	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15922	-c "NamedGroup: secp521r1 ( 19 )" \
				15923	-c "NamedGroup: x448 ( 1e )" \
				15924	-c "Verifying peer X.509 certificate... ok" \
				15925	-c "received HelloRetryRequest message" \
				15926	-c "selected_group ( 30 )"
				15927
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	15928	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15929	requires_config_enabled MBEDTLS_SSL_CLI_C
				15930	requires_config_enabled MBEDTLS_DEBUG_C
				15931	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15932	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15933	requires_config_enabled PSA_WANT_ALG_ECDH
				15934	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15935	run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe2048" \
				15936	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				15937	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe2048" \
				15938	0 \
				15939	-c "HTTP/1.0 200 ok" \
				15940	-c "Protocol is TLSv1.3" \
				15941	-c "NamedGroup: secp521r1 ( 19 )" \
				15942	-c "NamedGroup: ffdhe2048 ( 100 )" \
				15943	-c "Verifying peer X.509 certificate... ok" \
				15944	-c "received HelloRetryRequest message" \
				15945	-c "selected_group ( 256 )"
				15946
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	15947	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	15948	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15949	requires_config_enabled MBEDTLS_SSL_CLI_C
				15950	requires_config_enabled MBEDTLS_DEBUG_C
				15951	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				15952	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15953	requires_config_enabled PSA_WANT_ALG_ECDH
				15954	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	15955	run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe8192" \
				15956	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				15957	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \
				15958	0 \
				15959	-c "HTTP/1.0 200 ok" \
				15960	-c "Protocol is TLSv1.3" \
				15961	-c "NamedGroup: secp521r1 ( 19 )" \
				15962	-c "NamedGroup: ffdhe8192 ( 104 )" \
				15963	-c "Verifying peer X.509 certificate... ok" \
				15964	-c "received HelloRetryRequest message" \
				15965	-c "selected_group ( 260 )"
				15966
				15967	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15968	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15969	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15970	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15971	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15972	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15973	run_test "TLS 1.3 m->O: HRR x25519 -> secp256r1" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15974	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15975	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15976	0 \
				15977	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15978	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15979	-c "NamedGroup: x25519 ( 1d )" \
				15980	-c "NamedGroup: secp256r1 ( 17 )" \
				15981	-c "Verifying peer X.509 certificate... ok" \
				15982	-c "received HelloRetryRequest message" \
				15983	-c "selected_group ( 23 )"
				15984
				15985	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15986	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	15987	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	15988	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15989	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	15990	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15991	run_test "TLS 1.3 m->O: HRR x25519 -> secp384r1" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	15992	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	15993	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15994	0 \
				15995	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	15996	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	15997	-c "NamedGroup: x25519 ( 1d )" \
				15998	-c "NamedGroup: secp384r1 ( 18 )" \
				15999	-c "Verifying peer X.509 certificate... ok" \
				16000	-c "received HelloRetryRequest message" \
				16001	-c "selected_group ( 24 )"
				16002
				16003	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16004	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16005	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16006	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16007	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16008	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16009	run_test "TLS 1.3 m->O: HRR x25519 -> secp521r1" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	16010	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16011	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16012	0 \
				16013	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16014	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16015	-c "NamedGroup: x25519 ( 1d )" \
				16016	-c "NamedGroup: secp521r1 ( 19 )" \
				16017	-c "Verifying peer X.509 certificate... ok" \
				16018	-c "received HelloRetryRequest message" \
				16019	-c "selected_group ( 25 )"
				16020
				16021	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16022	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16023	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16024	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16025	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16026	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16027	run_test "TLS 1.3 m->O: HRR x25519 -> x448" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	16028	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16029	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16030	0 \
				16031	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16032	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16033	-c "NamedGroup: x25519 ( 1d )" \
				16034	-c "NamedGroup: x448 ( 1e )" \
				16035	-c "Verifying peer X.509 certificate... ok" \
				16036	-c "received HelloRetryRequest message" \
				16037	-c "selected_group ( 30 )"
				16038
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	16039	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16040	requires_config_enabled MBEDTLS_SSL_CLI_C
				16041	requires_config_enabled MBEDTLS_DEBUG_C
				16042	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16043	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16044	requires_config_enabled PSA_WANT_ALG_ECDH
				16045	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16046	run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe2048" \
				16047	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16048	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe2048" \
				16049	0 \
				16050	-c "HTTP/1.0 200 ok" \
				16051	-c "Protocol is TLSv1.3" \
				16052	-c "NamedGroup: x25519 ( 1d )" \
				16053	-c "NamedGroup: ffdhe2048 ( 100 )" \
				16054	-c "Verifying peer X.509 certificate... ok" \
				16055	-c "received HelloRetryRequest message" \
				16056	-c "selected_group ( 256 )"
				16057
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	16058	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	16059	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16060	requires_config_enabled MBEDTLS_SSL_CLI_C
				16061	requires_config_enabled MBEDTLS_DEBUG_C
				16062	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16063	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16064	requires_config_enabled PSA_WANT_ALG_ECDH
				16065	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16066	run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe8192" \
				16067	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16068	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \
				16069	0 \
				16070	-c "HTTP/1.0 200 ok" \
				16071	-c "Protocol is TLSv1.3" \
				16072	-c "NamedGroup: x25519 ( 1d )" \
				16073	-c "NamedGroup: ffdhe8192 ( 104 )" \
				16074	-c "Verifying peer X.509 certificate... ok" \
				16075	-c "received HelloRetryRequest message" \
				16076	-c "selected_group ( 260 )"
				16077
				16078	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16079	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16080	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16081	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16082	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16083	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16084	run_test "TLS 1.3 m->O: HRR x448 -> secp256r1" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	16085	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16086	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16087	0 \
				16088	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16089	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16090	-c "NamedGroup: x448 ( 1e )" \
				16091	-c "NamedGroup: secp256r1 ( 17 )" \
				16092	-c "Verifying peer X.509 certificate... ok" \
				16093	-c "received HelloRetryRequest message" \
				16094	-c "selected_group ( 23 )"
				16095
				16096	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16097	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16098	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16099	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16100	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16101	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16102	run_test "TLS 1.3 m->O: HRR x448 -> secp384r1" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	16103	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16104	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16105	0 \
				16106	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16107	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16108	-c "NamedGroup: x448 ( 1e )" \
				16109	-c "NamedGroup: secp384r1 ( 18 )" \
				16110	-c "Verifying peer X.509 certificate... ok" \
				16111	-c "received HelloRetryRequest message" \
				16112	-c "selected_group ( 24 )"
				16113
				16114	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16115	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16116	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16117	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16118	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16119	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16120	run_test "TLS 1.3 m->O: HRR x448 -> secp521r1" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	16121	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16122	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16123	0 \
				16124	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16125	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16126	-c "NamedGroup: x448 ( 1e )" \
				16127	-c "NamedGroup: secp521r1 ( 19 )" \
				16128	-c "Verifying peer X.509 certificate... ok" \
				16129	-c "received HelloRetryRequest message" \
				16130	-c "selected_group ( 25 )"
				16131
				16132	requires_openssl_tls1_3
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16133	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16134	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16135	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16136	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16137	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16138	run_test "TLS 1.3 m->O: HRR x448 -> x25519" \
Jerry Yu	b7c12a4	2022-06-12 20:53:02 +0800	[diff] [blame]	16139	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16140	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16141	0 \
				16142	-c "HTTP/1.0 200 ok" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16143	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16144	-c "NamedGroup: x448 ( 1e )" \
				16145	-c "NamedGroup: x25519 ( 1d )" \
				16146	-c "Verifying peer X.509 certificate... ok" \
				16147	-c "received HelloRetryRequest message" \
				16148	-c "selected_group ( 29 )"
				16149
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	16150	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16151	requires_config_enabled MBEDTLS_SSL_CLI_C
				16152	requires_config_enabled MBEDTLS_DEBUG_C
				16153	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16154	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16155	requires_config_enabled PSA_WANT_ALG_ECDH
				16156	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16157	run_test "TLS 1.3 m->O: HRR x448 -> ffdhe2048" \
				16158	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16159	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe2048" \
				16160	0 \
				16161	-c "HTTP/1.0 200 ok" \
				16162	-c "Protocol is TLSv1.3" \
				16163	-c "NamedGroup: x448 ( 1e )" \
				16164	-c "NamedGroup: ffdhe2048 ( 100 )" \
				16165	-c "Verifying peer X.509 certificate... ok" \
				16166	-c "received HelloRetryRequest message" \
				16167	-c "selected_group ( 256 )"
				16168
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	16169	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	16170	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16171	requires_config_enabled MBEDTLS_SSL_CLI_C
				16172	requires_config_enabled MBEDTLS_DEBUG_C
				16173	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16174	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16175	requires_config_enabled PSA_WANT_ALG_ECDH
				16176	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16177	run_test "TLS 1.3 m->O: HRR x448 -> ffdhe8192" \
				16178	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16179	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \
				16180	0 \
				16181	-c "HTTP/1.0 200 ok" \
				16182	-c "Protocol is TLSv1.3" \
				16183	-c "NamedGroup: x448 ( 1e )" \
				16184	-c "NamedGroup: ffdhe8192 ( 104 )" \
				16185	-c "Verifying peer X.509 certificate... ok" \
				16186	-c "received HelloRetryRequest message" \
				16187	-c "selected_group ( 260 )"
				16188
				16189	requires_openssl_tls1_3
				16190	requires_config_enabled MBEDTLS_SSL_CLI_C
				16191	requires_config_enabled MBEDTLS_DEBUG_C
				16192	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16193	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16194	requires_config_enabled PSA_WANT_ALG_ECDH
				16195	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16196	run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp256r1" \
				16197	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16198	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp256r1" \
				16199	0 \
				16200	-c "HTTP/1.0 200 ok" \
				16201	-c "Protocol is TLSv1.3" \
				16202	-c "NamedGroup: ffdhe2048 ( 100 )" \
				16203	-c "NamedGroup: secp256r1 ( 17 )" \
				16204	-c "Verifying peer X.509 certificate... ok" \
				16205	-c "received HelloRetryRequest message" \
				16206	-c "selected_group ( 23 )"
				16207
				16208	requires_openssl_tls1_3
				16209	requires_config_enabled MBEDTLS_SSL_CLI_C
				16210	requires_config_enabled MBEDTLS_DEBUG_C
				16211	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16212	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16213	requires_config_enabled PSA_WANT_ALG_ECDH
				16214	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16215	run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp384r1" \
				16216	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16217	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp384r1" \
				16218	0 \
				16219	-c "HTTP/1.0 200 ok" \
				16220	-c "Protocol is TLSv1.3" \
				16221	-c "NamedGroup: ffdhe2048 ( 100 )" \
				16222	-c "NamedGroup: secp384r1 ( 18 )" \
				16223	-c "Verifying peer X.509 certificate... ok" \
				16224	-c "received HelloRetryRequest message" \
				16225	-c "selected_group ( 24 )"
				16226
				16227	requires_openssl_tls1_3
				16228	requires_config_enabled MBEDTLS_SSL_CLI_C
				16229	requires_config_enabled MBEDTLS_DEBUG_C
				16230	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16231	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16232	requires_config_enabled PSA_WANT_ALG_ECDH
				16233	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16234	run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp521r1" \
				16235	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16236	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp521r1" \
				16237	0 \
				16238	-c "HTTP/1.0 200 ok" \
				16239	-c "Protocol is TLSv1.3" \
				16240	-c "NamedGroup: ffdhe2048 ( 100 )" \
				16241	-c "NamedGroup: secp521r1 ( 19 )" \
				16242	-c "Verifying peer X.509 certificate... ok" \
				16243	-c "received HelloRetryRequest message" \
				16244	-c "selected_group ( 25 )"
				16245
				16246	requires_openssl_tls1_3
				16247	requires_config_enabled MBEDTLS_SSL_CLI_C
				16248	requires_config_enabled MBEDTLS_DEBUG_C
				16249	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16250	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16251	requires_config_enabled PSA_WANT_ALG_ECDH
				16252	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16253	run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x25519" \
				16254	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16255	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x25519" \
				16256	0 \
				16257	-c "HTTP/1.0 200 ok" \
				16258	-c "Protocol is TLSv1.3" \
				16259	-c "NamedGroup: ffdhe2048 ( 100 )" \
				16260	-c "NamedGroup: x25519 ( 1d )" \
				16261	-c "Verifying peer X.509 certificate... ok" \
				16262	-c "received HelloRetryRequest message" \
				16263	-c "selected_group ( 29 )"
				16264
				16265	requires_openssl_tls1_3
				16266	requires_config_enabled MBEDTLS_SSL_CLI_C
				16267	requires_config_enabled MBEDTLS_DEBUG_C
				16268	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16269	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16270	requires_config_enabled PSA_WANT_ALG_ECDH
				16271	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16272	run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x448" \
				16273	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16274	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x448" \
				16275	0 \
				16276	-c "HTTP/1.0 200 ok" \
				16277	-c "Protocol is TLSv1.3" \
				16278	-c "NamedGroup: ffdhe2048 ( 100 )" \
				16279	-c "NamedGroup: x448 ( 1e )" \
				16280	-c "Verifying peer X.509 certificate... ok" \
				16281	-c "received HelloRetryRequest message" \
				16282	-c "selected_group ( 30 )"
				16283
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	16284	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	6d00c67	2023-06-25 21:14:39 +0200	[diff] [blame]	16285	client_needs_more_time 2
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16286	requires_config_enabled MBEDTLS_SSL_CLI_C
				16287	requires_config_enabled MBEDTLS_DEBUG_C
				16288	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16289	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16290	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16291	run_test "TLS 1.3 m->O: HRR ffdhe2048 -> ffdhe8192" \
				16292	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe8192 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16293	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \
				16294	0 \
				16295	-c "HTTP/1.0 200 ok" \
				16296	-c "Protocol is TLSv1.3" \
				16297	-c "NamedGroup: ffdhe2048 ( 100 )" \
				16298	-c "NamedGroup: ffdhe8192 ( 104 )" \
				16299	-c "Verifying peer X.509 certificate... ok" \
				16300	-c "received HelloRetryRequest message" \
				16301	-c "selected_group ( 260 )"
				16302
				16303	requires_openssl_tls1_3
				16304	requires_config_enabled MBEDTLS_SSL_CLI_C
				16305	requires_config_enabled MBEDTLS_DEBUG_C
				16306	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16307	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16308	requires_config_enabled PSA_WANT_ALG_ECDH
				16309	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16310	run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp256r1" \
				16311	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16312	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \
				16313	0 \
				16314	-c "HTTP/1.0 200 ok" \
				16315	-c "Protocol is TLSv1.3" \
				16316	-c "NamedGroup: ffdhe8192 ( 104 )" \
				16317	-c "NamedGroup: secp256r1 ( 17 )" \
				16318	-c "Verifying peer X.509 certificate... ok" \
				16319	-c "received HelloRetryRequest message" \
				16320	-c "selected_group ( 23 )"
				16321
				16322	requires_openssl_tls1_3
				16323	requires_config_enabled MBEDTLS_SSL_CLI_C
				16324	requires_config_enabled MBEDTLS_DEBUG_C
				16325	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16326	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16327	requires_config_enabled PSA_WANT_ALG_ECDH
				16328	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16329	run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp384r1" \
				16330	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16331	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \
				16332	0 \
				16333	-c "HTTP/1.0 200 ok" \
				16334	-c "Protocol is TLSv1.3" \
				16335	-c "NamedGroup: ffdhe8192 ( 104 )" \
				16336	-c "NamedGroup: secp384r1 ( 18 )" \
				16337	-c "Verifying peer X.509 certificate... ok" \
				16338	-c "received HelloRetryRequest message" \
				16339	-c "selected_group ( 24 )"
				16340
				16341	requires_openssl_tls1_3
				16342	requires_config_enabled MBEDTLS_SSL_CLI_C
				16343	requires_config_enabled MBEDTLS_DEBUG_C
				16344	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16345	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16346	requires_config_enabled PSA_WANT_ALG_ECDH
				16347	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16348	run_test "TLS 1.3 m->O: HRR ffdhe8192 -> secp521r1" \
				16349	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16350	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \
				16351	0 \
				16352	-c "HTTP/1.0 200 ok" \
				16353	-c "Protocol is TLSv1.3" \
				16354	-c "NamedGroup: ffdhe8192 ( 104 )" \
				16355	-c "NamedGroup: secp521r1 ( 19 )" \
				16356	-c "Verifying peer X.509 certificate... ok" \
				16357	-c "received HelloRetryRequest message" \
				16358	-c "selected_group ( 25 )"
				16359
				16360	requires_openssl_tls1_3
				16361	requires_config_enabled MBEDTLS_SSL_CLI_C
				16362	requires_config_enabled MBEDTLS_DEBUG_C
				16363	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16364	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16365	requires_config_enabled PSA_WANT_ALG_ECDH
				16366	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16367	run_test "TLS 1.3 m->O: HRR ffdhe8192 -> x25519" \
				16368	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16369	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \
				16370	0 \
				16371	-c "HTTP/1.0 200 ok" \
				16372	-c "Protocol is TLSv1.3" \
				16373	-c "NamedGroup: ffdhe8192 ( 104 )" \
				16374	-c "NamedGroup: x25519 ( 1d )" \
				16375	-c "Verifying peer X.509 certificate... ok" \
				16376	-c "received HelloRetryRequest message" \
				16377	-c "selected_group ( 29 )"
				16378
				16379	requires_openssl_tls1_3
				16380	requires_config_enabled MBEDTLS_SSL_CLI_C
				16381	requires_config_enabled MBEDTLS_DEBUG_C
				16382	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16383	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16384	requires_config_enabled PSA_WANT_ALG_ECDH
				16385	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16386	run_test "TLS 1.3 m->O: HRR ffdhe8192 -> x448" \
				16387	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16388	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \
				16389	0 \
				16390	-c "HTTP/1.0 200 ok" \
				16391	-c "Protocol is TLSv1.3" \
				16392	-c "NamedGroup: ffdhe8192 ( 104 )" \
				16393	-c "NamedGroup: x448 ( 1e )" \
				16394	-c "Verifying peer X.509 certificate... ok" \
				16395	-c "received HelloRetryRequest message" \
				16396	-c "selected_group ( 30 )"
				16397
Przemek Stekiel	8bfe897	2023-06-26 12:59:45 +0200	[diff] [blame]	16398	requires_openssl_tls1_3_with_ffdh
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16399	requires_config_enabled MBEDTLS_SSL_CLI_C
				16400	requires_config_enabled MBEDTLS_DEBUG_C
				16401	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16402	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16403	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16404	run_test "TLS 1.3 m->O: HRR ffdhe8192 -> ffdhe2048" \
				16405	"$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
				16406	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \
				16407	0 \
				16408	-c "HTTP/1.0 200 ok" \
				16409	-c "Protocol is TLSv1.3" \
				16410	-c "NamedGroup: ffdhe8192 ( 104 )" \
				16411	-c "NamedGroup: ffdhe2048 ( 100 )" \
				16412	-c "Verifying peer X.509 certificate... ok" \
				16413	-c "received HelloRetryRequest message" \
				16414	-c "selected_group ( 256 )"
				16415
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16416	requires_gnutls_tls1_3
				16417	requires_gnutls_next_no_ticket
				16418	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16419	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16420	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16421	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16422	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16423	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16424	run_test "TLS 1.3 m->G: HRR secp256r1 -> secp384r1" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16425	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16426	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16427	0 \
				16428	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16429	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16430	-c "NamedGroup: secp256r1 ( 17 )" \
				16431	-c "NamedGroup: secp384r1 ( 18 )" \
				16432	-c "Verifying peer X.509 certificate... ok" \
				16433	-c "received HelloRetryRequest message" \
				16434	-c "selected_group ( 24 )"
				16435
				16436	requires_gnutls_tls1_3
				16437	requires_gnutls_next_no_ticket
				16438	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16439	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16440	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16441	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16442	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16443	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16444	run_test "TLS 1.3 m->G: HRR secp256r1 -> secp521r1" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16445	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16446	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16447	0 \
				16448	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16449	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16450	-c "NamedGroup: secp256r1 ( 17 )" \
				16451	-c "NamedGroup: secp521r1 ( 19 )" \
				16452	-c "Verifying peer X.509 certificate... ok" \
				16453	-c "received HelloRetryRequest message" \
				16454	-c "selected_group ( 25 )"
				16455
				16456	requires_gnutls_tls1_3
				16457	requires_gnutls_next_no_ticket
				16458	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16459	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16460	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16461	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16462	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16463	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16464	run_test "TLS 1.3 m->G: HRR secp256r1 -> x25519" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16465	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16466	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16467	0 \
				16468	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16469	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16470	-c "NamedGroup: secp256r1 ( 17 )" \
				16471	-c "NamedGroup: x25519 ( 1d )" \
				16472	-c "Verifying peer X.509 certificate... ok" \
				16473	-c "received HelloRetryRequest message" \
				16474	-c "selected_group ( 29 )"
				16475
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	16476	requires_gnutls_tls1_3
				16477	requires_gnutls_next_no_ticket
				16478	requires_gnutls_next_disable_tls13_compat
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	16479	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16480	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16481	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	16482	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16483	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	8031ba7	2022-03-22 12:53:45 +0000	[diff] [blame]	16484	run_test "TLS 1.3 m->G: HRR secp256r1 -> x448" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16485	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16486	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian	83f8188	2022-03-17 06:26:36 +0000	[diff] [blame]	16487	0 \
				16488	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16489	-c "Protocol is TLSv1.3" \
XiaokangQian	a193144	2022-03-25 11:58:22 +0000	[diff] [blame]	16490	-c "NamedGroup: secp256r1 ( 17 )" \
				16491	-c "NamedGroup: x448 ( 1e )" \
				16492	-c "Verifying peer X.509 certificate... ok" \
				16493	-c "received HelloRetryRequest message" \
				16494	-c "selected_group ( 30 )"
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16495
				16496	requires_gnutls_tls1_3
				16497	requires_gnutls_next_no_ticket
				16498	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16499	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16500	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16501	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16502	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16503	requires_config_enabled PSA_WANT_ALG_ECDH
				16504	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16505	run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe2048" \
				16506	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				16507	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe2048" \
				16508	0 \
				16509	-c "HTTP/1.0 200 OK" \
				16510	-c "Protocol is TLSv1.3" \
				16511	-c "NamedGroup: secp256r1 ( 17 )" \
				16512	-c "NamedGroup: ffdhe2048 ( 100 )" \
				16513	-c "Verifying peer X.509 certificate... ok" \
				16514	-c "received HelloRetryRequest message" \
				16515	-c "selected_group ( 256 )"
				16516
				16517	requires_gnutls_tls1_3
				16518	requires_gnutls_next_no_ticket
				16519	requires_gnutls_next_disable_tls13_compat
				16520	requires_config_enabled MBEDTLS_SSL_CLI_C
				16521	requires_config_enabled MBEDTLS_DEBUG_C
				16522	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16523	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16524	requires_config_enabled PSA_WANT_ALG_ECDH
				16525	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16526	run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe8192" \
				16527	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				16528	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \
				16529	0 \
				16530	-c "HTTP/1.0 200 OK" \
				16531	-c "Protocol is TLSv1.3" \
				16532	-c "NamedGroup: secp256r1 ( 17 )" \
				16533	-c "NamedGroup: ffdhe8192 ( 104 )" \
				16534	-c "Verifying peer X.509 certificate... ok" \
				16535	-c "received HelloRetryRequest message" \
				16536	-c "selected_group ( 260 )"
				16537
				16538	requires_gnutls_tls1_3
				16539	requires_gnutls_next_no_ticket
				16540	requires_gnutls_next_disable_tls13_compat
				16541	requires_config_enabled MBEDTLS_SSL_CLI_C
				16542	requires_config_enabled MBEDTLS_DEBUG_C
				16543	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16544	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16545	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16546	run_test "TLS 1.3 m->G: HRR secp384r1 -> secp256r1" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16547	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16548	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16549	0 \
				16550	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16551	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16552	-c "NamedGroup: secp384r1 ( 18 )" \
				16553	-c "NamedGroup: secp256r1 ( 17 )" \
				16554	-c "Verifying peer X.509 certificate... ok" \
				16555	-c "received HelloRetryRequest message" \
				16556	-c "selected_group ( 23 )"
				16557
				16558	requires_gnutls_tls1_3
				16559	requires_gnutls_next_no_ticket
				16560	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16561	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16562	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16563	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16564	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16565	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16566	run_test "TLS 1.3 m->G: HRR secp384r1 -> secp521r1" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16567	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16568	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16569	0 \
				16570	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16571	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16572	-c "NamedGroup: secp384r1 ( 18 )" \
				16573	-c "NamedGroup: secp521r1 ( 19 )" \
				16574	-c "Verifying peer X.509 certificate... ok" \
				16575	-c "received HelloRetryRequest message" \
				16576	-c "selected_group ( 25 )"
				16577
				16578	requires_gnutls_tls1_3
				16579	requires_gnutls_next_no_ticket
				16580	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16581	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16582	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16583	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16584	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16585	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16586	run_test "TLS 1.3 m->G: HRR secp384r1 -> x25519" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16587	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16588	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16589	0 \
				16590	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16591	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16592	-c "NamedGroup: secp384r1 ( 18 )" \
				16593	-c "NamedGroup: x25519 ( 1d )" \
				16594	-c "Verifying peer X.509 certificate... ok" \
				16595	-c "received HelloRetryRequest message" \
				16596	-c "selected_group ( 29 )"
				16597
				16598	requires_gnutls_tls1_3
				16599	requires_gnutls_next_no_ticket
				16600	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16601	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16602	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16603	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16604	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16605	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16606	run_test "TLS 1.3 m->G: HRR secp384r1 -> x448" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16607	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16608	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16609	0 \
				16610	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16611	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16612	-c "NamedGroup: secp384r1 ( 18 )" \
				16613	-c "NamedGroup: x448 ( 1e )" \
				16614	-c "Verifying peer X.509 certificate... ok" \
				16615	-c "received HelloRetryRequest message" \
				16616	-c "selected_group ( 30 )"
				16617
				16618	requires_gnutls_tls1_3
				16619	requires_gnutls_next_no_ticket
				16620	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16621	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16622	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16623	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16624	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16625	requires_config_enabled PSA_WANT_ALG_ECDH
				16626	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16627	run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe2048" \
				16628	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				16629	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe2048" \
				16630	0 \
				16631	-c "HTTP/1.0 200 OK" \
				16632	-c "Protocol is TLSv1.3" \
				16633	-c "NamedGroup: secp384r1 ( 18 )" \
				16634	-c "NamedGroup: ffdhe2048 ( 100 )" \
				16635	-c "Verifying peer X.509 certificate... ok" \
				16636	-c "received HelloRetryRequest message" \
				16637	-c "selected_group ( 256 )"
				16638
				16639	requires_gnutls_tls1_3
				16640	requires_gnutls_next_no_ticket
				16641	requires_gnutls_next_disable_tls13_compat
				16642	requires_config_enabled MBEDTLS_SSL_CLI_C
				16643	requires_config_enabled MBEDTLS_DEBUG_C
				16644	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16645	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16646	requires_config_enabled PSA_WANT_ALG_ECDH
				16647	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16648	run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe8192" \
				16649	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				16650	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \
				16651	0 \
				16652	-c "HTTP/1.0 200 OK" \
				16653	-c "Protocol is TLSv1.3" \
				16654	-c "NamedGroup: secp384r1 ( 18 )" \
				16655	-c "NamedGroup: ffdhe8192 ( 104 )" \
				16656	-c "Verifying peer X.509 certificate... ok" \
				16657	-c "received HelloRetryRequest message" \
				16658	-c "selected_group ( 260 )"
				16659
				16660	requires_gnutls_tls1_3
				16661	requires_gnutls_next_no_ticket
				16662	requires_gnutls_next_disable_tls13_compat
				16663	requires_config_enabled MBEDTLS_SSL_CLI_C
				16664	requires_config_enabled MBEDTLS_DEBUG_C
				16665	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16666	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16667	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16668	run_test "TLS 1.3 m->G: HRR secp521r1 -> secp256r1" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16669	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16670	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16671	0 \
				16672	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16673	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16674	-c "NamedGroup: secp521r1 ( 19 )" \
				16675	-c "NamedGroup: secp256r1 ( 17 )" \
				16676	-c "Verifying peer X.509 certificate... ok" \
				16677	-c "received HelloRetryRequest message" \
				16678	-c "selected_group ( 23 )"
				16679
				16680	requires_gnutls_tls1_3
				16681	requires_gnutls_next_no_ticket
				16682	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16683	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16684	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16685	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16686	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16687	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16688	run_test "TLS 1.3 m->G: HRR secp521r1 -> secp384r1" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16689	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16690	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16691	0 \
				16692	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16693	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16694	-c "NamedGroup: secp521r1 ( 19 )" \
				16695	-c "NamedGroup: secp384r1 ( 18 )" \
				16696	-c "Verifying peer X.509 certificate... ok" \
				16697	-c "received HelloRetryRequest message" \
				16698	-c "selected_group ( 24 )"
				16699
				16700	requires_gnutls_tls1_3
				16701	requires_gnutls_next_no_ticket
				16702	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16703	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16704	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16705	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16706	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16707	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16708	run_test "TLS 1.3 m->G: HRR secp521r1 -> x25519" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16709	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16710	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16711	0 \
				16712	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16713	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16714	-c "NamedGroup: secp521r1 ( 19 )" \
				16715	-c "NamedGroup: x25519 ( 1d )" \
				16716	-c "Verifying peer X.509 certificate... ok" \
				16717	-c "received HelloRetryRequest message" \
				16718	-c "selected_group ( 29 )"
				16719
				16720	requires_gnutls_tls1_3
				16721	requires_gnutls_next_no_ticket
				16722	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16723	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16724	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16725	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16726	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16727	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16728	run_test "TLS 1.3 m->G: HRR secp521r1 -> x448" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16729	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16730	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16731	0 \
				16732	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16733	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16734	-c "NamedGroup: secp521r1 ( 19 )" \
				16735	-c "NamedGroup: x448 ( 1e )" \
				16736	-c "Verifying peer X.509 certificate... ok" \
				16737	-c "received HelloRetryRequest message" \
				16738	-c "selected_group ( 30 )"
				16739
				16740	requires_gnutls_tls1_3
				16741	requires_gnutls_next_no_ticket
				16742	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16743	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16744	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16745	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16746	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16747	requires_config_enabled PSA_WANT_ALG_ECDH
				16748	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16749	run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe2048" \
				16750	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				16751	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe2048" \
				16752	0 \
				16753	-c "HTTP/1.0 200 OK" \
				16754	-c "Protocol is TLSv1.3" \
				16755	-c "NamedGroup: secp521r1 ( 19 )" \
				16756	-c "NamedGroup: ffdhe2048 ( 100 )" \
				16757	-c "Verifying peer X.509 certificate... ok" \
				16758	-c "received HelloRetryRequest message" \
				16759	-c "selected_group ( 256 )"
				16760
				16761	requires_gnutls_tls1_3
				16762	requires_gnutls_next_no_ticket
				16763	requires_gnutls_next_disable_tls13_compat
				16764	requires_config_enabled MBEDTLS_SSL_CLI_C
				16765	requires_config_enabled MBEDTLS_DEBUG_C
				16766	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16767	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16768	requires_config_enabled PSA_WANT_ALG_ECDH
				16769	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16770	run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe8192" \
				16771	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				16772	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \
				16773	0 \
				16774	-c "HTTP/1.0 200 OK" \
				16775	-c "Protocol is TLSv1.3" \
				16776	-c "NamedGroup: secp521r1 ( 19 )" \
				16777	-c "NamedGroup: ffdhe8192 ( 104 )" \
				16778	-c "Verifying peer X.509 certificate... ok" \
				16779	-c "received HelloRetryRequest message" \
				16780	-c "selected_group ( 260 )"
				16781
				16782	requires_gnutls_tls1_3
				16783	requires_gnutls_next_no_ticket
				16784	requires_gnutls_next_disable_tls13_compat
				16785	requires_config_enabled MBEDTLS_SSL_CLI_C
				16786	requires_config_enabled MBEDTLS_DEBUG_C
				16787	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16788	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16789	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16790	run_test "TLS 1.3 m->G: HRR x25519 -> secp256r1" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16791	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16792	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16793	0 \
				16794	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16795	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16796	-c "NamedGroup: x25519 ( 1d )" \
				16797	-c "NamedGroup: secp256r1 ( 17 )" \
				16798	-c "Verifying peer X.509 certificate... ok" \
				16799	-c "received HelloRetryRequest message" \
				16800	-c "selected_group ( 23 )"
				16801
				16802	requires_gnutls_tls1_3
				16803	requires_gnutls_next_no_ticket
				16804	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16805	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16806	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16807	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16808	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16809	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16810	run_test "TLS 1.3 m->G: HRR x25519 -> secp384r1" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16811	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16812	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16813	0 \
				16814	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16815	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16816	-c "NamedGroup: x25519 ( 1d )" \
				16817	-c "NamedGroup: secp384r1 ( 18 )" \
				16818	-c "Verifying peer X.509 certificate... ok" \
				16819	-c "received HelloRetryRequest message" \
				16820	-c "selected_group ( 24 )"
				16821
				16822	requires_gnutls_tls1_3
				16823	requires_gnutls_next_no_ticket
				16824	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16825	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16826	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16827	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16828	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16829	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16830	run_test "TLS 1.3 m->G: HRR x25519 -> secp521r1" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16831	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16832	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16833	0 \
				16834	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16835	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16836	-c "NamedGroup: x25519 ( 1d )" \
				16837	-c "NamedGroup: secp521r1 ( 19 )" \
				16838	-c "Verifying peer X.509 certificate... ok" \
				16839	-c "received HelloRetryRequest message" \
				16840	-c "selected_group ( 25 )"
				16841
				16842	requires_gnutls_tls1_3
				16843	requires_gnutls_next_no_ticket
				16844	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16845	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16846	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16847	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16848	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16849	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16850	run_test "TLS 1.3 m->G: HRR x25519 -> x448" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16851	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16852	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16853	0 \
				16854	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16855	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16856	-c "NamedGroup: x25519 ( 1d )" \
				16857	-c "NamedGroup: x448 ( 1e )" \
				16858	-c "Verifying peer X.509 certificate... ok" \
				16859	-c "received HelloRetryRequest message" \
				16860	-c "selected_group ( 30 )"
				16861
				16862	requires_gnutls_tls1_3
				16863	requires_gnutls_next_no_ticket
				16864	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16865	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16866	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16867	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16868	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16869	requires_config_enabled PSA_WANT_ALG_ECDH
				16870	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16871	run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe2048" \
				16872	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				16873	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe2048" \
				16874	0 \
				16875	-c "HTTP/1.0 200 OK" \
				16876	-c "Protocol is TLSv1.3" \
				16877	-c "NamedGroup: x25519 ( 1d )" \
				16878	-c "NamedGroup: ffdhe2048 ( 100 )" \
				16879	-c "Verifying peer X.509 certificate... ok" \
				16880	-c "received HelloRetryRequest message" \
				16881	-c "selected_group ( 256 )"
				16882
				16883	requires_gnutls_tls1_3
				16884	requires_gnutls_next_no_ticket
				16885	requires_gnutls_next_disable_tls13_compat
				16886	requires_config_enabled MBEDTLS_SSL_CLI_C
				16887	requires_config_enabled MBEDTLS_DEBUG_C
				16888	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16889	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16890	requires_config_enabled PSA_WANT_ALG_ECDH
				16891	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16892	run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe8192" \
				16893	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				16894	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \
				16895	0 \
				16896	-c "HTTP/1.0 200 OK" \
				16897	-c "Protocol is TLSv1.3" \
				16898	-c "NamedGroup: x25519 ( 1d )" \
				16899	-c "NamedGroup: ffdhe8192 ( 104 )" \
				16900	-c "Verifying peer X.509 certificate... ok" \
				16901	-c "received HelloRetryRequest message" \
				16902	-c "selected_group ( 260 )"
				16903
				16904	requires_gnutls_tls1_3
				16905	requires_gnutls_next_no_ticket
				16906	requires_gnutls_next_disable_tls13_compat
				16907	requires_config_enabled MBEDTLS_SSL_CLI_C
				16908	requires_config_enabled MBEDTLS_DEBUG_C
				16909	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16910	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16911	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16912	run_test "TLS 1.3 m->G: HRR x448 -> secp256r1" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16913	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16914	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16915	0 \
				16916	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16917	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16918	-c "NamedGroup: x448 ( 1e )" \
				16919	-c "NamedGroup: secp256r1 ( 17 )" \
				16920	-c "Verifying peer X.509 certificate... ok" \
				16921	-c "received HelloRetryRequest message" \
				16922	-c "selected_group ( 23 )"
				16923
				16924	requires_gnutls_tls1_3
				16925	requires_gnutls_next_no_ticket
				16926	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16927	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16928	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16929	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16930	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16931	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16932	run_test "TLS 1.3 m->G: HRR x448 -> secp384r1" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16933	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16934	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16935	0 \
				16936	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16937	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16938	-c "NamedGroup: x448 ( 1e )" \
				16939	-c "NamedGroup: secp384r1 ( 18 )" \
				16940	-c "Verifying peer X.509 certificate... ok" \
				16941	-c "received HelloRetryRequest message" \
				16942	-c "selected_group ( 24 )"
				16943
				16944	requires_gnutls_tls1_3
				16945	requires_gnutls_next_no_ticket
				16946	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16947	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16948	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16949	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16950	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16951	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16952	run_test "TLS 1.3 m->G: HRR x448 -> secp521r1" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16953	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16954	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16955	0 \
				16956	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16957	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16958	-c "NamedGroup: x448 ( 1e )" \
				16959	-c "NamedGroup: secp521r1 ( 19 )" \
				16960	-c "Verifying peer X.509 certificate... ok" \
				16961	-c "received HelloRetryRequest message" \
				16962	-c "selected_group ( 25 )"
				16963
				16964	requires_gnutls_tls1_3
				16965	requires_gnutls_next_no_ticket
				16966	requires_gnutls_next_disable_tls13_compat
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16967	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	16968	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	16969	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16970	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16971	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16972	run_test "TLS 1.3 m->G: HRR x448 -> x25519" \
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	16973	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	16974	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16975	0 \
				16976	-c "HTTP/1.0 200 OK" \
Ronald Cron	df5f868	2022-04-05 16:01:03 +0200	[diff] [blame]	16977	-c "Protocol is TLSv1.3" \
XiaokangQian	2e17fb8	2022-03-28 03:30:05 +0000	[diff] [blame]	16978	-c "NamedGroup: x448 ( 1e )" \
				16979	-c "NamedGroup: x25519 ( 1d )" \
				16980	-c "Verifying peer X.509 certificate... ok" \
				16981	-c "received HelloRetryRequest message" \
				16982	-c "selected_group ( 29 )"
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	16983
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16984	requires_gnutls_tls1_3
				16985	requires_gnutls_next_no_ticket
				16986	requires_gnutls_next_disable_tls13_compat
				16987	requires_config_enabled MBEDTLS_SSL_CLI_C
				16988	requires_config_enabled MBEDTLS_DEBUG_C
				16989	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				16990	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	16991	requires_config_enabled PSA_WANT_ALG_ECDH
				16992	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	16993	run_test "TLS 1.3 m->G: HRR x448 -> ffdhe2048" \
				16994	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				16995	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe2048" \
				16996	0 \
				16997	-c "HTTP/1.0 200 OK" \
				16998	-c "Protocol is TLSv1.3" \
				16999	-c "NamedGroup: x448 ( 1e )" \
				17000	-c "NamedGroup: ffdhe2048 ( 100 )" \
				17001	-c "Verifying peer X.509 certificate... ok" \
				17002	-c "received HelloRetryRequest message" \
				17003	-c "selected_group ( 256 )"
				17004
				17005	requires_gnutls_tls1_3
				17006	requires_gnutls_next_no_ticket
				17007	requires_gnutls_next_disable_tls13_compat
				17008	requires_config_enabled MBEDTLS_SSL_CLI_C
				17009	requires_config_enabled MBEDTLS_DEBUG_C
				17010	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17011	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17012	requires_config_enabled PSA_WANT_ALG_ECDH
				17013	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17014	run_test "TLS 1.3 m->G: HRR x448 -> ffdhe8192" \
				17015	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				17016	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \
				17017	0 \
				17018	-c "HTTP/1.0 200 OK" \
				17019	-c "Protocol is TLSv1.3" \
				17020	-c "NamedGroup: x448 ( 1e )" \
				17021	-c "NamedGroup: ffdhe8192 ( 104 )" \
				17022	-c "Verifying peer X.509 certificate... ok" \
				17023	-c "received HelloRetryRequest message" \
				17024	-c "selected_group ( 260 )"
				17025
				17026	requires_gnutls_tls1_3
				17027	requires_gnutls_next_no_ticket
				17028	requires_gnutls_next_disable_tls13_compat
				17029	requires_config_enabled MBEDTLS_SSL_CLI_C
				17030	requires_config_enabled MBEDTLS_DEBUG_C
				17031	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17032	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17033	requires_config_enabled PSA_WANT_ALG_ECDH
				17034	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17035	run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp256r1" \
				17036	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
				17037	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp256r1" \
				17038	0 \
				17039	-c "HTTP/1.0 200 OK" \
				17040	-c "Protocol is TLSv1.3" \
				17041	-c "NamedGroup: ffdhe2048 ( 100 )" \
				17042	-c "NamedGroup: secp256r1 ( 17 )" \
				17043	-c "Verifying peer X.509 certificate... ok" \
				17044	-c "received HelloRetryRequest message" \
				17045	-c "selected_group ( 23 )"
				17046
				17047	requires_gnutls_tls1_3
				17048	requires_gnutls_next_no_ticket
				17049	requires_gnutls_next_disable_tls13_compat
				17050	requires_config_enabled MBEDTLS_SSL_CLI_C
				17051	requires_config_enabled MBEDTLS_DEBUG_C
				17052	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17053	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17054	requires_config_enabled PSA_WANT_ALG_ECDH
				17055	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17056	run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp384r1" \
				17057	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
				17058	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp384r1" \
				17059	0 \
				17060	-c "HTTP/1.0 200 OK" \
				17061	-c "Protocol is TLSv1.3" \
				17062	-c "NamedGroup: ffdhe2048 ( 100 )" \
				17063	-c "NamedGroup: secp384r1 ( 18 )" \
				17064	-c "Verifying peer X.509 certificate... ok" \
				17065	-c "received HelloRetryRequest message" \
				17066	-c "selected_group ( 24 )"
				17067
				17068	requires_gnutls_tls1_3
				17069	requires_gnutls_next_no_ticket
				17070	requires_gnutls_next_disable_tls13_compat
				17071	requires_config_enabled MBEDTLS_SSL_CLI_C
				17072	requires_config_enabled MBEDTLS_DEBUG_C
				17073	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17074	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17075	requires_config_enabled PSA_WANT_ALG_ECDH
				17076	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17077	run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp521r1" \
				17078	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
				17079	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp521r1" \
				17080	0 \
				17081	-c "HTTP/1.0 200 OK" \
				17082	-c "Protocol is TLSv1.3" \
				17083	-c "NamedGroup: ffdhe2048 ( 100 )" \
				17084	-c "NamedGroup: secp521r1 ( 19 )" \
				17085	-c "Verifying peer X.509 certificate... ok" \
				17086	-c "received HelloRetryRequest message" \
				17087	-c "selected_group ( 25 )"
				17088
				17089	requires_gnutls_tls1_3
				17090	requires_gnutls_next_no_ticket
				17091	requires_gnutls_next_disable_tls13_compat
				17092	requires_config_enabled MBEDTLS_SSL_CLI_C
				17093	requires_config_enabled MBEDTLS_DEBUG_C
				17094	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17095	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17096	requires_config_enabled PSA_WANT_ALG_ECDH
				17097	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17098	run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x25519" \
				17099	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
				17100	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x25519" \
				17101	0 \
				17102	-c "HTTP/1.0 200 OK" \
				17103	-c "Protocol is TLSv1.3" \
				17104	-c "NamedGroup: ffdhe2048 ( 100 )" \
				17105	-c "NamedGroup: x25519 ( 1d )" \
				17106	-c "Verifying peer X.509 certificate... ok" \
				17107	-c "received HelloRetryRequest message" \
				17108	-c "selected_group ( 29 )"
				17109
				17110	requires_gnutls_tls1_3
				17111	requires_gnutls_next_no_ticket
				17112	requires_gnutls_next_disable_tls13_compat
				17113	requires_config_enabled MBEDTLS_SSL_CLI_C
				17114	requires_config_enabled MBEDTLS_DEBUG_C
				17115	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17116	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17117	requires_config_enabled PSA_WANT_ALG_ECDH
				17118	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17119	run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x448" \
				17120	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
				17121	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x448" \
				17122	0 \
				17123	-c "HTTP/1.0 200 OK" \
				17124	-c "Protocol is TLSv1.3" \
				17125	-c "NamedGroup: ffdhe2048 ( 100 )" \
				17126	-c "NamedGroup: x448 ( 1e )" \
				17127	-c "Verifying peer X.509 certificate... ok" \
				17128	-c "received HelloRetryRequest message" \
				17129	-c "selected_group ( 30 )"
				17130
				17131	requires_gnutls_tls1_3
				17132	requires_gnutls_next_no_ticket
				17133	requires_gnutls_next_disable_tls13_compat
				17134	requires_config_enabled MBEDTLS_SSL_CLI_C
				17135	requires_config_enabled MBEDTLS_DEBUG_C
				17136	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17137	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17138	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17139	run_test "TLS 1.3 m->G: HRR ffdhe2048 -> ffdhe8192" \
				17140	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
				17141	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \
				17142	0 \
				17143	-c "HTTP/1.0 200 OK" \
				17144	-c "Protocol is TLSv1.3" \
				17145	-c "NamedGroup: ffdhe2048 ( 100 )" \
				17146	-c "NamedGroup: ffdhe8192 ( 104 )" \
				17147	-c "Verifying peer X.509 certificate... ok" \
				17148	-c "received HelloRetryRequest message" \
				17149	-c "selected_group ( 260 )"
				17150
				17151	requires_gnutls_tls1_3
				17152	requires_gnutls_next_no_ticket
				17153	requires_gnutls_next_disable_tls13_compat
				17154	requires_config_enabled MBEDTLS_SSL_CLI_C
				17155	requires_config_enabled MBEDTLS_DEBUG_C
				17156	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17157	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17158	requires_config_enabled PSA_WANT_ALG_ECDH
				17159	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17160	run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp256r1" \
				17161	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
				17162	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \
				17163	0 \
				17164	-c "HTTP/1.0 200 OK" \
				17165	-c "Protocol is TLSv1.3" \
				17166	-c "NamedGroup: ffdhe8192 ( 104 )" \
				17167	-c "NamedGroup: secp256r1 ( 17 )" \
				17168	-c "Verifying peer X.509 certificate... ok" \
				17169	-c "received HelloRetryRequest message" \
				17170	-c "selected_group ( 23 )"
				17171
				17172	requires_gnutls_tls1_3
				17173	requires_gnutls_next_no_ticket
				17174	requires_gnutls_next_disable_tls13_compat
				17175	requires_config_enabled MBEDTLS_SSL_CLI_C
				17176	requires_config_enabled MBEDTLS_DEBUG_C
				17177	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17178	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17179	requires_config_enabled PSA_WANT_ALG_ECDH
				17180	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17181	run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp384r1" \
				17182	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
				17183	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \
				17184	0 \
				17185	-c "HTTP/1.0 200 OK" \
				17186	-c "Protocol is TLSv1.3" \
				17187	-c "NamedGroup: ffdhe8192 ( 104 )" \
				17188	-c "NamedGroup: secp384r1 ( 18 )" \
				17189	-c "Verifying peer X.509 certificate... ok" \
				17190	-c "received HelloRetryRequest message" \
				17191	-c "selected_group ( 24 )"
				17192
				17193	requires_gnutls_tls1_3
				17194	requires_gnutls_next_no_ticket
				17195	requires_gnutls_next_disable_tls13_compat
				17196	requires_config_enabled MBEDTLS_SSL_CLI_C
				17197	requires_config_enabled MBEDTLS_DEBUG_C
				17198	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17199	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17200	requires_config_enabled PSA_WANT_ALG_ECDH
				17201	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17202	run_test "TLS 1.3 m->G: HRR ffdhe8192 -> secp521r1" \
				17203	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
				17204	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \
				17205	0 \
				17206	-c "HTTP/1.0 200 OK" \
				17207	-c "Protocol is TLSv1.3" \
				17208	-c "NamedGroup: ffdhe8192 ( 104 )" \
				17209	-c "NamedGroup: secp521r1 ( 19 )" \
				17210	-c "Verifying peer X.509 certificate... ok" \
				17211	-c "received HelloRetryRequest message" \
				17212	-c "selected_group ( 25 )"
				17213
				17214	requires_gnutls_tls1_3
				17215	requires_gnutls_next_no_ticket
				17216	requires_gnutls_next_disable_tls13_compat
				17217	requires_config_enabled MBEDTLS_SSL_CLI_C
				17218	requires_config_enabled MBEDTLS_DEBUG_C
				17219	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17220	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17221	requires_config_enabled PSA_WANT_ALG_ECDH
				17222	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17223	run_test "TLS 1.3 m->G: HRR ffdhe8192 -> x25519" \
				17224	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
				17225	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \
				17226	0 \
				17227	-c "HTTP/1.0 200 OK" \
				17228	-c "Protocol is TLSv1.3" \
				17229	-c "NamedGroup: ffdhe8192 ( 104 )" \
				17230	-c "NamedGroup: x25519 ( 1d )" \
				17231	-c "Verifying peer X.509 certificate... ok" \
				17232	-c "received HelloRetryRequest message" \
				17233	-c "selected_group ( 29 )"
				17234
				17235	requires_gnutls_tls1_3
				17236	requires_gnutls_next_no_ticket
				17237	requires_gnutls_next_disable_tls13_compat
				17238	requires_config_enabled MBEDTLS_SSL_CLI_C
				17239	requires_config_enabled MBEDTLS_DEBUG_C
				17240	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17241	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17242	requires_config_enabled PSA_WANT_ALG_ECDH
				17243	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17244	run_test "TLS 1.3 m->G: HRR ffdhe8192 -> x448" \
				17245	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
				17246	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \
				17247	0 \
				17248	-c "HTTP/1.0 200 OK" \
				17249	-c "Protocol is TLSv1.3" \
				17250	-c "NamedGroup: ffdhe8192 ( 104 )" \
				17251	-c "NamedGroup: x448 ( 1e )" \
				17252	-c "Verifying peer X.509 certificate... ok" \
				17253	-c "received HelloRetryRequest message" \
				17254	-c "selected_group ( 30 )"
				17255
				17256	requires_gnutls_tls1_3
				17257	requires_gnutls_next_no_ticket
				17258	requires_gnutls_next_disable_tls13_compat
				17259	requires_config_enabled MBEDTLS_SSL_CLI_C
				17260	requires_config_enabled MBEDTLS_DEBUG_C
				17261	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17262	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17263	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17264	run_test "TLS 1.3 m->G: HRR ffdhe8192 -> ffdhe2048" \
				17265	"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
				17266	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \
				17267	0 \
				17268	-c "HTTP/1.0 200 OK" \
				17269	-c "Protocol is TLSv1.3" \
				17270	-c "NamedGroup: ffdhe8192 ( 104 )" \
				17271	-c "NamedGroup: ffdhe2048 ( 100 )" \
				17272	-c "Verifying peer X.509 certificate... ok" \
				17273	-c "received HelloRetryRequest message" \
				17274	-c "selected_group ( 256 )"
				17275
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17276	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17277	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17278	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17279	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17280	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17281	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17282	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17283	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17284	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17285	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17286	run_test "TLS 1.3 m->m: HRR secp256r1 -> secp384r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17287	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17288	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17289	0 \
				17290	-s "Protocol is TLSv1.3" \
				17291	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17292	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17293	-c "Protocol is TLSv1.3" \
				17294	-c "NamedGroup: secp256r1 ( 17 )" \
				17295	-c "NamedGroup: secp384r1 ( 18 )" \
				17296	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17297	-s "HRR selected_group: secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17298	-c "received HelloRetryRequest message" \
				17299	-c "selected_group ( 24 )"
				17300
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17301	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17302	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17303	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17304	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17305	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17306	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17307	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17308	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17309	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17310	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17311	run_test "TLS 1.3 m->m: HRR secp256r1 -> secp521r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17312	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17313	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17314	0 \
				17315	-s "Protocol is TLSv1.3" \
				17316	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17317	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17318	-c "Protocol is TLSv1.3" \
				17319	-c "NamedGroup: secp256r1 ( 17 )" \
				17320	-c "NamedGroup: secp521r1 ( 19 )" \
				17321	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17322	-s "HRR selected_group: secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17323	-c "received HelloRetryRequest message" \
				17324	-c "selected_group ( 25 )"
				17325
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17326	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17327	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17328	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17329	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17330	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17331	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17332	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17333	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17334	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17335	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17336	run_test "TLS 1.3 m->m: HRR secp256r1 -> x25519" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17337	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17338	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17339	0 \
				17340	-s "Protocol is TLSv1.3" \
				17341	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17342	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17343	-c "Protocol is TLSv1.3" \
				17344	-c "NamedGroup: secp256r1 ( 17 )" \
				17345	-c "NamedGroup: x25519 ( 1d )" \
				17346	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17347	-s "HRR selected_group: x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17348	-c "received HelloRetryRequest message" \
				17349	-c "selected_group ( 29 )"
				17350
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17351	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17352	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17353	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17354	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17355	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17356	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17357	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17358	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17359	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17360	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17361	run_test "TLS 1.3 m->m: HRR secp256r1 -> x448" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17362	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17363	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17364	0 \
				17365	-s "Protocol is TLSv1.3" \
				17366	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17367	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17368	-c "Protocol is TLSv1.3" \
				17369	-c "NamedGroup: secp256r1 ( 17 )" \
				17370	-c "NamedGroup: x448 ( 1e )" \
				17371	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17372	-s "HRR selected_group: x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17373	-c "received HelloRetryRequest message" \
				17374	-c "selected_group ( 30 )"
				17375
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17376	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17377	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17378	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17379	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17380	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17381	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17382	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17383	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17384	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17385	requires_config_enabled PSA_WANT_ALG_ECDH
				17386	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17387	run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe2048" \
				17388	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17389	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe2048" \
				17390	0 \
				17391	-s "Protocol is TLSv1.3" \
				17392	-s "got named group: ffdhe2048(0100)" \
				17393	-s "Certificate verification was skipped" \
				17394	-c "Protocol is TLSv1.3" \
				17395	-c "NamedGroup: secp256r1 ( 17 )" \
				17396	-c "NamedGroup: ffdhe2048 ( 100 )" \
				17397	-c "Verifying peer X.509 certificate... ok" \
				17398	-s "HRR selected_group: ffdhe2048" \
				17399	-c "received HelloRetryRequest message" \
				17400	-c "selected_group ( 256 )"
				17401
				17402	requires_config_enabled MBEDTLS_SSL_SRV_C
				17403	requires_config_enabled MBEDTLS_DEBUG_C
				17404	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17405	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17406	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17407	requires_config_enabled MBEDTLS_SSL_CLI_C
				17408	requires_config_enabled MBEDTLS_DEBUG_C
				17409	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17410	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17411	requires_config_enabled PSA_WANT_ALG_ECDH
				17412	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17413	run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe8192" \
				17414	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17415	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1,ffdhe8192" \
				17416	0 \
				17417	-s "Protocol is TLSv1.3" \
				17418	-s "got named group: ffdhe8192(0104)" \
				17419	-s "Certificate verification was skipped" \
				17420	-c "Protocol is TLSv1.3" \
				17421	-c "NamedGroup: secp256r1 ( 17 )" \
				17422	-c "NamedGroup: ffdhe8192 ( 104 )" \
				17423	-c "Verifying peer X.509 certificate... ok" \
				17424	-s "HRR selected_group: ffdhe8192" \
				17425	-c "received HelloRetryRequest message" \
				17426	-c "selected_group ( 260 )"
				17427
				17428	requires_config_enabled MBEDTLS_SSL_SRV_C
				17429	requires_config_enabled MBEDTLS_DEBUG_C
				17430	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17431	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17432	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17433	requires_config_enabled MBEDTLS_SSL_CLI_C
				17434	requires_config_enabled MBEDTLS_DEBUG_C
				17435	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17436	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17437	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17438	run_test "TLS 1.3 m->m: HRR secp384r1 -> secp256r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17439	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17440	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17441	0 \
				17442	-s "Protocol is TLSv1.3" \
				17443	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17444	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17445	-c "Protocol is TLSv1.3" \
				17446	-c "NamedGroup: secp384r1 ( 18 )" \
				17447	-c "NamedGroup: secp256r1 ( 17 )" \
				17448	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17449	-s "HRR selected_group: secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17450	-c "received HelloRetryRequest message" \
				17451	-c "selected_group ( 23 )"
				17452
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17453	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17454	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17455	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17456	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17457	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17458	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17459	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17460	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17461	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17462	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17463	run_test "TLS 1.3 m->m: HRR secp384r1 -> secp521r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17464	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17465	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17466	0 \
				17467	-s "Protocol is TLSv1.3" \
				17468	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17469	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17470	-c "Protocol is TLSv1.3" \
				17471	-c "NamedGroup: secp384r1 ( 18 )" \
				17472	-c "NamedGroup: secp521r1 ( 19 )" \
				17473	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17474	-s "HRR selected_group: secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17475	-c "received HelloRetryRequest message" \
				17476	-c "selected_group ( 25 )"
				17477
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17478	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17479	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17480	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17481	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17482	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17483	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17484	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17485	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17486	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17487	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17488	run_test "TLS 1.3 m->m: HRR secp384r1 -> x25519" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17489	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17490	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17491	0 \
				17492	-s "Protocol is TLSv1.3" \
				17493	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17494	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17495	-c "Protocol is TLSv1.3" \
				17496	-c "NamedGroup: secp384r1 ( 18 )" \
				17497	-c "NamedGroup: x25519 ( 1d )" \
				17498	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17499	-s "HRR selected_group: x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17500	-c "received HelloRetryRequest message" \
				17501	-c "selected_group ( 29 )"
				17502
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17503	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17504	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17505	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17506	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17507	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17508	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17509	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17510	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17511	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17512	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17513	run_test "TLS 1.3 m->m: HRR secp384r1 -> x448" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17514	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17515	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17516	0 \
				17517	-s "Protocol is TLSv1.3" \
				17518	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17519	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17520	-c "Protocol is TLSv1.3" \
				17521	-c "NamedGroup: secp384r1 ( 18 )" \
				17522	-c "NamedGroup: x448 ( 1e )" \
				17523	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17524	-s "HRR selected_group: x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17525	-c "received HelloRetryRequest message" \
				17526	-c "selected_group ( 30 )"
				17527
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17528	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17529	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17530	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17531	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17532	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17533	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17534	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17535	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17536	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17537	requires_config_enabled PSA_WANT_ALG_ECDH
				17538	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17539	run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe2048" \
				17540	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17541	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe2048" \
				17542	0 \
				17543	-s "Protocol is TLSv1.3" \
				17544	-s "got named group: ffdhe2048(0100)" \
				17545	-s "Certificate verification was skipped" \
				17546	-c "Protocol is TLSv1.3" \
				17547	-c "NamedGroup: secp384r1 ( 18 )" \
				17548	-c "NamedGroup: ffdhe2048 ( 100 )" \
				17549	-c "Verifying peer X.509 certificate... ok" \
				17550	-s "HRR selected_group: ffdhe2048" \
				17551	-c "received HelloRetryRequest message" \
				17552	-c "selected_group ( 256 )"
				17553
				17554	requires_config_enabled MBEDTLS_SSL_SRV_C
				17555	requires_config_enabled MBEDTLS_DEBUG_C
				17556	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17557	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17558	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17559	requires_config_enabled MBEDTLS_SSL_CLI_C
				17560	requires_config_enabled MBEDTLS_DEBUG_C
				17561	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17562	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17563	requires_config_enabled PSA_WANT_ALG_ECDH
				17564	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17565	run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe8192" \
				17566	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17567	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1,ffdhe8192" \
				17568	0 \
				17569	-s "Protocol is TLSv1.3" \
				17570	-s "got named group: ffdhe8192(0104)" \
				17571	-s "Certificate verification was skipped" \
				17572	-c "Protocol is TLSv1.3" \
				17573	-c "NamedGroup: secp384r1 ( 18 )" \
				17574	-c "NamedGroup: ffdhe8192 ( 104 )" \
				17575	-c "Verifying peer X.509 certificate... ok" \
				17576	-s "HRR selected_group: ffdhe8192" \
				17577	-c "received HelloRetryRequest message" \
				17578	-c "selected_group ( 260 )"
				17579
				17580	requires_config_enabled MBEDTLS_SSL_SRV_C
				17581	requires_config_enabled MBEDTLS_DEBUG_C
				17582	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17583	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17584	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17585	requires_config_enabled MBEDTLS_SSL_CLI_C
				17586	requires_config_enabled MBEDTLS_DEBUG_C
				17587	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17588	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17589	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17590	run_test "TLS 1.3 m->m: HRR secp521r1 -> secp256r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17591	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17592	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17593	0 \
				17594	-s "Protocol is TLSv1.3" \
				17595	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17596	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17597	-c "Protocol is TLSv1.3" \
				17598	-c "NamedGroup: secp521r1 ( 19 )" \
				17599	-c "NamedGroup: secp256r1 ( 17 )" \
				17600	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17601	-s "HRR selected_group: secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17602	-c "received HelloRetryRequest message" \
				17603	-c "selected_group ( 23 )"
				17604
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17605	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17606	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17607	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17608	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17609	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17610	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17611	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17612	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17613	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17614	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17615	run_test "TLS 1.3 m->m: HRR secp521r1 -> secp384r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17616	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17617	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17618	0 \
				17619	-s "Protocol is TLSv1.3" \
				17620	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17621	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17622	-c "Protocol is TLSv1.3" \
				17623	-c "NamedGroup: secp521r1 ( 19 )" \
				17624	-c "NamedGroup: secp384r1 ( 18 )" \
				17625	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17626	-s "HRR selected_group: secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17627	-c "received HelloRetryRequest message" \
				17628	-c "selected_group ( 24 )"
				17629
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17630	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17631	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17632	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17633	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17634	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17635	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17636	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17637	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17638	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17639	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17640	run_test "TLS 1.3 m->m: HRR secp521r1 -> x25519" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17641	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17642	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17643	0 \
				17644	-s "Protocol is TLSv1.3" \
				17645	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17646	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17647	-c "Protocol is TLSv1.3" \
				17648	-c "NamedGroup: secp521r1 ( 19 )" \
				17649	-c "NamedGroup: x25519 ( 1d )" \
				17650	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17651	-s "HRR selected_group: x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17652	-c "received HelloRetryRequest message" \
				17653	-c "selected_group ( 29 )"
				17654
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17655	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17656	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17657	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17658	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17659	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17660	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17661	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17662	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17663	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17664	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17665	run_test "TLS 1.3 m->m: HRR secp521r1 -> x448" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17666	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17667	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17668	0 \
				17669	-s "Protocol is TLSv1.3" \
				17670	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17671	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17672	-c "Protocol is TLSv1.3" \
				17673	-c "NamedGroup: secp521r1 ( 19 )" \
				17674	-c "NamedGroup: x448 ( 1e )" \
				17675	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17676	-s "HRR selected_group: x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17677	-c "received HelloRetryRequest message" \
				17678	-c "selected_group ( 30 )"
				17679
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17680	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17681	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17682	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17683	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17684	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17685	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17686	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17687	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17688	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17689	requires_config_enabled PSA_WANT_ALG_ECDH
				17690	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17691	run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe2048" \
				17692	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17693	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe2048" \
				17694	0 \
				17695	-s "Protocol is TLSv1.3" \
				17696	-s "got named group: ffdhe2048(0100)" \
				17697	-s "Certificate verification was skipped" \
				17698	-c "Protocol is TLSv1.3" \
				17699	-c "NamedGroup: secp521r1 ( 19 )" \
				17700	-c "NamedGroup: ffdhe2048 ( 100 )" \
				17701	-c "Verifying peer X.509 certificate... ok" \
				17702	-s "HRR selected_group: ffdhe2048" \
				17703	-c "received HelloRetryRequest message" \
				17704	-c "selected_group ( 256 )"
				17705
				17706	requires_config_enabled MBEDTLS_SSL_SRV_C
				17707	requires_config_enabled MBEDTLS_DEBUG_C
				17708	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17709	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17710	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17711	requires_config_enabled MBEDTLS_SSL_CLI_C
				17712	requires_config_enabled MBEDTLS_DEBUG_C
				17713	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17714	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17715	requires_config_enabled PSA_WANT_ALG_ECDH
				17716	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17717	run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe8192" \
				17718	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17719	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1,ffdhe8192" \
				17720	0 \
				17721	-s "Protocol is TLSv1.3" \
				17722	-s "got named group: ffdhe8192(0104)" \
				17723	-s "Certificate verification was skipped" \
				17724	-c "Protocol is TLSv1.3" \
				17725	-c "NamedGroup: secp521r1 ( 19 )" \
				17726	-c "NamedGroup: ffdhe8192 ( 104 )" \
				17727	-c "Verifying peer X.509 certificate... ok" \
				17728	-s "HRR selected_group: ffdhe8192" \
				17729	-c "received HelloRetryRequest message" \
				17730	-c "selected_group ( 260 )"
				17731
				17732	requires_config_enabled MBEDTLS_SSL_SRV_C
				17733	requires_config_enabled MBEDTLS_DEBUG_C
				17734	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17735	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17736	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17737	requires_config_enabled MBEDTLS_SSL_CLI_C
				17738	requires_config_enabled MBEDTLS_DEBUG_C
				17739	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17740	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17741	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17742	run_test "TLS 1.3 m->m: HRR x25519 -> secp256r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17743	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17744	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17745	0 \
				17746	-s "Protocol is TLSv1.3" \
				17747	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17748	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17749	-c "Protocol is TLSv1.3" \
				17750	-c "NamedGroup: x25519 ( 1d )" \
				17751	-c "NamedGroup: secp256r1 ( 17 )" \
				17752	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17753	-s "HRR selected_group: secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17754	-c "received HelloRetryRequest message" \
				17755	-c "selected_group ( 23 )"
				17756
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17757	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17758	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17759	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17760	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17761	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17762	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17763	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17764	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17765	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17766	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17767	run_test "TLS 1.3 m->m: HRR x25519 -> secp384r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17768	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17769	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17770	0 \
				17771	-s "Protocol is TLSv1.3" \
				17772	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17773	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17774	-c "Protocol is TLSv1.3" \
				17775	-c "NamedGroup: x25519 ( 1d )" \
				17776	-c "NamedGroup: secp384r1 ( 18 )" \
				17777	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17778	-s "HRR selected_group: secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17779	-c "received HelloRetryRequest message" \
				17780	-c "selected_group ( 24 )"
				17781
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17782	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17783	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17784	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17785	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17786	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17787	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17788	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17789	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17790	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17791	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17792	run_test "TLS 1.3 m->m: HRR x25519 -> secp521r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17793	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17794	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17795	0 \
				17796	-s "Protocol is TLSv1.3" \
				17797	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17798	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17799	-c "Protocol is TLSv1.3" \
				17800	-c "NamedGroup: x25519 ( 1d )" \
				17801	-c "NamedGroup: secp521r1 ( 19 )" \
				17802	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17803	-s "HRR selected_group: secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17804	-c "received HelloRetryRequest message" \
				17805	-c "selected_group ( 25 )"
				17806
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17807	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17808	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17809	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17810	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17811	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17812	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17813	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17814	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17815	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17816	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17817	run_test "TLS 1.3 m->m: HRR x25519 -> x448" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17818	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17819	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17820	0 \
				17821	-s "Protocol is TLSv1.3" \
				17822	-s "got named group: x448(001e)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17823	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17824	-c "Protocol is TLSv1.3" \
				17825	-c "NamedGroup: x25519 ( 1d )" \
				17826	-c "NamedGroup: x448 ( 1e )" \
				17827	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17828	-s "HRR selected_group: x448" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17829	-c "received HelloRetryRequest message" \
				17830	-c "selected_group ( 30 )"
				17831
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17832	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17833	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17834	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17835	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17836	requires_config_enabled PSA_WANT_ALG_FFDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17837	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17838	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17839	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17840	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17841	requires_config_enabled PSA_WANT_ALG_ECDH
				17842	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17843	run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe2048" \
				17844	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17845	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe2048" \
				17846	0 \
				17847	-s "Protocol is TLSv1.3" \
				17848	-s "got named group: ffdhe2048(0100)" \
				17849	-s "Certificate verification was skipped" \
				17850	-c "Protocol is TLSv1.3" \
				17851	-c "NamedGroup: x25519 ( 1d )" \
				17852	-c "NamedGroup: ffdhe2048 ( 100 )" \
				17853	-c "Verifying peer X.509 certificate... ok" \
				17854	-s "HRR selected_group: ffdhe2048" \
				17855	-c "received HelloRetryRequest message" \
				17856	-c "selected_group ( 256 )"
				17857
				17858	requires_config_enabled MBEDTLS_SSL_SRV_C
				17859	requires_config_enabled MBEDTLS_DEBUG_C
				17860	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17861	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17862	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17863	requires_config_enabled MBEDTLS_SSL_CLI_C
				17864	requires_config_enabled MBEDTLS_DEBUG_C
				17865	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17866	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17867	requires_config_enabled PSA_WANT_ALG_ECDH
				17868	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17869	run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe8192" \
				17870	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17871	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519,ffdhe8192" \
				17872	0 \
				17873	-s "Protocol is TLSv1.3" \
				17874	-s "got named group: ffdhe8192(0104)" \
				17875	-s "Certificate verification was skipped" \
				17876	-c "Protocol is TLSv1.3" \
				17877	-c "NamedGroup: x25519 ( 1d )" \
				17878	-c "NamedGroup: ffdhe8192 ( 104 )" \
				17879	-c "Verifying peer X.509 certificate... ok" \
				17880	-s "HRR selected_group: ffdhe8192" \
				17881	-c "received HelloRetryRequest message" \
				17882	-c "selected_group ( 260 )"
				17883
				17884	requires_config_enabled MBEDTLS_SSL_SRV_C
				17885	requires_config_enabled MBEDTLS_DEBUG_C
				17886	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17887	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17888	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17889	requires_config_enabled MBEDTLS_SSL_CLI_C
				17890	requires_config_enabled MBEDTLS_DEBUG_C
				17891	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17892	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17893	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17894	run_test "TLS 1.3 m->m: HRR x448 -> secp256r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17895	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17896	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17897	0 \
				17898	-s "Protocol is TLSv1.3" \
				17899	-s "got named group: secp256r1(0017)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17900	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17901	-c "Protocol is TLSv1.3" \
				17902	-c "NamedGroup: x448 ( 1e )" \
				17903	-c "NamedGroup: secp256r1 ( 17 )" \
				17904	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17905	-s "HRR selected_group: secp256r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17906	-c "received HelloRetryRequest message" \
				17907	-c "selected_group ( 23 )"
				17908
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17909	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17910	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17911	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17912	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17913	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17914	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17915	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17916	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17917	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17918	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17919	run_test "TLS 1.3 m->m: HRR x448 -> secp384r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17920	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17921	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17922	0 \
				17923	-s "Protocol is TLSv1.3" \
				17924	-s "got named group: secp384r1(0018)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17925	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17926	-c "Protocol is TLSv1.3" \
				17927	-c "NamedGroup: x448 ( 1e )" \
				17928	-c "NamedGroup: secp384r1 ( 18 )" \
				17929	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17930	-s "HRR selected_group: secp384r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17931	-c "received HelloRetryRequest message" \
				17932	-c "selected_group ( 24 )"
				17933
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17934	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17935	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17936	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17937	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17938	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17939	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17940	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17941	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17942	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17943	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17944	run_test "TLS 1.3 m->m: HRR x448 -> secp521r1" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17945	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17946	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17947	0 \
				17948	-s "Protocol is TLSv1.3" \
				17949	-s "got named group: secp521r1(0019)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17950	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17951	-c "Protocol is TLSv1.3" \
				17952	-c "NamedGroup: x448 ( 1e )" \
				17953	-c "NamedGroup: secp521r1 ( 19 )" \
				17954	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17955	-s "HRR selected_group: secp521r1" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17956	-c "received HelloRetryRequest message" \
				17957	-c "selected_group ( 25 )"
				17958
XiaokangQian	fb1a3fe	2022-06-09 06:37:33 +0000	[diff] [blame]	17959	requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17960	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17961	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17962	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17963	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17964	requires_config_enabled MBEDTLS_SSL_CLI_C
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17965	requires_config_enabled MBEDTLS_DEBUG_C
Ronald Cron	928cbd3	2022-10-04 16:14:26 +0200	[diff] [blame]	17966	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17967	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17968	requires_config_enabled PSA_WANT_ALG_ECDH
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17969	run_test "TLS 1.3 m->m: HRR x448 -> x25519" \
Ronald Cron	50ae84e	2023-03-14 08:59:56 +0100	[diff] [blame]	17970	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17971	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17972	0 \
				17973	-s "Protocol is TLSv1.3" \
				17974	-s "got named group: x25519(001d)" \
Ronald Cron	eac00ad	2022-09-13 10:16:31 +0200	[diff] [blame]	17975	-s "Certificate verification was skipped" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17976	-c "Protocol is TLSv1.3" \
				17977	-c "NamedGroup: x448 ( 1e )" \
				17978	-c "NamedGroup: x25519 ( 1d )" \
				17979	-c "Verifying peer X.509 certificate... ok" \
XiaokangQian	9b938b7	2022-06-10 03:10:59 +0000	[diff] [blame]	17980	-s "HRR selected_group: x25519" \
XiaokangQian	b1847a2	2022-06-08 07:49:31 +0000	[diff] [blame]	17981	-c "received HelloRetryRequest message" \
				17982	-c "selected_group ( 29 )"
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17983
				17984	requires_config_enabled MBEDTLS_SSL_SRV_C
				17985	requires_config_enabled MBEDTLS_DEBUG_C
				17986	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17987	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17988	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17989	requires_config_enabled MBEDTLS_SSL_CLI_C
				17990	requires_config_enabled MBEDTLS_DEBUG_C
				17991	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				17992	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	17993	requires_config_enabled PSA_WANT_ALG_ECDH
				17994	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	17995	run_test "TLS 1.3 m->m: HRR x448 -> ffdhe2048" \
				17996	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				17997	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe2048" \
				17998	0 \
				17999	-s "Protocol is TLSv1.3" \
				18000	-s "got named group: ffdhe2048(0100)" \
				18001	-s "Certificate verification was skipped" \
				18002	-c "Protocol is TLSv1.3" \
				18003	-c "NamedGroup: x448 ( 1e )" \
				18004	-c "NamedGroup: ffdhe2048 ( 100 )" \
				18005	-c "Verifying peer X.509 certificate... ok" \
				18006	-s "HRR selected_group: ffdhe2048" \
				18007	-c "received HelloRetryRequest message" \
				18008	-c "selected_group ( 256 )"
				18009
				18010	requires_config_enabled MBEDTLS_SSL_SRV_C
				18011	requires_config_enabled MBEDTLS_DEBUG_C
				18012	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18013	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18014	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18015	requires_config_enabled MBEDTLS_SSL_CLI_C
				18016	requires_config_enabled MBEDTLS_DEBUG_C
				18017	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18018	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18019	requires_config_enabled PSA_WANT_ALG_ECDH
				18020	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18021	run_test "TLS 1.3 m->m: HRR x448 -> ffdhe8192" \
				18022	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				18023	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448,ffdhe8192" \
				18024	0 \
				18025	-s "Protocol is TLSv1.3" \
				18026	-s "got named group: ffdhe8192(0104)" \
				18027	-s "Certificate verification was skipped" \
				18028	-c "Protocol is TLSv1.3" \
				18029	-c "NamedGroup: x448 ( 1e )" \
				18030	-c "NamedGroup: ffdhe8192 ( 104 )" \
				18031	-c "Verifying peer X.509 certificate... ok" \
				18032	-s "HRR selected_group: ffdhe8192" \
				18033	-c "received HelloRetryRequest message" \
				18034	-c "selected_group ( 260 )"
				18035
				18036	requires_config_enabled MBEDTLS_SSL_SRV_C
				18037	requires_config_enabled MBEDTLS_DEBUG_C
				18038	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18039	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18040	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18041	requires_config_enabled MBEDTLS_SSL_CLI_C
				18042	requires_config_enabled MBEDTLS_DEBUG_C
				18043	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18044	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18045	requires_config_enabled PSA_WANT_ALG_ECDH
				18046	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18047	run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp256r1" \
				18048	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				18049	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp256r1" \
				18050	0 \
				18051	-s "Protocol is TLSv1.3" \
				18052	-s "got named group: secp256r1(0017)" \
				18053	-s "Certificate verification was skipped" \
				18054	-c "Protocol is TLSv1.3" \
				18055	-c "NamedGroup: ffdhe2048 ( 100 )" \
				18056	-c "NamedGroup: secp256r1 ( 17 )" \
				18057	-c "Verifying peer X.509 certificate... ok" \
				18058	-s "HRR selected_group: secp256r1" \
				18059	-c "received HelloRetryRequest message" \
				18060	-c "selected_group ( 23 )"
				18061
				18062	requires_config_enabled MBEDTLS_SSL_SRV_C
				18063	requires_config_enabled MBEDTLS_DEBUG_C
				18064	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18065	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18066	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18067	requires_config_enabled MBEDTLS_SSL_CLI_C
				18068	requires_config_enabled MBEDTLS_DEBUG_C
				18069	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18070	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18071	requires_config_enabled PSA_WANT_ALG_ECDH
				18072	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18073	run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp384r1" \
				18074	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				18075	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp384r1" \
				18076	0 \
				18077	-s "Protocol is TLSv1.3" \
				18078	-s "got named group: secp384r1(0018)" \
				18079	-s "Certificate verification was skipped" \
				18080	-c "Protocol is TLSv1.3" \
				18081	-c "NamedGroup: ffdhe2048 ( 100 )" \
				18082	-c "NamedGroup: secp384r1 ( 18 )" \
				18083	-c "Verifying peer X.509 certificate... ok" \
				18084	-s "HRR selected_group: secp384r1" \
				18085	-c "received HelloRetryRequest message" \
				18086	-c "selected_group ( 24 )"
				18087
				18088	requires_config_enabled MBEDTLS_SSL_SRV_C
				18089	requires_config_enabled MBEDTLS_DEBUG_C
				18090	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18091	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18092	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18093	requires_config_enabled MBEDTLS_SSL_CLI_C
				18094	requires_config_enabled MBEDTLS_DEBUG_C
				18095	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18096	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18097	requires_config_enabled PSA_WANT_ALG_ECDH
				18098	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18099	run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp521r1" \
				18100	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				18101	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,secp521r1" \
				18102	0 \
				18103	-s "Protocol is TLSv1.3" \
				18104	-s "got named group: secp521r1(0019)" \
				18105	-s "Certificate verification was skipped" \
				18106	-c "Protocol is TLSv1.3" \
				18107	-c "NamedGroup: ffdhe2048 ( 100 )" \
				18108	-c "NamedGroup: secp521r1 ( 19 )" \
				18109	-c "Verifying peer X.509 certificate... ok" \
				18110	-s "HRR selected_group: secp521r1" \
				18111	-c "received HelloRetryRequest message" \
				18112	-c "selected_group ( 25 )"
				18113
				18114	requires_config_enabled MBEDTLS_SSL_SRV_C
				18115	requires_config_enabled MBEDTLS_DEBUG_C
				18116	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18117	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18118	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18119	requires_config_enabled MBEDTLS_SSL_CLI_C
				18120	requires_config_enabled MBEDTLS_DEBUG_C
				18121	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18122	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18123	requires_config_enabled PSA_WANT_ALG_ECDH
				18124	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18125	run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x25519" \
				18126	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				18127	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x25519" \
				18128	0 \
				18129	-s "Protocol is TLSv1.3" \
				18130	-s "got named group: x25519(001d)" \
				18131	-s "Certificate verification was skipped" \
				18132	-c "Protocol is TLSv1.3" \
				18133	-c "NamedGroup: ffdhe2048 ( 100 )" \
				18134	-c "NamedGroup: x25519 ( 1d )" \
				18135	-c "Verifying peer X.509 certificate... ok" \
				18136	-s "HRR selected_group: x25519" \
				18137	-c "received HelloRetryRequest message" \
				18138	-c "selected_group ( 29 )"
				18139
				18140	requires_config_enabled MBEDTLS_SSL_SRV_C
				18141	requires_config_enabled MBEDTLS_DEBUG_C
				18142	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18143	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18144	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18145	requires_config_enabled MBEDTLS_SSL_CLI_C
				18146	requires_config_enabled MBEDTLS_DEBUG_C
				18147	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18148	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18149	requires_config_enabled PSA_WANT_ALG_ECDH
				18150	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18151	run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x448" \
				18152	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				18153	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,x448" \
				18154	0 \
				18155	-s "Protocol is TLSv1.3" \
				18156	-s "got named group: x448(001e)" \
				18157	-s "Certificate verification was skipped" \
				18158	-c "Protocol is TLSv1.3" \
				18159	-c "NamedGroup: ffdhe2048 ( 100 )" \
				18160	-c "NamedGroup: x448 ( 1e )" \
				18161	-c "Verifying peer X.509 certificate... ok" \
				18162	-s "HRR selected_group: x448" \
				18163	-c "received HelloRetryRequest message" \
				18164	-c "selected_group ( 30 )"
				18165
				18166	requires_config_enabled MBEDTLS_SSL_SRV_C
				18167	requires_config_enabled MBEDTLS_DEBUG_C
				18168	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18169	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18170	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18171	requires_config_enabled MBEDTLS_SSL_CLI_C
				18172	requires_config_enabled MBEDTLS_DEBUG_C
				18173	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18174	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18175	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18176	run_test "TLS 1.3 m->m: HRR ffdhe2048 -> ffdhe8192" \
				18177	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				18178	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048,ffdhe8192" \
				18179	0 \
				18180	-s "Protocol is TLSv1.3" \
				18181	-s "got named group: ffdhe8192(0104)" \
				18182	-s "Certificate verification was skipped" \
				18183	-c "Protocol is TLSv1.3" \
				18184	-c "NamedGroup: ffdhe2048 ( 100 )" \
				18185	-c "NamedGroup: ffdhe8192 ( 104 )" \
				18186	-c "Verifying peer X.509 certificate... ok" \
				18187	-s "HRR selected_group: ffdhe8192" \
				18188	-c "received HelloRetryRequest message" \
				18189	-c "selected_group ( 260 )"
				18190
				18191	requires_config_enabled MBEDTLS_SSL_SRV_C
				18192	requires_config_enabled MBEDTLS_DEBUG_C
				18193	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18194	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18195	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18196	requires_config_enabled MBEDTLS_SSL_CLI_C
				18197	requires_config_enabled MBEDTLS_DEBUG_C
				18198	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18199	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18200	requires_config_enabled PSA_WANT_ALG_ECDH
				18201	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18202	run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp256r1" \
				18203	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				18204	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp256r1" \
				18205	0 \
				18206	-s "Protocol is TLSv1.3" \
				18207	-s "got named group: secp256r1(0017)" \
				18208	-s "Certificate verification was skipped" \
				18209	-c "Protocol is TLSv1.3" \
				18210	-c "NamedGroup: ffdhe8192 ( 104 )" \
				18211	-c "NamedGroup: secp256r1 ( 17 )" \
				18212	-c "Verifying peer X.509 certificate... ok" \
				18213	-s "HRR selected_group: secp256r1" \
				18214	-c "received HelloRetryRequest message" \
				18215	-c "selected_group ( 23 )"
				18216
				18217	requires_config_enabled MBEDTLS_SSL_SRV_C
				18218	requires_config_enabled MBEDTLS_DEBUG_C
				18219	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18220	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18221	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18222	requires_config_enabled MBEDTLS_SSL_CLI_C
				18223	requires_config_enabled MBEDTLS_DEBUG_C
				18224	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18225	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18226	requires_config_enabled PSA_WANT_ALG_ECDH
				18227	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18228	run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp384r1" \
				18229	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				18230	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp384r1" \
				18231	0 \
				18232	-s "Protocol is TLSv1.3" \
				18233	-s "got named group: secp384r1(0018)" \
				18234	-s "Certificate verification was skipped" \
				18235	-c "Protocol is TLSv1.3" \
				18236	-c "NamedGroup: ffdhe8192 ( 104 )" \
				18237	-c "NamedGroup: secp384r1 ( 18 )" \
				18238	-c "Verifying peer X.509 certificate... ok" \
				18239	-s "HRR selected_group: secp384r1" \
				18240	-c "received HelloRetryRequest message" \
				18241	-c "selected_group ( 24 )"
				18242
				18243	requires_config_enabled MBEDTLS_SSL_SRV_C
				18244	requires_config_enabled MBEDTLS_DEBUG_C
				18245	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18246	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18247	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18248	requires_config_enabled MBEDTLS_SSL_CLI_C
				18249	requires_config_enabled MBEDTLS_DEBUG_C
				18250	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18251	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18252	requires_config_enabled PSA_WANT_ALG_ECDH
				18253	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18254	run_test "TLS 1.3 m->m: HRR ffdhe8192 -> secp521r1" \
				18255	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				18256	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,secp521r1" \
				18257	0 \
				18258	-s "Protocol is TLSv1.3" \
				18259	-s "got named group: secp521r1(0019)" \
				18260	-s "Certificate verification was skipped" \
				18261	-c "Protocol is TLSv1.3" \
				18262	-c "NamedGroup: ffdhe8192 ( 104 )" \
				18263	-c "NamedGroup: secp521r1 ( 19 )" \
				18264	-c "Verifying peer X.509 certificate... ok" \
				18265	-s "HRR selected_group: secp521r1" \
				18266	-c "received HelloRetryRequest message" \
				18267	-c "selected_group ( 25 )"
				18268
				18269	requires_config_enabled MBEDTLS_SSL_SRV_C
				18270	requires_config_enabled MBEDTLS_DEBUG_C
				18271	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18272	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18273	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18274	requires_config_enabled MBEDTLS_SSL_CLI_C
				18275	requires_config_enabled MBEDTLS_DEBUG_C
				18276	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18277	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18278	requires_config_enabled PSA_WANT_ALG_ECDH
				18279	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18280	run_test "TLS 1.3 m->m: HRR ffdhe8192 -> x25519" \
				18281	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				18282	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x25519" \
				18283	0 \
				18284	-s "Protocol is TLSv1.3" \
				18285	-s "got named group: x25519(001d)" \
				18286	-s "Certificate verification was skipped" \
				18287	-c "Protocol is TLSv1.3" \
				18288	-c "NamedGroup: ffdhe8192 ( 104 )" \
				18289	-c "NamedGroup: x25519 ( 1d )" \
				18290	-c "Verifying peer X.509 certificate... ok" \
				18291	-s "HRR selected_group: x25519" \
				18292	-c "received HelloRetryRequest message" \
				18293	-c "selected_group ( 29 )"
				18294
				18295	requires_config_enabled MBEDTLS_SSL_SRV_C
				18296	requires_config_enabled MBEDTLS_DEBUG_C
				18297	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18298	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18299	requires_config_enabled PSA_WANT_ALG_ECDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18300	requires_config_enabled MBEDTLS_SSL_CLI_C
				18301	requires_config_enabled MBEDTLS_DEBUG_C
				18302	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18303	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18304	requires_config_enabled PSA_WANT_ALG_ECDH
				18305	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18306	run_test "TLS 1.3 m->m: HRR ffdhe8192 -> x448" \
				18307	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				18308	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,x448" \
				18309	0 \
				18310	-s "Protocol is TLSv1.3" \
				18311	-s "got named group: x448(001e)" \
				18312	-s "Certificate verification was skipped" \
				18313	-c "Protocol is TLSv1.3" \
				18314	-c "NamedGroup: ffdhe8192 ( 104 )" \
				18315	-c "NamedGroup: x448 ( 1e )" \
				18316	-c "Verifying peer X.509 certificate... ok" \
				18317	-s "HRR selected_group: x448" \
				18318	-c "received HelloRetryRequest message" \
				18319	-c "selected_group ( 30 )"
				18320
				18321	requires_config_enabled MBEDTLS_SSL_SRV_C
				18322	requires_config_enabled MBEDTLS_DEBUG_C
				18323	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18324	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18325	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18326	requires_config_enabled MBEDTLS_SSL_CLI_C
				18327	requires_config_enabled MBEDTLS_DEBUG_C
				18328	requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
				18329	requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Przemek Stekiel	c31a798	2023-06-27 10:53:33 +0200	[diff] [blame^]	18330	requires_config_enabled PSA_WANT_ALG_FFDH
Przemek Stekiel	422ab1f	2023-06-14 11:04:28 +0200	[diff] [blame]	18331	run_test "TLS 1.3 m->m: HRR ffdhe8192 -> ffdhe2048" \
				18332	"$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
				18333	"$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 curves=ffdhe8192,ffdhe2048" \
				18334	0 \
				18335	-s "Protocol is TLSv1.3" \
				18336	-s "got named group: ffdhe2048(0100)" \
				18337	-s "Certificate verification was skipped" \
				18338	-c "Protocol is TLSv1.3" \
				18339	-c "NamedGroup: ffdhe8192 ( 104 )" \
				18340	-c "NamedGroup: ffdhe2048 ( 100 )" \
				18341	-c "Verifying peer X.509 certificate... ok" \
				18342	-s "HRR selected_group: ffdhe2048" \
				18343	-c "received HelloRetryRequest message" \
				18344	-c "selected_group ( 256 )"