TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / dda036d8e0450a4a2ba67d1ebe7001271cc3c982 / . / tests / opt-testcases / tls13-compat.sh
blob: 6982c3cca5c1701007af0fc8112eb28764d5e9b7 [file] [log] [blame]
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1#!/bin/sh
2
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3# tls13-compat.sh
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]4#
5# Copyright The Mbed TLS Contributors
6# SPDX-License-Identifier: Apache-2.0
7#
8# Licensed under the Apache License, Version 2.0 (the "License"); you may
9# not use this file except in compliance with the License.
10# You may obtain a copy of the License at
11#
12# http://www.apache.org/licenses/LICENSE-2.0
13#
14# Unless required by applicable law or agreed to in writing, software
15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17# See the License for the specific language governing permissions and
18# limitations under the License.
19#
20# Purpose
21#
22# List TLS1.3 compat test cases. They are generated by
23# `generate_tls13_compat_tests.py -a`.
24#
25# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
26# AND REGENERATE THIS FILE.
27#
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]28requires_openssl_tls1_3
29requires_config_enabled MBEDTLS_DEBUG_C
30requires_config_enabled MBEDTLS_SSL_CLI_C
31requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
32requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]33run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
34 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]35 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
36 0 \
37 -c "HTTP/1.0 200 ok" \
38 -c "ECDH curve: secp256r1" \
39 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
40 -c "Certificate Verify: Signature algorithm ( 0403 )" \
41 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]42
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]43requires_gnutls_tls1_3
44requires_gnutls_next_no_ticket
45requires_gnutls_next_disable_tls13_compat
46requires_config_enabled MBEDTLS_DEBUG_C
47requires_config_enabled MBEDTLS_SSL_CLI_C
48requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
49requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]50run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
51 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]52 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
53 0 \
54 -c "HTTP/1.0 200 OK" \
55 -c "ECDH curve: secp256r1" \
56 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
57 -c "Certificate Verify: Signature algorithm ( 0403 )" \
58 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]59
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]60requires_openssl_tls1_3
61requires_config_enabled MBEDTLS_DEBUG_C
62requires_config_enabled MBEDTLS_SSL_CLI_C
63requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
64requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]65run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
66 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]67 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
68 0 \
69 -c "HTTP/1.0 200 ok" \
70 -c "ECDH curve: secp384r1" \
71 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
72 -c "Certificate Verify: Signature algorithm ( 0403 )" \
73 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]74
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]75requires_gnutls_tls1_3
76requires_gnutls_next_no_ticket
77requires_gnutls_next_disable_tls13_compat
78requires_config_enabled MBEDTLS_DEBUG_C
79requires_config_enabled MBEDTLS_SSL_CLI_C
80requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
81requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]82run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
83 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]84 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
85 0 \
86 -c "HTTP/1.0 200 OK" \
87 -c "ECDH curve: secp384r1" \
88 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
89 -c "Certificate Verify: Signature algorithm ( 0403 )" \
90 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]91
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]92requires_openssl_tls1_3
93requires_config_enabled MBEDTLS_DEBUG_C
94requires_config_enabled MBEDTLS_SSL_CLI_C
95requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
96requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]97run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
98 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]99 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
100 0 \
101 -c "HTTP/1.0 200 ok" \
102 -c "ECDH curve: secp521r1" \
103 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
104 -c "Certificate Verify: Signature algorithm ( 0403 )" \
105 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]106
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]107requires_gnutls_tls1_3
108requires_gnutls_next_no_ticket
109requires_gnutls_next_disable_tls13_compat
110requires_config_enabled MBEDTLS_DEBUG_C
111requires_config_enabled MBEDTLS_SSL_CLI_C
112requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
113requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]114run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
115 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]116 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
117 0 \
118 -c "HTTP/1.0 200 OK" \
119 -c "ECDH curve: secp521r1" \
120 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
121 -c "Certificate Verify: Signature algorithm ( 0403 )" \
122 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]123
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]124requires_openssl_tls1_3
125requires_config_enabled MBEDTLS_DEBUG_C
126requires_config_enabled MBEDTLS_SSL_CLI_C
127requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
128requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]129run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
130 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]131 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
132 0 \
133 -c "HTTP/1.0 200 ok" \
134 -c "ECDH curve: x25519" \
135 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
136 -c "Certificate Verify: Signature algorithm ( 0403 )" \
137 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]138
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]139requires_gnutls_tls1_3
140requires_gnutls_next_no_ticket
141requires_gnutls_next_disable_tls13_compat
142requires_config_enabled MBEDTLS_DEBUG_C
143requires_config_enabled MBEDTLS_SSL_CLI_C
144requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
145requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]146run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
147 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]148 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
149 0 \
150 -c "HTTP/1.0 200 OK" \
151 -c "ECDH curve: x25519" \
152 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
153 -c "Certificate Verify: Signature algorithm ( 0403 )" \
154 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]155
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]156requires_openssl_tls1_3
157requires_config_enabled MBEDTLS_DEBUG_C
158requires_config_enabled MBEDTLS_SSL_CLI_C
159requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
160requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]161run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
162 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]163 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
164 0 \
165 -c "HTTP/1.0 200 ok" \
166 -c "ECDH curve: x448" \
167 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
168 -c "Certificate Verify: Signature algorithm ( 0403 )" \
169 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]170
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]171requires_gnutls_tls1_3
172requires_gnutls_next_no_ticket
173requires_gnutls_next_disable_tls13_compat
174requires_config_enabled MBEDTLS_DEBUG_C
175requires_config_enabled MBEDTLS_SSL_CLI_C
176requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
177requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]178run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp256r1_sha256" \
179 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]180 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
181 0 \
182 -c "HTTP/1.0 200 OK" \
183 -c "ECDH curve: x448" \
184 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
185 -c "Certificate Verify: Signature algorithm ( 0403 )" \
186 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]187
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]188requires_openssl_tls1_3
189requires_config_enabled MBEDTLS_DEBUG_C
190requires_config_enabled MBEDTLS_SSL_CLI_C
191requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
192requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]193run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
194 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]195 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
196 0 \
197 -c "HTTP/1.0 200 ok" \
198 -c "ECDH curve: secp256r1" \
199 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
200 -c "Certificate Verify: Signature algorithm ( 0503 )" \
201 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]202
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]203requires_gnutls_tls1_3
204requires_gnutls_next_no_ticket
205requires_gnutls_next_disable_tls13_compat
206requires_config_enabled MBEDTLS_DEBUG_C
207requires_config_enabled MBEDTLS_SSL_CLI_C
208requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
209requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]210run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
211 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]212 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
213 0 \
214 -c "HTTP/1.0 200 OK" \
215 -c "ECDH curve: secp256r1" \
216 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
217 -c "Certificate Verify: Signature algorithm ( 0503 )" \
218 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]219
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]220requires_openssl_tls1_3
221requires_config_enabled MBEDTLS_DEBUG_C
222requires_config_enabled MBEDTLS_SSL_CLI_C
223requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
224requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]225run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
226 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]227 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
228 0 \
229 -c "HTTP/1.0 200 ok" \
230 -c "ECDH curve: secp384r1" \
231 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
232 -c "Certificate Verify: Signature algorithm ( 0503 )" \
233 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]234
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]235requires_gnutls_tls1_3
236requires_gnutls_next_no_ticket
237requires_gnutls_next_disable_tls13_compat
238requires_config_enabled MBEDTLS_DEBUG_C
239requires_config_enabled MBEDTLS_SSL_CLI_C
240requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
241requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]242run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
243 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]244 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
245 0 \
246 -c "HTTP/1.0 200 OK" \
247 -c "ECDH curve: secp384r1" \
248 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
249 -c "Certificate Verify: Signature algorithm ( 0503 )" \
250 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]251
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]252requires_openssl_tls1_3
253requires_config_enabled MBEDTLS_DEBUG_C
254requires_config_enabled MBEDTLS_SSL_CLI_C
255requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
256requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]257run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
258 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]259 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
260 0 \
261 -c "HTTP/1.0 200 ok" \
262 -c "ECDH curve: secp521r1" \
263 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
264 -c "Certificate Verify: Signature algorithm ( 0503 )" \
265 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]266
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]267requires_gnutls_tls1_3
268requires_gnutls_next_no_ticket
269requires_gnutls_next_disable_tls13_compat
270requires_config_enabled MBEDTLS_DEBUG_C
271requires_config_enabled MBEDTLS_SSL_CLI_C
272requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
273requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]274run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
275 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]276 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
277 0 \
278 -c "HTTP/1.0 200 OK" \
279 -c "ECDH curve: secp521r1" \
280 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
281 -c "Certificate Verify: Signature algorithm ( 0503 )" \
282 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]283
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]284requires_openssl_tls1_3
285requires_config_enabled MBEDTLS_DEBUG_C
286requires_config_enabled MBEDTLS_SSL_CLI_C
287requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
288requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]289run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
290 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]291 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
292 0 \
293 -c "HTTP/1.0 200 ok" \
294 -c "ECDH curve: x25519" \
295 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
296 -c "Certificate Verify: Signature algorithm ( 0503 )" \
297 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]298
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]299requires_gnutls_tls1_3
300requires_gnutls_next_no_ticket
301requires_gnutls_next_disable_tls13_compat
302requires_config_enabled MBEDTLS_DEBUG_C
303requires_config_enabled MBEDTLS_SSL_CLI_C
304requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
305requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]306run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
307 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]308 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
309 0 \
310 -c "HTTP/1.0 200 OK" \
311 -c "ECDH curve: x25519" \
312 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
313 -c "Certificate Verify: Signature algorithm ( 0503 )" \
314 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]315
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]316requires_openssl_tls1_3
317requires_config_enabled MBEDTLS_DEBUG_C
318requires_config_enabled MBEDTLS_SSL_CLI_C
319requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
320requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]321run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
322 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]323 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
324 0 \
325 -c "HTTP/1.0 200 ok" \
326 -c "ECDH curve: x448" \
327 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
328 -c "Certificate Verify: Signature algorithm ( 0503 )" \
329 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]330
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]331requires_gnutls_tls1_3
332requires_gnutls_next_no_ticket
333requires_gnutls_next_disable_tls13_compat
334requires_config_enabled MBEDTLS_DEBUG_C
335requires_config_enabled MBEDTLS_SSL_CLI_C
336requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
337requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]338run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp384r1_sha384" \
339 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]340 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
341 0 \
342 -c "HTTP/1.0 200 OK" \
343 -c "ECDH curve: x448" \
344 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
345 -c "Certificate Verify: Signature algorithm ( 0503 )" \
346 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]347
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]348requires_openssl_tls1_3
349requires_config_enabled MBEDTLS_DEBUG_C
350requires_config_enabled MBEDTLS_SSL_CLI_C
351requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
352requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]353run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
354 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]355 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
356 0 \
357 -c "HTTP/1.0 200 ok" \
358 -c "ECDH curve: secp256r1" \
359 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
360 -c "Certificate Verify: Signature algorithm ( 0603 )" \
361 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]362
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]363requires_gnutls_tls1_3
364requires_gnutls_next_no_ticket
365requires_gnutls_next_disable_tls13_compat
366requires_config_enabled MBEDTLS_DEBUG_C
367requires_config_enabled MBEDTLS_SSL_CLI_C
368requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
369requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]370run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
371 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]372 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
373 0 \
374 -c "HTTP/1.0 200 OK" \
375 -c "ECDH curve: secp256r1" \
376 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
377 -c "Certificate Verify: Signature algorithm ( 0603 )" \
378 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]379
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]380requires_openssl_tls1_3
381requires_config_enabled MBEDTLS_DEBUG_C
382requires_config_enabled MBEDTLS_SSL_CLI_C
383requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
384requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]385run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
386 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]387 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
388 0 \
389 -c "HTTP/1.0 200 ok" \
390 -c "ECDH curve: secp384r1" \
391 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
392 -c "Certificate Verify: Signature algorithm ( 0603 )" \
393 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]394
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]395requires_gnutls_tls1_3
396requires_gnutls_next_no_ticket
397requires_gnutls_next_disable_tls13_compat
398requires_config_enabled MBEDTLS_DEBUG_C
399requires_config_enabled MBEDTLS_SSL_CLI_C
400requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
401requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]402run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
403 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]404 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
405 0 \
406 -c "HTTP/1.0 200 OK" \
407 -c "ECDH curve: secp384r1" \
408 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
409 -c "Certificate Verify: Signature algorithm ( 0603 )" \
410 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]411
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]412requires_openssl_tls1_3
413requires_config_enabled MBEDTLS_DEBUG_C
414requires_config_enabled MBEDTLS_SSL_CLI_C
415requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
416requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]417run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
418 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]419 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
420 0 \
421 -c "HTTP/1.0 200 ok" \
422 -c "ECDH curve: secp521r1" \
423 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
424 -c "Certificate Verify: Signature algorithm ( 0603 )" \
425 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]426
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]427requires_gnutls_tls1_3
428requires_gnutls_next_no_ticket
429requires_gnutls_next_disable_tls13_compat
430requires_config_enabled MBEDTLS_DEBUG_C
431requires_config_enabled MBEDTLS_SSL_CLI_C
432requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
433requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]434run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
435 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]436 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
437 0 \
438 -c "HTTP/1.0 200 OK" \
439 -c "ECDH curve: secp521r1" \
440 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
441 -c "Certificate Verify: Signature algorithm ( 0603 )" \
442 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]443
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]444requires_openssl_tls1_3
445requires_config_enabled MBEDTLS_DEBUG_C
446requires_config_enabled MBEDTLS_SSL_CLI_C
447requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
448requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]449run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
450 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]451 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
452 0 \
453 -c "HTTP/1.0 200 ok" \
454 -c "ECDH curve: x25519" \
455 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
456 -c "Certificate Verify: Signature algorithm ( 0603 )" \
457 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]458
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]459requires_gnutls_tls1_3
460requires_gnutls_next_no_ticket
461requires_gnutls_next_disable_tls13_compat
462requires_config_enabled MBEDTLS_DEBUG_C
463requires_config_enabled MBEDTLS_SSL_CLI_C
464requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
465requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]466run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
467 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]468 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
469 0 \
470 -c "HTTP/1.0 200 OK" \
471 -c "ECDH curve: x25519" \
472 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
473 -c "Certificate Verify: Signature algorithm ( 0603 )" \
474 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]475
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]476requires_openssl_tls1_3
477requires_config_enabled MBEDTLS_DEBUG_C
478requires_config_enabled MBEDTLS_SSL_CLI_C
479requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
480requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]481run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
482 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]483 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
484 0 \
485 -c "HTTP/1.0 200 ok" \
486 -c "ECDH curve: x448" \
487 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
488 -c "Certificate Verify: Signature algorithm ( 0603 )" \
489 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]490
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]491requires_gnutls_tls1_3
492requires_gnutls_next_no_ticket
493requires_gnutls_next_disable_tls13_compat
494requires_config_enabled MBEDTLS_DEBUG_C
495requires_config_enabled MBEDTLS_SSL_CLI_C
496requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
497requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]498run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,ecdsa_secp521r1_sha512" \
499 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]500 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
501 0 \
502 -c "HTTP/1.0 200 OK" \
503 -c "ECDH curve: x448" \
504 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
505 -c "Certificate Verify: Signature algorithm ( 0603 )" \
506 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]507
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]508requires_openssl_tls1_3
509requires_config_enabled MBEDTLS_DEBUG_C
510requires_config_enabled MBEDTLS_SSL_CLI_C
511requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
512requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
513requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]514run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]515 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
516 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
517 0 \
518 -c "HTTP/1.0 200 ok" \
519 -c "ECDH curve: secp256r1" \
520 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
521 -c "Certificate Verify: Signature algorithm ( 0804 )" \
522 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]523
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]524requires_gnutls_tls1_3
525requires_gnutls_next_no_ticket
526requires_gnutls_next_disable_tls13_compat
527requires_config_enabled MBEDTLS_DEBUG_C
528requires_config_enabled MBEDTLS_SSL_CLI_C
529requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
530requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
531requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]532run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
533 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]534 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
535 0 \
536 -c "HTTP/1.0 200 OK" \
537 -c "ECDH curve: secp256r1" \
538 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
539 -c "Certificate Verify: Signature algorithm ( 0804 )" \
540 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]541
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]542requires_openssl_tls1_3
543requires_config_enabled MBEDTLS_DEBUG_C
544requires_config_enabled MBEDTLS_SSL_CLI_C
545requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
546requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
547requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]548run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]549 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
550 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
551 0 \
552 -c "HTTP/1.0 200 ok" \
553 -c "ECDH curve: secp384r1" \
554 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
555 -c "Certificate Verify: Signature algorithm ( 0804 )" \
556 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]557
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]558requires_gnutls_tls1_3
559requires_gnutls_next_no_ticket
560requires_gnutls_next_disable_tls13_compat
561requires_config_enabled MBEDTLS_DEBUG_C
562requires_config_enabled MBEDTLS_SSL_CLI_C
563requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
564requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
565requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]566run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
567 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]568 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
569 0 \
570 -c "HTTP/1.0 200 OK" \
571 -c "ECDH curve: secp384r1" \
572 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
573 -c "Certificate Verify: Signature algorithm ( 0804 )" \
574 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]575
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]576requires_openssl_tls1_3
577requires_config_enabled MBEDTLS_DEBUG_C
578requires_config_enabled MBEDTLS_SSL_CLI_C
579requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
580requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
581requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]582run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]583 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
584 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
585 0 \
586 -c "HTTP/1.0 200 ok" \
587 -c "ECDH curve: secp521r1" \
588 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
589 -c "Certificate Verify: Signature algorithm ( 0804 )" \
590 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]591
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]592requires_gnutls_tls1_3
593requires_gnutls_next_no_ticket
594requires_gnutls_next_disable_tls13_compat
595requires_config_enabled MBEDTLS_DEBUG_C
596requires_config_enabled MBEDTLS_SSL_CLI_C
597requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
598requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
599requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]600run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
601 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]602 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
603 0 \
604 -c "HTTP/1.0 200 OK" \
605 -c "ECDH curve: secp521r1" \
606 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
607 -c "Certificate Verify: Signature algorithm ( 0804 )" \
608 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]609
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]610requires_openssl_tls1_3
611requires_config_enabled MBEDTLS_DEBUG_C
612requires_config_enabled MBEDTLS_SSL_CLI_C
613requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
614requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
615requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]616run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]617 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
618 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
619 0 \
620 -c "HTTP/1.0 200 ok" \
621 -c "ECDH curve: x25519" \
622 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
623 -c "Certificate Verify: Signature algorithm ( 0804 )" \
624 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]625
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]626requires_gnutls_tls1_3
627requires_gnutls_next_no_ticket
628requires_gnutls_next_disable_tls13_compat
629requires_config_enabled MBEDTLS_DEBUG_C
630requires_config_enabled MBEDTLS_SSL_CLI_C
631requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
632requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
633requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]634run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x25519,rsa_pss_rsae_sha256" \
635 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]636 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
637 0 \
638 -c "HTTP/1.0 200 OK" \
639 -c "ECDH curve: x25519" \
640 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
641 -c "Certificate Verify: Signature algorithm ( 0804 )" \
642 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]643
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]644requires_openssl_tls1_3
645requires_config_enabled MBEDTLS_DEBUG_C
646requires_config_enabled MBEDTLS_SSL_CLI_C
647requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
648requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
649requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]650run_test "TLS 1.3 m->O: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]651 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
652 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
653 0 \
654 -c "HTTP/1.0 200 ok" \
655 -c "ECDH curve: x448" \
656 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
657 -c "Certificate Verify: Signature algorithm ( 0804 )" \
658 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]659
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]660requires_gnutls_tls1_3
661requires_gnutls_next_no_ticket
662requires_gnutls_next_disable_tls13_compat
663requires_config_enabled MBEDTLS_DEBUG_C
664requires_config_enabled MBEDTLS_SSL_CLI_C
665requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
666requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
667requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]668run_test "TLS 1.3 m->G: TLS_AES_128_GCM_SHA256,x448,rsa_pss_rsae_sha256" \
669 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-GCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]670 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
671 0 \
672 -c "HTTP/1.0 200 OK" \
673 -c "ECDH curve: x448" \
674 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
675 -c "Certificate Verify: Signature algorithm ( 0804 )" \
676 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]677
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]678requires_openssl_tls1_3
679requires_config_enabled MBEDTLS_DEBUG_C
680requires_config_enabled MBEDTLS_SSL_CLI_C
681requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
682requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]683run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
684 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]685 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
686 0 \
687 -c "HTTP/1.0 200 ok" \
688 -c "ECDH curve: secp256r1" \
689 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
690 -c "Certificate Verify: Signature algorithm ( 0403 )" \
691 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]692
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]693requires_gnutls_tls1_3
694requires_gnutls_next_no_ticket
695requires_gnutls_next_disable_tls13_compat
696requires_config_enabled MBEDTLS_DEBUG_C
697requires_config_enabled MBEDTLS_SSL_CLI_C
698requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
699requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]700run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp256r1_sha256" \
701 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]702 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
703 0 \
704 -c "HTTP/1.0 200 OK" \
705 -c "ECDH curve: secp256r1" \
706 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
707 -c "Certificate Verify: Signature algorithm ( 0403 )" \
708 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]709
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]710requires_openssl_tls1_3
711requires_config_enabled MBEDTLS_DEBUG_C
712requires_config_enabled MBEDTLS_SSL_CLI_C
713requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
714requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]715run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
716 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]717 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
718 0 \
719 -c "HTTP/1.0 200 ok" \
720 -c "ECDH curve: secp384r1" \
721 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
722 -c "Certificate Verify: Signature algorithm ( 0403 )" \
723 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]724
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]725requires_gnutls_tls1_3
726requires_gnutls_next_no_ticket
727requires_gnutls_next_disable_tls13_compat
728requires_config_enabled MBEDTLS_DEBUG_C
729requires_config_enabled MBEDTLS_SSL_CLI_C
730requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
731requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]732run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp256r1_sha256" \
733 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]734 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
735 0 \
736 -c "HTTP/1.0 200 OK" \
737 -c "ECDH curve: secp384r1" \
738 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
739 -c "Certificate Verify: Signature algorithm ( 0403 )" \
740 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]741
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]742requires_openssl_tls1_3
743requires_config_enabled MBEDTLS_DEBUG_C
744requires_config_enabled MBEDTLS_SSL_CLI_C
745requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
746requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]747run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
748 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]749 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
750 0 \
751 -c "HTTP/1.0 200 ok" \
752 -c "ECDH curve: secp521r1" \
753 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
754 -c "Certificate Verify: Signature algorithm ( 0403 )" \
755 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]756
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]757requires_gnutls_tls1_3
758requires_gnutls_next_no_ticket
759requires_gnutls_next_disable_tls13_compat
760requires_config_enabled MBEDTLS_DEBUG_C
761requires_config_enabled MBEDTLS_SSL_CLI_C
762requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
763requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]764run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp256r1_sha256" \
765 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]766 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
767 0 \
768 -c "HTTP/1.0 200 OK" \
769 -c "ECDH curve: secp521r1" \
770 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
771 -c "Certificate Verify: Signature algorithm ( 0403 )" \
772 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]773
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]774requires_openssl_tls1_3
775requires_config_enabled MBEDTLS_DEBUG_C
776requires_config_enabled MBEDTLS_SSL_CLI_C
777requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
778requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]779run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
780 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]781 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
782 0 \
783 -c "HTTP/1.0 200 ok" \
784 -c "ECDH curve: x25519" \
785 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
786 -c "Certificate Verify: Signature algorithm ( 0403 )" \
787 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]788
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]789requires_gnutls_tls1_3
790requires_gnutls_next_no_ticket
791requires_gnutls_next_disable_tls13_compat
792requires_config_enabled MBEDTLS_DEBUG_C
793requires_config_enabled MBEDTLS_SSL_CLI_C
794requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
795requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]796run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp256r1_sha256" \
797 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]798 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
799 0 \
800 -c "HTTP/1.0 200 OK" \
801 -c "ECDH curve: x25519" \
802 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
803 -c "Certificate Verify: Signature algorithm ( 0403 )" \
804 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]805
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]806requires_openssl_tls1_3
807requires_config_enabled MBEDTLS_DEBUG_C
808requires_config_enabled MBEDTLS_SSL_CLI_C
809requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
810requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]811run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
812 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]813 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
814 0 \
815 -c "HTTP/1.0 200 ok" \
816 -c "ECDH curve: x448" \
817 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
818 -c "Certificate Verify: Signature algorithm ( 0403 )" \
819 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]820
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]821requires_gnutls_tls1_3
822requires_gnutls_next_no_ticket
823requires_gnutls_next_disable_tls13_compat
824requires_config_enabled MBEDTLS_DEBUG_C
825requires_config_enabled MBEDTLS_SSL_CLI_C
826requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
827requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]828run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp256r1_sha256" \
829 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]830 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
831 0 \
832 -c "HTTP/1.0 200 OK" \
833 -c "ECDH curve: x448" \
834 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
835 -c "Certificate Verify: Signature algorithm ( 0403 )" \
836 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]837
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]838requires_openssl_tls1_3
839requires_config_enabled MBEDTLS_DEBUG_C
840requires_config_enabled MBEDTLS_SSL_CLI_C
841requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
842requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]843run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
844 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]845 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
846 0 \
847 -c "HTTP/1.0 200 ok" \
848 -c "ECDH curve: secp256r1" \
849 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
850 -c "Certificate Verify: Signature algorithm ( 0503 )" \
851 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]852
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]853requires_gnutls_tls1_3
854requires_gnutls_next_no_ticket
855requires_gnutls_next_disable_tls13_compat
856requires_config_enabled MBEDTLS_DEBUG_C
857requires_config_enabled MBEDTLS_SSL_CLI_C
858requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
859requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]860run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp384r1_sha384" \
861 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]862 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
863 0 \
864 -c "HTTP/1.0 200 OK" \
865 -c "ECDH curve: secp256r1" \
866 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
867 -c "Certificate Verify: Signature algorithm ( 0503 )" \
868 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]869
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]870requires_openssl_tls1_3
871requires_config_enabled MBEDTLS_DEBUG_C
872requires_config_enabled MBEDTLS_SSL_CLI_C
873requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
874requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]875run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
876 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]877 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
878 0 \
879 -c "HTTP/1.0 200 ok" \
880 -c "ECDH curve: secp384r1" \
881 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
882 -c "Certificate Verify: Signature algorithm ( 0503 )" \
883 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]884
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]885requires_gnutls_tls1_3
886requires_gnutls_next_no_ticket
887requires_gnutls_next_disable_tls13_compat
888requires_config_enabled MBEDTLS_DEBUG_C
889requires_config_enabled MBEDTLS_SSL_CLI_C
890requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
891requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]892run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp384r1_sha384" \
893 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]894 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
895 0 \
896 -c "HTTP/1.0 200 OK" \
897 -c "ECDH curve: secp384r1" \
898 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
899 -c "Certificate Verify: Signature algorithm ( 0503 )" \
900 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]901
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]902requires_openssl_tls1_3
903requires_config_enabled MBEDTLS_DEBUG_C
904requires_config_enabled MBEDTLS_SSL_CLI_C
905requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
906requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]907run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
908 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]909 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
910 0 \
911 -c "HTTP/1.0 200 ok" \
912 -c "ECDH curve: secp521r1" \
913 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
914 -c "Certificate Verify: Signature algorithm ( 0503 )" \
915 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]916
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]917requires_gnutls_tls1_3
918requires_gnutls_next_no_ticket
919requires_gnutls_next_disable_tls13_compat
920requires_config_enabled MBEDTLS_DEBUG_C
921requires_config_enabled MBEDTLS_SSL_CLI_C
922requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
923requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]924run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp384r1_sha384" \
925 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]926 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
927 0 \
928 -c "HTTP/1.0 200 OK" \
929 -c "ECDH curve: secp521r1" \
930 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
931 -c "Certificate Verify: Signature algorithm ( 0503 )" \
932 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]933
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]934requires_openssl_tls1_3
935requires_config_enabled MBEDTLS_DEBUG_C
936requires_config_enabled MBEDTLS_SSL_CLI_C
937requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
938requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]939run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
940 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]941 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
942 0 \
943 -c "HTTP/1.0 200 ok" \
944 -c "ECDH curve: x25519" \
945 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
946 -c "Certificate Verify: Signature algorithm ( 0503 )" \
947 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]948
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]949requires_gnutls_tls1_3
950requires_gnutls_next_no_ticket
951requires_gnutls_next_disable_tls13_compat
952requires_config_enabled MBEDTLS_DEBUG_C
953requires_config_enabled MBEDTLS_SSL_CLI_C
954requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
955requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]956run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp384r1_sha384" \
957 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]958 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
959 0 \
960 -c "HTTP/1.0 200 OK" \
961 -c "ECDH curve: x25519" \
962 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
963 -c "Certificate Verify: Signature algorithm ( 0503 )" \
964 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]965
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]966requires_openssl_tls1_3
967requires_config_enabled MBEDTLS_DEBUG_C
968requires_config_enabled MBEDTLS_SSL_CLI_C
969requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
970requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]971run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
972 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]973 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
974 0 \
975 -c "HTTP/1.0 200 ok" \
976 -c "ECDH curve: x448" \
977 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
978 -c "Certificate Verify: Signature algorithm ( 0503 )" \
979 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]980
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]981requires_gnutls_tls1_3
982requires_gnutls_next_no_ticket
983requires_gnutls_next_disable_tls13_compat
984requires_config_enabled MBEDTLS_DEBUG_C
985requires_config_enabled MBEDTLS_SSL_CLI_C
986requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
987requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]988run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp384r1_sha384" \
989 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]990 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
991 0 \
992 -c "HTTP/1.0 200 OK" \
993 -c "ECDH curve: x448" \
994 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
995 -c "Certificate Verify: Signature algorithm ( 0503 )" \
996 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]997
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]998requires_openssl_tls1_3
999requires_config_enabled MBEDTLS_DEBUG_C
1000requires_config_enabled MBEDTLS_SSL_CLI_C
1001requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1002requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1003run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
1004 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1005 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1006 0 \
1007 -c "HTTP/1.0 200 ok" \
1008 -c "ECDH curve: secp256r1" \
1009 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1010 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1011 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1012
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1013requires_gnutls_tls1_3
1014requires_gnutls_next_no_ticket
1015requires_gnutls_next_disable_tls13_compat
1016requires_config_enabled MBEDTLS_DEBUG_C
1017requires_config_enabled MBEDTLS_SSL_CLI_C
1018requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1019requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1020run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,ecdsa_secp521r1_sha512" \
1021 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1022 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1023 0 \
1024 -c "HTTP/1.0 200 OK" \
1025 -c "ECDH curve: secp256r1" \
1026 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1027 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1028 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1029
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1030requires_openssl_tls1_3
1031requires_config_enabled MBEDTLS_DEBUG_C
1032requires_config_enabled MBEDTLS_SSL_CLI_C
1033requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1034requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1035run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
1036 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1037 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1038 0 \
1039 -c "HTTP/1.0 200 ok" \
1040 -c "ECDH curve: secp384r1" \
1041 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1042 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1043 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1044
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1045requires_gnutls_tls1_3
1046requires_gnutls_next_no_ticket
1047requires_gnutls_next_disable_tls13_compat
1048requires_config_enabled MBEDTLS_DEBUG_C
1049requires_config_enabled MBEDTLS_SSL_CLI_C
1050requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1051requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1052run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,ecdsa_secp521r1_sha512" \
1053 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1054 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1055 0 \
1056 -c "HTTP/1.0 200 OK" \
1057 -c "ECDH curve: secp384r1" \
1058 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1059 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1060 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1061
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1062requires_openssl_tls1_3
1063requires_config_enabled MBEDTLS_DEBUG_C
1064requires_config_enabled MBEDTLS_SSL_CLI_C
1065requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1066requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1067run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
1068 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1069 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1070 0 \
1071 -c "HTTP/1.0 200 ok" \
1072 -c "ECDH curve: secp521r1" \
1073 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1074 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1075 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1076
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1077requires_gnutls_tls1_3
1078requires_gnutls_next_no_ticket
1079requires_gnutls_next_disable_tls13_compat
1080requires_config_enabled MBEDTLS_DEBUG_C
1081requires_config_enabled MBEDTLS_SSL_CLI_C
1082requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1083requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1084run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,ecdsa_secp521r1_sha512" \
1085 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1086 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1087 0 \
1088 -c "HTTP/1.0 200 OK" \
1089 -c "ECDH curve: secp521r1" \
1090 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1091 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1092 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1093
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1094requires_openssl_tls1_3
1095requires_config_enabled MBEDTLS_DEBUG_C
1096requires_config_enabled MBEDTLS_SSL_CLI_C
1097requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1098requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1099run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
1100 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1101 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1102 0 \
1103 -c "HTTP/1.0 200 ok" \
1104 -c "ECDH curve: x25519" \
1105 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1106 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1107 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1108
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1109requires_gnutls_tls1_3
1110requires_gnutls_next_no_ticket
1111requires_gnutls_next_disable_tls13_compat
1112requires_config_enabled MBEDTLS_DEBUG_C
1113requires_config_enabled MBEDTLS_SSL_CLI_C
1114requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1115requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1116run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,ecdsa_secp521r1_sha512" \
1117 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1118 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1119 0 \
1120 -c "HTTP/1.0 200 OK" \
1121 -c "ECDH curve: x25519" \
1122 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1123 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1124 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1125
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1126requires_openssl_tls1_3
1127requires_config_enabled MBEDTLS_DEBUG_C
1128requires_config_enabled MBEDTLS_SSL_CLI_C
1129requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1130requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1131run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
1132 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1133 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1134 0 \
1135 -c "HTTP/1.0 200 ok" \
1136 -c "ECDH curve: x448" \
1137 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1138 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1139 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1140
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1141requires_gnutls_tls1_3
1142requires_gnutls_next_no_ticket
1143requires_gnutls_next_disable_tls13_compat
1144requires_config_enabled MBEDTLS_DEBUG_C
1145requires_config_enabled MBEDTLS_SSL_CLI_C
1146requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1147requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1148run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,ecdsa_secp521r1_sha512" \
1149 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1150 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1151 0 \
1152 -c "HTTP/1.0 200 OK" \
1153 -c "ECDH curve: x448" \
1154 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1155 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1156 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1157
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1158requires_openssl_tls1_3
1159requires_config_enabled MBEDTLS_DEBUG_C
1160requires_config_enabled MBEDTLS_SSL_CLI_C
1161requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1162requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1163requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1164run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1165 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1166 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
1167 0 \
1168 -c "HTTP/1.0 200 ok" \
1169 -c "ECDH curve: secp256r1" \
1170 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1171 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1172 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1173
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1174requires_gnutls_tls1_3
1175requires_gnutls_next_no_ticket
1176requires_gnutls_next_disable_tls13_compat
1177requires_config_enabled MBEDTLS_DEBUG_C
1178requires_config_enabled MBEDTLS_SSL_CLI_C
1179requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1180requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1181requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1182run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp256r1,rsa_pss_rsae_sha256" \
1183 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP256R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1184 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
1185 0 \
1186 -c "HTTP/1.0 200 OK" \
1187 -c "ECDH curve: secp256r1" \
1188 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1189 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1190 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1191
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1192requires_openssl_tls1_3
1193requires_config_enabled MBEDTLS_DEBUG_C
1194requires_config_enabled MBEDTLS_SSL_CLI_C
1195requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1196requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1197requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1198run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1199 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1200 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
1201 0 \
1202 -c "HTTP/1.0 200 ok" \
1203 -c "ECDH curve: secp384r1" \
1204 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1205 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1206 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1207
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1208requires_gnutls_tls1_3
1209requires_gnutls_next_no_ticket
1210requires_gnutls_next_disable_tls13_compat
1211requires_config_enabled MBEDTLS_DEBUG_C
1212requires_config_enabled MBEDTLS_SSL_CLI_C
1213requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1214requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1215requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1216run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp384r1,rsa_pss_rsae_sha256" \
1217 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP384R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1218 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
1219 0 \
1220 -c "HTTP/1.0 200 OK" \
1221 -c "ECDH curve: secp384r1" \
1222 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1223 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1224 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1225
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1226requires_openssl_tls1_3
1227requires_config_enabled MBEDTLS_DEBUG_C
1228requires_config_enabled MBEDTLS_SSL_CLI_C
1229requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1230requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1231requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1232run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1233 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1234 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
1235 0 \
1236 -c "HTTP/1.0 200 ok" \
1237 -c "ECDH curve: secp521r1" \
1238 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1239 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1240 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1241
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1242requires_gnutls_tls1_3
1243requires_gnutls_next_no_ticket
1244requires_gnutls_next_disable_tls13_compat
1245requires_config_enabled MBEDTLS_DEBUG_C
1246requires_config_enabled MBEDTLS_SSL_CLI_C
1247requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1248requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1249requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1250run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,secp521r1,rsa_pss_rsae_sha256" \
1251 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-SECP521R1:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1252 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
1253 0 \
1254 -c "HTTP/1.0 200 OK" \
1255 -c "ECDH curve: secp521r1" \
1256 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1257 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1258 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1259
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1260requires_openssl_tls1_3
1261requires_config_enabled MBEDTLS_DEBUG_C
1262requires_config_enabled MBEDTLS_SSL_CLI_C
1263requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1264requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1265requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1266run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1267 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1268 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
1269 0 \
1270 -c "HTTP/1.0 200 ok" \
1271 -c "ECDH curve: x25519" \
1272 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1273 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1274 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1275
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1276requires_gnutls_tls1_3
1277requires_gnutls_next_no_ticket
1278requires_gnutls_next_disable_tls13_compat
1279requires_config_enabled MBEDTLS_DEBUG_C
1280requires_config_enabled MBEDTLS_SSL_CLI_C
1281requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1282requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1283requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1284run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x25519,rsa_pss_rsae_sha256" \
1285 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X25519:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1286 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
1287 0 \
1288 -c "HTTP/1.0 200 OK" \
1289 -c "ECDH curve: x25519" \
1290 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1291 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1292 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1293
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1294requires_openssl_tls1_3
1295requires_config_enabled MBEDTLS_DEBUG_C
1296requires_config_enabled MBEDTLS_SSL_CLI_C
1297requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1298requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1299requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1300run_test "TLS 1.3 m->O: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1301 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1302 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
1303 0 \
1304 -c "HTTP/1.0 200 ok" \
1305 -c "ECDH curve: x448" \
1306 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1307 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1308 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1309
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1310requires_gnutls_tls1_3
1311requires_gnutls_next_no_ticket
1312requires_gnutls_next_disable_tls13_compat
1313requires_config_enabled MBEDTLS_DEBUG_C
1314requires_config_enabled MBEDTLS_SSL_CLI_C
1315requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1316requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1317requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1318run_test "TLS 1.3 m->G: TLS_AES_256_GCM_SHA384,x448,rsa_pss_rsae_sha256" \
1319 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-256-GCM:+GROUP-X448:+SHA384:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1320 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
1321 0 \
1322 -c "HTTP/1.0 200 OK" \
1323 -c "ECDH curve: x448" \
1324 -c "server hello, chosen ciphersuite: ( 1302 ) - TLS1-3-AES-256-GCM-SHA384" \
1325 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1326 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1327
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1328requires_openssl_tls1_3
1329requires_config_enabled MBEDTLS_DEBUG_C
1330requires_config_enabled MBEDTLS_SSL_CLI_C
1331requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1332requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1333run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
1334 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1335 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1336 0 \
1337 -c "HTTP/1.0 200 ok" \
1338 -c "ECDH curve: secp256r1" \
1339 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1340 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1341 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1342
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1343requires_gnutls_tls1_3
1344requires_gnutls_next_no_ticket
1345requires_gnutls_next_disable_tls13_compat
1346requires_config_enabled MBEDTLS_DEBUG_C
1347requires_config_enabled MBEDTLS_SSL_CLI_C
1348requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1349requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1350run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
1351 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1352 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1353 0 \
1354 -c "HTTP/1.0 200 OK" \
1355 -c "ECDH curve: secp256r1" \
1356 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1357 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1358 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1359
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1360requires_openssl_tls1_3
1361requires_config_enabled MBEDTLS_DEBUG_C
1362requires_config_enabled MBEDTLS_SSL_CLI_C
1363requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1364requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1365run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
1366 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1367 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1368 0 \
1369 -c "HTTP/1.0 200 ok" \
1370 -c "ECDH curve: secp384r1" \
1371 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1372 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1373 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1374
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1375requires_gnutls_tls1_3
1376requires_gnutls_next_no_ticket
1377requires_gnutls_next_disable_tls13_compat
1378requires_config_enabled MBEDTLS_DEBUG_C
1379requires_config_enabled MBEDTLS_SSL_CLI_C
1380requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1381requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1382run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
1383 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1384 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1385 0 \
1386 -c "HTTP/1.0 200 OK" \
1387 -c "ECDH curve: secp384r1" \
1388 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1389 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1390 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1391
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1392requires_openssl_tls1_3
1393requires_config_enabled MBEDTLS_DEBUG_C
1394requires_config_enabled MBEDTLS_SSL_CLI_C
1395requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1396requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1397run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
1398 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1399 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1400 0 \
1401 -c "HTTP/1.0 200 ok" \
1402 -c "ECDH curve: secp521r1" \
1403 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1404 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1405 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1406
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1407requires_gnutls_tls1_3
1408requires_gnutls_next_no_ticket
1409requires_gnutls_next_disable_tls13_compat
1410requires_config_enabled MBEDTLS_DEBUG_C
1411requires_config_enabled MBEDTLS_SSL_CLI_C
1412requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1413requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1414run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
1415 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1416 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1417 0 \
1418 -c "HTTP/1.0 200 OK" \
1419 -c "ECDH curve: secp521r1" \
1420 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1421 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1422 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1423
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1424requires_openssl_tls1_3
1425requires_config_enabled MBEDTLS_DEBUG_C
1426requires_config_enabled MBEDTLS_SSL_CLI_C
1427requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1428requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1429run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
1430 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1431 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1432 0 \
1433 -c "HTTP/1.0 200 ok" \
1434 -c "ECDH curve: x25519" \
1435 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1436 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1437 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1438
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1439requires_gnutls_tls1_3
1440requires_gnutls_next_no_ticket
1441requires_gnutls_next_disable_tls13_compat
1442requires_config_enabled MBEDTLS_DEBUG_C
1443requires_config_enabled MBEDTLS_SSL_CLI_C
1444requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1445requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1446run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp256r1_sha256" \
1447 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1448 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1449 0 \
1450 -c "HTTP/1.0 200 OK" \
1451 -c "ECDH curve: x25519" \
1452 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1453 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1454 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1455
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1456requires_openssl_tls1_3
1457requires_config_enabled MBEDTLS_DEBUG_C
1458requires_config_enabled MBEDTLS_SSL_CLI_C
1459requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1460requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1461run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
1462 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1463 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1464 0 \
1465 -c "HTTP/1.0 200 ok" \
1466 -c "ECDH curve: x448" \
1467 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1468 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1469 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1470
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1471requires_gnutls_tls1_3
1472requires_gnutls_next_no_ticket
1473requires_gnutls_next_disable_tls13_compat
1474requires_config_enabled MBEDTLS_DEBUG_C
1475requires_config_enabled MBEDTLS_SSL_CLI_C
1476requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1477requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1478run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp256r1_sha256" \
1479 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1480 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1481 0 \
1482 -c "HTTP/1.0 200 OK" \
1483 -c "ECDH curve: x448" \
1484 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1485 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1486 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1487
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1488requires_openssl_tls1_3
1489requires_config_enabled MBEDTLS_DEBUG_C
1490requires_config_enabled MBEDTLS_SSL_CLI_C
1491requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1492requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1493run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
1494 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1495 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1496 0 \
1497 -c "HTTP/1.0 200 ok" \
1498 -c "ECDH curve: secp256r1" \
1499 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1500 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1501 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1502
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1503requires_gnutls_tls1_3
1504requires_gnutls_next_no_ticket
1505requires_gnutls_next_disable_tls13_compat
1506requires_config_enabled MBEDTLS_DEBUG_C
1507requires_config_enabled MBEDTLS_SSL_CLI_C
1508requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1509requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1510run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
1511 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1512 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1513 0 \
1514 -c "HTTP/1.0 200 OK" \
1515 -c "ECDH curve: secp256r1" \
1516 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1517 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1518 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1519
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1520requires_openssl_tls1_3
1521requires_config_enabled MBEDTLS_DEBUG_C
1522requires_config_enabled MBEDTLS_SSL_CLI_C
1523requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1524requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1525run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
1526 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1527 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1528 0 \
1529 -c "HTTP/1.0 200 ok" \
1530 -c "ECDH curve: secp384r1" \
1531 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1532 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1533 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1534
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1535requires_gnutls_tls1_3
1536requires_gnutls_next_no_ticket
1537requires_gnutls_next_disable_tls13_compat
1538requires_config_enabled MBEDTLS_DEBUG_C
1539requires_config_enabled MBEDTLS_SSL_CLI_C
1540requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1541requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1542run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
1543 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1544 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1545 0 \
1546 -c "HTTP/1.0 200 OK" \
1547 -c "ECDH curve: secp384r1" \
1548 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1549 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1550 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1551
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1552requires_openssl_tls1_3
1553requires_config_enabled MBEDTLS_DEBUG_C
1554requires_config_enabled MBEDTLS_SSL_CLI_C
1555requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1556requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1557run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
1558 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1559 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1560 0 \
1561 -c "HTTP/1.0 200 ok" \
1562 -c "ECDH curve: secp521r1" \
1563 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1564 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1565 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1566
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1567requires_gnutls_tls1_3
1568requires_gnutls_next_no_ticket
1569requires_gnutls_next_disable_tls13_compat
1570requires_config_enabled MBEDTLS_DEBUG_C
1571requires_config_enabled MBEDTLS_SSL_CLI_C
1572requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1573requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1574run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
1575 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1576 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1577 0 \
1578 -c "HTTP/1.0 200 OK" \
1579 -c "ECDH curve: secp521r1" \
1580 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1581 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1582 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1583
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1584requires_openssl_tls1_3
1585requires_config_enabled MBEDTLS_DEBUG_C
1586requires_config_enabled MBEDTLS_SSL_CLI_C
1587requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1588requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1589run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
1590 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1591 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1592 0 \
1593 -c "HTTP/1.0 200 ok" \
1594 -c "ECDH curve: x25519" \
1595 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1596 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1597 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1598
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1599requires_gnutls_tls1_3
1600requires_gnutls_next_no_ticket
1601requires_gnutls_next_disable_tls13_compat
1602requires_config_enabled MBEDTLS_DEBUG_C
1603requires_config_enabled MBEDTLS_SSL_CLI_C
1604requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1605requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1606run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp384r1_sha384" \
1607 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1608 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1609 0 \
1610 -c "HTTP/1.0 200 OK" \
1611 -c "ECDH curve: x25519" \
1612 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1613 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1614 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1615
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1616requires_openssl_tls1_3
1617requires_config_enabled MBEDTLS_DEBUG_C
1618requires_config_enabled MBEDTLS_SSL_CLI_C
1619requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1620requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1621run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
1622 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1623 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1624 0 \
1625 -c "HTTP/1.0 200 ok" \
1626 -c "ECDH curve: x448" \
1627 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1628 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1629 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1630
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1631requires_gnutls_tls1_3
1632requires_gnutls_next_no_ticket
1633requires_gnutls_next_disable_tls13_compat
1634requires_config_enabled MBEDTLS_DEBUG_C
1635requires_config_enabled MBEDTLS_SSL_CLI_C
1636requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1637requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1638run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp384r1_sha384" \
1639 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1640 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
1641 0 \
1642 -c "HTTP/1.0 200 OK" \
1643 -c "ECDH curve: x448" \
1644 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1645 -c "Certificate Verify: Signature algorithm ( 0503 )" \
1646 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1647
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1648requires_openssl_tls1_3
1649requires_config_enabled MBEDTLS_DEBUG_C
1650requires_config_enabled MBEDTLS_SSL_CLI_C
1651requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1652requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1653run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
1654 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1655 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1656 0 \
1657 -c "HTTP/1.0 200 ok" \
1658 -c "ECDH curve: secp256r1" \
1659 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1660 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1661 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1662
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1663requires_gnutls_tls1_3
1664requires_gnutls_next_no_ticket
1665requires_gnutls_next_disable_tls13_compat
1666requires_config_enabled MBEDTLS_DEBUG_C
1667requires_config_enabled MBEDTLS_SSL_CLI_C
1668requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1669requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1670run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
1671 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1672 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1673 0 \
1674 -c "HTTP/1.0 200 OK" \
1675 -c "ECDH curve: secp256r1" \
1676 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1677 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1678 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1679
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1680requires_openssl_tls1_3
1681requires_config_enabled MBEDTLS_DEBUG_C
1682requires_config_enabled MBEDTLS_SSL_CLI_C
1683requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1684requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1685run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
1686 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1687 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1688 0 \
1689 -c "HTTP/1.0 200 ok" \
1690 -c "ECDH curve: secp384r1" \
1691 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1692 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1693 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1694
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1695requires_gnutls_tls1_3
1696requires_gnutls_next_no_ticket
1697requires_gnutls_next_disable_tls13_compat
1698requires_config_enabled MBEDTLS_DEBUG_C
1699requires_config_enabled MBEDTLS_SSL_CLI_C
1700requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1701requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1702run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
1703 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1704 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1705 0 \
1706 -c "HTTP/1.0 200 OK" \
1707 -c "ECDH curve: secp384r1" \
1708 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1709 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1710 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1711
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1712requires_openssl_tls1_3
1713requires_config_enabled MBEDTLS_DEBUG_C
1714requires_config_enabled MBEDTLS_SSL_CLI_C
1715requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1716requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1717run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
1718 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1719 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1720 0 \
1721 -c "HTTP/1.0 200 ok" \
1722 -c "ECDH curve: secp521r1" \
1723 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1724 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1725 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1726
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1727requires_gnutls_tls1_3
1728requires_gnutls_next_no_ticket
1729requires_gnutls_next_disable_tls13_compat
1730requires_config_enabled MBEDTLS_DEBUG_C
1731requires_config_enabled MBEDTLS_SSL_CLI_C
1732requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1733requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1734run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
1735 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1736 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1737 0 \
1738 -c "HTTP/1.0 200 OK" \
1739 -c "ECDH curve: secp521r1" \
1740 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1741 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1742 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1743
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1744requires_openssl_tls1_3
1745requires_config_enabled MBEDTLS_DEBUG_C
1746requires_config_enabled MBEDTLS_SSL_CLI_C
1747requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1748requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1749run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
1750 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1751 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1752 0 \
1753 -c "HTTP/1.0 200 ok" \
1754 -c "ECDH curve: x25519" \
1755 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1756 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1757 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1758
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1759requires_gnutls_tls1_3
1760requires_gnutls_next_no_ticket
1761requires_gnutls_next_disable_tls13_compat
1762requires_config_enabled MBEDTLS_DEBUG_C
1763requires_config_enabled MBEDTLS_SSL_CLI_C
1764requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1765requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1766run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,ecdsa_secp521r1_sha512" \
1767 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1768 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1769 0 \
1770 -c "HTTP/1.0 200 OK" \
1771 -c "ECDH curve: x25519" \
1772 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1773 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1774 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1775
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1776requires_openssl_tls1_3
1777requires_config_enabled MBEDTLS_DEBUG_C
1778requires_config_enabled MBEDTLS_SSL_CLI_C
1779requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1780requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1781run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
1782 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1783 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1784 0 \
1785 -c "HTTP/1.0 200 ok" \
1786 -c "ECDH curve: x448" \
1787 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1788 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1789 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1790
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1791requires_gnutls_tls1_3
1792requires_gnutls_next_no_ticket
1793requires_gnutls_next_disable_tls13_compat
1794requires_config_enabled MBEDTLS_DEBUG_C
1795requires_config_enabled MBEDTLS_SSL_CLI_C
1796requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1797requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1798run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,ecdsa_secp521r1_sha512" \
1799 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1800 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
1801 0 \
1802 -c "HTTP/1.0 200 OK" \
1803 -c "ECDH curve: x448" \
1804 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1805 -c "Certificate Verify: Signature algorithm ( 0603 )" \
1806 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1807
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1808requires_openssl_tls1_3
1809requires_config_enabled MBEDTLS_DEBUG_C
1810requires_config_enabled MBEDTLS_SSL_CLI_C
1811requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1812requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1813requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1814run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1815 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1816 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
1817 0 \
1818 -c "HTTP/1.0 200 ok" \
1819 -c "ECDH curve: secp256r1" \
1820 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1821 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1822 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1823
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1824requires_gnutls_tls1_3
1825requires_gnutls_next_no_ticket
1826requires_gnutls_next_disable_tls13_compat
1827requires_config_enabled MBEDTLS_DEBUG_C
1828requires_config_enabled MBEDTLS_SSL_CLI_C
1829requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1830requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1831requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1832run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp256r1,rsa_pss_rsae_sha256" \
1833 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1834 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
1835 0 \
1836 -c "HTTP/1.0 200 OK" \
1837 -c "ECDH curve: secp256r1" \
1838 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1839 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1840 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1841
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1842requires_openssl_tls1_3
1843requires_config_enabled MBEDTLS_DEBUG_C
1844requires_config_enabled MBEDTLS_SSL_CLI_C
1845requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1846requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1847requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1848run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1849 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1850 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
1851 0 \
1852 -c "HTTP/1.0 200 ok" \
1853 -c "ECDH curve: secp384r1" \
1854 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1855 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1856 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1857
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1858requires_gnutls_tls1_3
1859requires_gnutls_next_no_ticket
1860requires_gnutls_next_disable_tls13_compat
1861requires_config_enabled MBEDTLS_DEBUG_C
1862requires_config_enabled MBEDTLS_SSL_CLI_C
1863requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1864requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1865requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1866run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp384r1,rsa_pss_rsae_sha256" \
1867 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1868 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
1869 0 \
1870 -c "HTTP/1.0 200 OK" \
1871 -c "ECDH curve: secp384r1" \
1872 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1873 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1874 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1875
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1876requires_openssl_tls1_3
1877requires_config_enabled MBEDTLS_DEBUG_C
1878requires_config_enabled MBEDTLS_SSL_CLI_C
1879requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1880requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1881requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1882run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1883 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1884 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
1885 0 \
1886 -c "HTTP/1.0 200 ok" \
1887 -c "ECDH curve: secp521r1" \
1888 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1889 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1890 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1891
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1892requires_gnutls_tls1_3
1893requires_gnutls_next_no_ticket
1894requires_gnutls_next_disable_tls13_compat
1895requires_config_enabled MBEDTLS_DEBUG_C
1896requires_config_enabled MBEDTLS_SSL_CLI_C
1897requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1898requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1899requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1900run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,secp521r1,rsa_pss_rsae_sha256" \
1901 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1902 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
1903 0 \
1904 -c "HTTP/1.0 200 OK" \
1905 -c "ECDH curve: secp521r1" \
1906 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1907 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1908 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1909
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1910requires_openssl_tls1_3
1911requires_config_enabled MBEDTLS_DEBUG_C
1912requires_config_enabled MBEDTLS_SSL_CLI_C
1913requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1914requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1915requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1916run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1917 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1918 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
1919 0 \
1920 -c "HTTP/1.0 200 ok" \
1921 -c "ECDH curve: x25519" \
1922 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1923 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1924 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1925
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1926requires_gnutls_tls1_3
1927requires_gnutls_next_no_ticket
1928requires_gnutls_next_disable_tls13_compat
1929requires_config_enabled MBEDTLS_DEBUG_C
1930requires_config_enabled MBEDTLS_SSL_CLI_C
1931requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1932requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1933requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1934run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x25519,rsa_pss_rsae_sha256" \
1935 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1936 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
1937 0 \
1938 -c "HTTP/1.0 200 OK" \
1939 -c "ECDH curve: x25519" \
1940 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1941 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1942 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1943
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1944requires_openssl_tls1_3
1945requires_config_enabled MBEDTLS_DEBUG_C
1946requires_config_enabled MBEDTLS_SSL_CLI_C
1947requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1948requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1949requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1950run_test "TLS 1.3 m->O: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1951 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
1952 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
1953 0 \
1954 -c "HTTP/1.0 200 ok" \
1955 -c "ECDH curve: x448" \
1956 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1957 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1958 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1959
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1960requires_gnutls_tls1_3
1961requires_gnutls_next_no_ticket
1962requires_gnutls_next_disable_tls13_compat
1963requires_config_enabled MBEDTLS_DEBUG_C
1964requires_config_enabled MBEDTLS_SSL_CLI_C
1965requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1966requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
1967requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1968run_test "TLS 1.3 m->G: TLS_CHACHA20_POLY1305_SHA256,x448,rsa_pss_rsae_sha256" \
1969 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+CHACHA20-POLY1305:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1970 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
1971 0 \
1972 -c "HTTP/1.0 200 OK" \
1973 -c "ECDH curve: x448" \
1974 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
1975 -c "Certificate Verify: Signature algorithm ( 0804 )" \
1976 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1977
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1978requires_openssl_tls1_3
1979requires_config_enabled MBEDTLS_DEBUG_C
1980requires_config_enabled MBEDTLS_SSL_CLI_C
1981requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1982requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1983run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
1984 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]1985 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
1986 0 \
1987 -c "HTTP/1.0 200 ok" \
1988 -c "ECDH curve: secp256r1" \
1989 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
1990 -c "Certificate Verify: Signature algorithm ( 0403 )" \
1991 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]1992
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]1993requires_gnutls_tls1_3
1994requires_gnutls_next_no_ticket
1995requires_gnutls_next_disable_tls13_compat
1996requires_config_enabled MBEDTLS_DEBUG_C
1997requires_config_enabled MBEDTLS_SSL_CLI_C
1998requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
1999requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2000run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
2001 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2002 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2003 0 \
2004 -c "HTTP/1.0 200 OK" \
2005 -c "ECDH curve: secp256r1" \
2006 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2007 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2008 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2009
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2010requires_openssl_tls1_3
2011requires_config_enabled MBEDTLS_DEBUG_C
2012requires_config_enabled MBEDTLS_SSL_CLI_C
2013requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2014requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2015run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
2016 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2017 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2018 0 \
2019 -c "HTTP/1.0 200 ok" \
2020 -c "ECDH curve: secp384r1" \
2021 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2022 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2023 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2024
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2025requires_gnutls_tls1_3
2026requires_gnutls_next_no_ticket
2027requires_gnutls_next_disable_tls13_compat
2028requires_config_enabled MBEDTLS_DEBUG_C
2029requires_config_enabled MBEDTLS_SSL_CLI_C
2030requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2031requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2032run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
2033 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2034 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2035 0 \
2036 -c "HTTP/1.0 200 OK" \
2037 -c "ECDH curve: secp384r1" \
2038 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2039 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2040 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2041
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2042requires_openssl_tls1_3
2043requires_config_enabled MBEDTLS_DEBUG_C
2044requires_config_enabled MBEDTLS_SSL_CLI_C
2045requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2046requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2047run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
2048 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2049 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2050 0 \
2051 -c "HTTP/1.0 200 ok" \
2052 -c "ECDH curve: secp521r1" \
2053 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2054 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2055 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2056
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2057requires_gnutls_tls1_3
2058requires_gnutls_next_no_ticket
2059requires_gnutls_next_disable_tls13_compat
2060requires_config_enabled MBEDTLS_DEBUG_C
2061requires_config_enabled MBEDTLS_SSL_CLI_C
2062requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2063requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2064run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
2065 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2066 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2067 0 \
2068 -c "HTTP/1.0 200 OK" \
2069 -c "ECDH curve: secp521r1" \
2070 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2071 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2072 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2073
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2074requires_openssl_tls1_3
2075requires_config_enabled MBEDTLS_DEBUG_C
2076requires_config_enabled MBEDTLS_SSL_CLI_C
2077requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2078requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2079run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
2080 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2081 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2082 0 \
2083 -c "HTTP/1.0 200 ok" \
2084 -c "ECDH curve: x25519" \
2085 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2086 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2087 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2088
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2089requires_gnutls_tls1_3
2090requires_gnutls_next_no_ticket
2091requires_gnutls_next_disable_tls13_compat
2092requires_config_enabled MBEDTLS_DEBUG_C
2093requires_config_enabled MBEDTLS_SSL_CLI_C
2094requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2095requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2096run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp256r1_sha256" \
2097 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2098 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2099 0 \
2100 -c "HTTP/1.0 200 OK" \
2101 -c "ECDH curve: x25519" \
2102 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2103 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2104 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2105
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2106requires_openssl_tls1_3
2107requires_config_enabled MBEDTLS_DEBUG_C
2108requires_config_enabled MBEDTLS_SSL_CLI_C
2109requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2110requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2111run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
2112 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2113 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2114 0 \
2115 -c "HTTP/1.0 200 ok" \
2116 -c "ECDH curve: x448" \
2117 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2118 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2119 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2120
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2121requires_gnutls_tls1_3
2122requires_gnutls_next_no_ticket
2123requires_gnutls_next_disable_tls13_compat
2124requires_config_enabled MBEDTLS_DEBUG_C
2125requires_config_enabled MBEDTLS_SSL_CLI_C
2126requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2127requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2128run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp256r1_sha256" \
2129 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2130 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2131 0 \
2132 -c "HTTP/1.0 200 OK" \
2133 -c "ECDH curve: x448" \
2134 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2135 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2136 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2137
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2138requires_openssl_tls1_3
2139requires_config_enabled MBEDTLS_DEBUG_C
2140requires_config_enabled MBEDTLS_SSL_CLI_C
2141requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2142requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2143run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
2144 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2145 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2146 0 \
2147 -c "HTTP/1.0 200 ok" \
2148 -c "ECDH curve: secp256r1" \
2149 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2150 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2151 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2152
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2153requires_gnutls_tls1_3
2154requires_gnutls_next_no_ticket
2155requires_gnutls_next_disable_tls13_compat
2156requires_config_enabled MBEDTLS_DEBUG_C
2157requires_config_enabled MBEDTLS_SSL_CLI_C
2158requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2159requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2160run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
2161 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2162 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2163 0 \
2164 -c "HTTP/1.0 200 OK" \
2165 -c "ECDH curve: secp256r1" \
2166 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2167 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2168 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2169
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2170requires_openssl_tls1_3
2171requires_config_enabled MBEDTLS_DEBUG_C
2172requires_config_enabled MBEDTLS_SSL_CLI_C
2173requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2174requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2175run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
2176 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2177 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2178 0 \
2179 -c "HTTP/1.0 200 ok" \
2180 -c "ECDH curve: secp384r1" \
2181 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2182 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2183 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2184
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2185requires_gnutls_tls1_3
2186requires_gnutls_next_no_ticket
2187requires_gnutls_next_disable_tls13_compat
2188requires_config_enabled MBEDTLS_DEBUG_C
2189requires_config_enabled MBEDTLS_SSL_CLI_C
2190requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2191requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2192run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
2193 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2194 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2195 0 \
2196 -c "HTTP/1.0 200 OK" \
2197 -c "ECDH curve: secp384r1" \
2198 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2199 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2200 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2201
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2202requires_openssl_tls1_3
2203requires_config_enabled MBEDTLS_DEBUG_C
2204requires_config_enabled MBEDTLS_SSL_CLI_C
2205requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2206requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2207run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
2208 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2209 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2210 0 \
2211 -c "HTTP/1.0 200 ok" \
2212 -c "ECDH curve: secp521r1" \
2213 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2214 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2215 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2216
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2217requires_gnutls_tls1_3
2218requires_gnutls_next_no_ticket
2219requires_gnutls_next_disable_tls13_compat
2220requires_config_enabled MBEDTLS_DEBUG_C
2221requires_config_enabled MBEDTLS_SSL_CLI_C
2222requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2223requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2224run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
2225 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2226 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2227 0 \
2228 -c "HTTP/1.0 200 OK" \
2229 -c "ECDH curve: secp521r1" \
2230 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2231 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2232 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2233
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2234requires_openssl_tls1_3
2235requires_config_enabled MBEDTLS_DEBUG_C
2236requires_config_enabled MBEDTLS_SSL_CLI_C
2237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2238requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2239run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
2240 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2241 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2242 0 \
2243 -c "HTTP/1.0 200 ok" \
2244 -c "ECDH curve: x25519" \
2245 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2246 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2247 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2248
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2249requires_gnutls_tls1_3
2250requires_gnutls_next_no_ticket
2251requires_gnutls_next_disable_tls13_compat
2252requires_config_enabled MBEDTLS_DEBUG_C
2253requires_config_enabled MBEDTLS_SSL_CLI_C
2254requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2255requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2256run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp384r1_sha384" \
2257 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2258 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2259 0 \
2260 -c "HTTP/1.0 200 OK" \
2261 -c "ECDH curve: x25519" \
2262 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2263 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2264 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2265
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2266requires_openssl_tls1_3
2267requires_config_enabled MBEDTLS_DEBUG_C
2268requires_config_enabled MBEDTLS_SSL_CLI_C
2269requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2270requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2271run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
2272 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2273 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2274 0 \
2275 -c "HTTP/1.0 200 ok" \
2276 -c "ECDH curve: x448" \
2277 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2278 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2279 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2280
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2281requires_gnutls_tls1_3
2282requires_gnutls_next_no_ticket
2283requires_gnutls_next_disable_tls13_compat
2284requires_config_enabled MBEDTLS_DEBUG_C
2285requires_config_enabled MBEDTLS_SSL_CLI_C
2286requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2287requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2288run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp384r1_sha384" \
2289 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2290 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2291 0 \
2292 -c "HTTP/1.0 200 OK" \
2293 -c "ECDH curve: x448" \
2294 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2295 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2296 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2297
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2298requires_openssl_tls1_3
2299requires_config_enabled MBEDTLS_DEBUG_C
2300requires_config_enabled MBEDTLS_SSL_CLI_C
2301requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2302requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2303run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
2304 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2305 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2306 0 \
2307 -c "HTTP/1.0 200 ok" \
2308 -c "ECDH curve: secp256r1" \
2309 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2310 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2311 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2312
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2313requires_gnutls_tls1_3
2314requires_gnutls_next_no_ticket
2315requires_gnutls_next_disable_tls13_compat
2316requires_config_enabled MBEDTLS_DEBUG_C
2317requires_config_enabled MBEDTLS_SSL_CLI_C
2318requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2319requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2320run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
2321 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2322 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2323 0 \
2324 -c "HTTP/1.0 200 OK" \
2325 -c "ECDH curve: secp256r1" \
2326 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2327 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2328 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2329
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2330requires_openssl_tls1_3
2331requires_config_enabled MBEDTLS_DEBUG_C
2332requires_config_enabled MBEDTLS_SSL_CLI_C
2333requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2334requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2335run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
2336 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2337 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2338 0 \
2339 -c "HTTP/1.0 200 ok" \
2340 -c "ECDH curve: secp384r1" \
2341 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2342 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2343 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2344
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2345requires_gnutls_tls1_3
2346requires_gnutls_next_no_ticket
2347requires_gnutls_next_disable_tls13_compat
2348requires_config_enabled MBEDTLS_DEBUG_C
2349requires_config_enabled MBEDTLS_SSL_CLI_C
2350requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2351requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2352run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
2353 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2354 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2355 0 \
2356 -c "HTTP/1.0 200 OK" \
2357 -c "ECDH curve: secp384r1" \
2358 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2359 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2360 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2361
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2362requires_openssl_tls1_3
2363requires_config_enabled MBEDTLS_DEBUG_C
2364requires_config_enabled MBEDTLS_SSL_CLI_C
2365requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2366requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2367run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
2368 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2369 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2370 0 \
2371 -c "HTTP/1.0 200 ok" \
2372 -c "ECDH curve: secp521r1" \
2373 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2374 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2375 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2376
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2377requires_gnutls_tls1_3
2378requires_gnutls_next_no_ticket
2379requires_gnutls_next_disable_tls13_compat
2380requires_config_enabled MBEDTLS_DEBUG_C
2381requires_config_enabled MBEDTLS_SSL_CLI_C
2382requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2383requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2384run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
2385 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2386 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2387 0 \
2388 -c "HTTP/1.0 200 OK" \
2389 -c "ECDH curve: secp521r1" \
2390 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2391 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2392 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2393
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2394requires_openssl_tls1_3
2395requires_config_enabled MBEDTLS_DEBUG_C
2396requires_config_enabled MBEDTLS_SSL_CLI_C
2397requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2398requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2399run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
2400 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2401 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2402 0 \
2403 -c "HTTP/1.0 200 ok" \
2404 -c "ECDH curve: x25519" \
2405 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2406 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2407 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2408
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2409requires_gnutls_tls1_3
2410requires_gnutls_next_no_ticket
2411requires_gnutls_next_disable_tls13_compat
2412requires_config_enabled MBEDTLS_DEBUG_C
2413requires_config_enabled MBEDTLS_SSL_CLI_C
2414requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2415requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2416run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,ecdsa_secp521r1_sha512" \
2417 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2418 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2419 0 \
2420 -c "HTTP/1.0 200 OK" \
2421 -c "ECDH curve: x25519" \
2422 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2423 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2424 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2425
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2426requires_openssl_tls1_3
2427requires_config_enabled MBEDTLS_DEBUG_C
2428requires_config_enabled MBEDTLS_SSL_CLI_C
2429requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2430requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2431run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
2432 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2433 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2434 0 \
2435 -c "HTTP/1.0 200 ok" \
2436 -c "ECDH curve: x448" \
2437 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2438 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2439 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2440
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2441requires_gnutls_tls1_3
2442requires_gnutls_next_no_ticket
2443requires_gnutls_next_disable_tls13_compat
2444requires_config_enabled MBEDTLS_DEBUG_C
2445requires_config_enabled MBEDTLS_SSL_CLI_C
2446requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2447requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2448run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,ecdsa_secp521r1_sha512" \
2449 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2450 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2451 0 \
2452 -c "HTTP/1.0 200 OK" \
2453 -c "ECDH curve: x448" \
2454 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2455 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2456 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2457
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2458requires_openssl_tls1_3
2459requires_config_enabled MBEDTLS_DEBUG_C
2460requires_config_enabled MBEDTLS_SSL_CLI_C
2461requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2462requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2463requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2464run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2465 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2466 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
2467 0 \
2468 -c "HTTP/1.0 200 ok" \
2469 -c "ECDH curve: secp256r1" \
2470 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2471 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2472 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2473
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2474requires_gnutls_tls1_3
2475requires_gnutls_next_no_ticket
2476requires_gnutls_next_disable_tls13_compat
2477requires_config_enabled MBEDTLS_DEBUG_C
2478requires_config_enabled MBEDTLS_SSL_CLI_C
2479requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2480requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2481requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2482run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp256r1,rsa_pss_rsae_sha256" \
2483 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2484 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
2485 0 \
2486 -c "HTTP/1.0 200 OK" \
2487 -c "ECDH curve: secp256r1" \
2488 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2489 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2490 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2491
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2492requires_openssl_tls1_3
2493requires_config_enabled MBEDTLS_DEBUG_C
2494requires_config_enabled MBEDTLS_SSL_CLI_C
2495requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2496requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2497requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2498run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2499 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2500 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
2501 0 \
2502 -c "HTTP/1.0 200 ok" \
2503 -c "ECDH curve: secp384r1" \
2504 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2505 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2506 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2507
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2508requires_gnutls_tls1_3
2509requires_gnutls_next_no_ticket
2510requires_gnutls_next_disable_tls13_compat
2511requires_config_enabled MBEDTLS_DEBUG_C
2512requires_config_enabled MBEDTLS_SSL_CLI_C
2513requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2514requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2515requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2516run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp384r1,rsa_pss_rsae_sha256" \
2517 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2518 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
2519 0 \
2520 -c "HTTP/1.0 200 OK" \
2521 -c "ECDH curve: secp384r1" \
2522 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2523 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2524 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2525
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2526requires_openssl_tls1_3
2527requires_config_enabled MBEDTLS_DEBUG_C
2528requires_config_enabled MBEDTLS_SSL_CLI_C
2529requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2530requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2531requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2532run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2533 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2534 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
2535 0 \
2536 -c "HTTP/1.0 200 ok" \
2537 -c "ECDH curve: secp521r1" \
2538 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2539 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2540 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2541
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2542requires_gnutls_tls1_3
2543requires_gnutls_next_no_ticket
2544requires_gnutls_next_disable_tls13_compat
2545requires_config_enabled MBEDTLS_DEBUG_C
2546requires_config_enabled MBEDTLS_SSL_CLI_C
2547requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2548requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2549requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2550run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,secp521r1,rsa_pss_rsae_sha256" \
2551 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2552 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
2553 0 \
2554 -c "HTTP/1.0 200 OK" \
2555 -c "ECDH curve: secp521r1" \
2556 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2557 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2558 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2559
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2560requires_openssl_tls1_3
2561requires_config_enabled MBEDTLS_DEBUG_C
2562requires_config_enabled MBEDTLS_SSL_CLI_C
2563requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2564requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2565requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2566run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2567 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2568 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
2569 0 \
2570 -c "HTTP/1.0 200 ok" \
2571 -c "ECDH curve: x25519" \
2572 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2573 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2574 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2575
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2576requires_gnutls_tls1_3
2577requires_gnutls_next_no_ticket
2578requires_gnutls_next_disable_tls13_compat
2579requires_config_enabled MBEDTLS_DEBUG_C
2580requires_config_enabled MBEDTLS_SSL_CLI_C
2581requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2582requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2583requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2584run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x25519,rsa_pss_rsae_sha256" \
2585 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2586 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
2587 0 \
2588 -c "HTTP/1.0 200 OK" \
2589 -c "ECDH curve: x25519" \
2590 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2591 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2592 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2593
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2594requires_openssl_tls1_3
2595requires_config_enabled MBEDTLS_DEBUG_C
2596requires_config_enabled MBEDTLS_SSL_CLI_C
2597requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2598requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2599requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2600run_test "TLS 1.3 m->O: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2601 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
2602 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
2603 0 \
2604 -c "HTTP/1.0 200 ok" \
2605 -c "ECDH curve: x448" \
2606 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2607 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2608 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2609
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2610requires_gnutls_tls1_3
2611requires_gnutls_next_no_ticket
2612requires_gnutls_next_disable_tls13_compat
2613requires_config_enabled MBEDTLS_DEBUG_C
2614requires_config_enabled MBEDTLS_SSL_CLI_C
2615requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2616requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
2617requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2618run_test "TLS 1.3 m->G: TLS_AES_128_CCM_SHA256,x448,rsa_pss_rsae_sha256" \
2619 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2620 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
2621 0 \
2622 -c "HTTP/1.0 200 OK" \
2623 -c "ECDH curve: x448" \
2624 -c "server hello, chosen ciphersuite: ( 1304 ) - TLS1-3-AES-128-CCM-SHA256" \
2625 -c "Certificate Verify: Signature algorithm ( 0804 )" \
2626 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2627
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2628requires_openssl_tls1_3
2629requires_config_enabled MBEDTLS_DEBUG_C
2630requires_config_enabled MBEDTLS_SSL_CLI_C
2631requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2632requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2633run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
2634 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2635 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2636 0 \
2637 -c "HTTP/1.0 200 ok" \
2638 -c "ECDH curve: secp256r1" \
2639 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2640 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2641 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2642
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2643requires_gnutls_tls1_3
2644requires_gnutls_next_no_ticket
2645requires_gnutls_next_disable_tls13_compat
2646requires_config_enabled MBEDTLS_DEBUG_C
2647requires_config_enabled MBEDTLS_SSL_CLI_C
2648requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2649requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2650run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp256r1_sha256" \
2651 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2652 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2653 0 \
2654 -c "HTTP/1.0 200 OK" \
2655 -c "ECDH curve: secp256r1" \
2656 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2657 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2658 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2659
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2660requires_openssl_tls1_3
2661requires_config_enabled MBEDTLS_DEBUG_C
2662requires_config_enabled MBEDTLS_SSL_CLI_C
2663requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2664requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2665run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
2666 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2667 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2668 0 \
2669 -c "HTTP/1.0 200 ok" \
2670 -c "ECDH curve: secp384r1" \
2671 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2672 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2673 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2674
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2675requires_gnutls_tls1_3
2676requires_gnutls_next_no_ticket
2677requires_gnutls_next_disable_tls13_compat
2678requires_config_enabled MBEDTLS_DEBUG_C
2679requires_config_enabled MBEDTLS_SSL_CLI_C
2680requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2681requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2682run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp256r1_sha256" \
2683 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2684 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2685 0 \
2686 -c "HTTP/1.0 200 OK" \
2687 -c "ECDH curve: secp384r1" \
2688 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2689 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2690 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2691
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2692requires_openssl_tls1_3
2693requires_config_enabled MBEDTLS_DEBUG_C
2694requires_config_enabled MBEDTLS_SSL_CLI_C
2695requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2696requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2697run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
2698 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2699 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2700 0 \
2701 -c "HTTP/1.0 200 ok" \
2702 -c "ECDH curve: secp521r1" \
2703 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2704 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2705 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2706
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2707requires_gnutls_tls1_3
2708requires_gnutls_next_no_ticket
2709requires_gnutls_next_disable_tls13_compat
2710requires_config_enabled MBEDTLS_DEBUG_C
2711requires_config_enabled MBEDTLS_SSL_CLI_C
2712requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2713requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2714run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp256r1_sha256" \
2715 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2716 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2717 0 \
2718 -c "HTTP/1.0 200 OK" \
2719 -c "ECDH curve: secp521r1" \
2720 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2721 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2722 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2723
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2724requires_openssl_tls1_3
2725requires_config_enabled MBEDTLS_DEBUG_C
2726requires_config_enabled MBEDTLS_SSL_CLI_C
2727requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2728requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2729run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
2730 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2731 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2732 0 \
2733 -c "HTTP/1.0 200 ok" \
2734 -c "ECDH curve: x25519" \
2735 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2736 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2737 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2738
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2739requires_gnutls_tls1_3
2740requires_gnutls_next_no_ticket
2741requires_gnutls_next_disable_tls13_compat
2742requires_config_enabled MBEDTLS_DEBUG_C
2743requires_config_enabled MBEDTLS_SSL_CLI_C
2744requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2745requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2746run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp256r1_sha256" \
2747 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2748 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2749 0 \
2750 -c "HTTP/1.0 200 OK" \
2751 -c "ECDH curve: x25519" \
2752 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2753 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2754 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2755
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2756requires_openssl_tls1_3
2757requires_config_enabled MBEDTLS_DEBUG_C
2758requires_config_enabled MBEDTLS_SSL_CLI_C
2759requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2760requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2761run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
2762 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2763 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2764 0 \
2765 -c "HTTP/1.0 200 ok" \
2766 -c "ECDH curve: x448" \
2767 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2768 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2769 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2770
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2771requires_gnutls_tls1_3
2772requires_gnutls_next_no_ticket
2773requires_gnutls_next_disable_tls13_compat
2774requires_config_enabled MBEDTLS_DEBUG_C
2775requires_config_enabled MBEDTLS_SSL_CLI_C
2776requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2777requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2778run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp256r1_sha256" \
2779 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2780 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp256r1 sig_algs=ecdsa_secp256r1_sha256" \
2781 0 \
2782 -c "HTTP/1.0 200 OK" \
2783 -c "ECDH curve: x448" \
2784 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2785 -c "Certificate Verify: Signature algorithm ( 0403 )" \
2786 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2787
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2788requires_openssl_tls1_3
2789requires_config_enabled MBEDTLS_DEBUG_C
2790requires_config_enabled MBEDTLS_SSL_CLI_C
2791requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2792requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2793run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
2794 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2795 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2796 0 \
2797 -c "HTTP/1.0 200 ok" \
2798 -c "ECDH curve: secp256r1" \
2799 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2800 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2801 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2802
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2803requires_gnutls_tls1_3
2804requires_gnutls_next_no_ticket
2805requires_gnutls_next_disable_tls13_compat
2806requires_config_enabled MBEDTLS_DEBUG_C
2807requires_config_enabled MBEDTLS_SSL_CLI_C
2808requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2809requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2810run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp384r1_sha384" \
2811 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2812 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2813 0 \
2814 -c "HTTP/1.0 200 OK" \
2815 -c "ECDH curve: secp256r1" \
2816 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2817 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2818 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2819
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2820requires_openssl_tls1_3
2821requires_config_enabled MBEDTLS_DEBUG_C
2822requires_config_enabled MBEDTLS_SSL_CLI_C
2823requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2824requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2825run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
2826 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2827 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2828 0 \
2829 -c "HTTP/1.0 200 ok" \
2830 -c "ECDH curve: secp384r1" \
2831 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2832 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2833 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2834
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2835requires_gnutls_tls1_3
2836requires_gnutls_next_no_ticket
2837requires_gnutls_next_disable_tls13_compat
2838requires_config_enabled MBEDTLS_DEBUG_C
2839requires_config_enabled MBEDTLS_SSL_CLI_C
2840requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2841requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2842run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp384r1_sha384" \
2843 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2844 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2845 0 \
2846 -c "HTTP/1.0 200 OK" \
2847 -c "ECDH curve: secp384r1" \
2848 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2849 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2850 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2851
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2852requires_openssl_tls1_3
2853requires_config_enabled MBEDTLS_DEBUG_C
2854requires_config_enabled MBEDTLS_SSL_CLI_C
2855requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2856requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2857run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
2858 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2859 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2860 0 \
2861 -c "HTTP/1.0 200 ok" \
2862 -c "ECDH curve: secp521r1" \
2863 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2864 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2865 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2866
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2867requires_gnutls_tls1_3
2868requires_gnutls_next_no_ticket
2869requires_gnutls_next_disable_tls13_compat
2870requires_config_enabled MBEDTLS_DEBUG_C
2871requires_config_enabled MBEDTLS_SSL_CLI_C
2872requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2873requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2874run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp384r1_sha384" \
2875 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2876 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2877 0 \
2878 -c "HTTP/1.0 200 OK" \
2879 -c "ECDH curve: secp521r1" \
2880 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2881 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2882 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2883
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2884requires_openssl_tls1_3
2885requires_config_enabled MBEDTLS_DEBUG_C
2886requires_config_enabled MBEDTLS_SSL_CLI_C
2887requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2888requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2889run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
2890 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2891 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2892 0 \
2893 -c "HTTP/1.0 200 ok" \
2894 -c "ECDH curve: x25519" \
2895 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2896 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2897 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2898
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2899requires_gnutls_tls1_3
2900requires_gnutls_next_no_ticket
2901requires_gnutls_next_disable_tls13_compat
2902requires_config_enabled MBEDTLS_DEBUG_C
2903requires_config_enabled MBEDTLS_SSL_CLI_C
2904requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2905requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2906run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp384r1_sha384" \
2907 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2908 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2909 0 \
2910 -c "HTTP/1.0 200 OK" \
2911 -c "ECDH curve: x25519" \
2912 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2913 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2914 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2915
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2916requires_openssl_tls1_3
2917requires_config_enabled MBEDTLS_DEBUG_C
2918requires_config_enabled MBEDTLS_SSL_CLI_C
2919requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2920requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2921run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
2922 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2923 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2924 0 \
2925 -c "HTTP/1.0 200 ok" \
2926 -c "ECDH curve: x448" \
2927 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2928 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2929 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2930
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2931requires_gnutls_tls1_3
2932requires_gnutls_next_no_ticket
2933requires_gnutls_next_disable_tls13_compat
2934requires_config_enabled MBEDTLS_DEBUG_C
2935requires_config_enabled MBEDTLS_SSL_CLI_C
2936requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2937requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2938run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp384r1_sha384" \
2939 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2940 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp384r1 sig_algs=ecdsa_secp384r1_sha384" \
2941 0 \
2942 -c "HTTP/1.0 200 OK" \
2943 -c "ECDH curve: x448" \
2944 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2945 -c "Certificate Verify: Signature algorithm ( 0503 )" \
2946 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2947
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2948requires_openssl_tls1_3
2949requires_config_enabled MBEDTLS_DEBUG_C
2950requires_config_enabled MBEDTLS_SSL_CLI_C
2951requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2952requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2953run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
2954 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2955 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2956 0 \
2957 -c "HTTP/1.0 200 ok" \
2958 -c "ECDH curve: secp256r1" \
2959 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2960 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2961 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2962
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2963requires_gnutls_tls1_3
2964requires_gnutls_next_no_ticket
2965requires_gnutls_next_disable_tls13_compat
2966requires_config_enabled MBEDTLS_DEBUG_C
2967requires_config_enabled MBEDTLS_SSL_CLI_C
2968requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2969requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2970run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,ecdsa_secp521r1_sha512" \
2971 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2972 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2973 0 \
2974 -c "HTTP/1.0 200 OK" \
2975 -c "ECDH curve: secp256r1" \
2976 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2977 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2978 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2979
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2980requires_openssl_tls1_3
2981requires_config_enabled MBEDTLS_DEBUG_C
2982requires_config_enabled MBEDTLS_SSL_CLI_C
2983requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
2984requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2985run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
2986 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]2987 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
2988 0 \
2989 -c "HTTP/1.0 200 ok" \
2990 -c "ECDH curve: secp384r1" \
2991 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
2992 -c "Certificate Verify: Signature algorithm ( 0603 )" \
2993 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]2994
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]2995requires_gnutls_tls1_3
2996requires_gnutls_next_no_ticket
2997requires_gnutls_next_disable_tls13_compat
2998requires_config_enabled MBEDTLS_DEBUG_C
2999requires_config_enabled MBEDTLS_SSL_CLI_C
3000requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3001requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3002run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,ecdsa_secp521r1_sha512" \
3003 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3004 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3005 0 \
3006 -c "HTTP/1.0 200 OK" \
3007 -c "ECDH curve: secp384r1" \
3008 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3009 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3010 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3011
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3012requires_openssl_tls1_3
3013requires_config_enabled MBEDTLS_DEBUG_C
3014requires_config_enabled MBEDTLS_SSL_CLI_C
3015requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3016requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3017run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
3018 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3019 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3020 0 \
3021 -c "HTTP/1.0 200 ok" \
3022 -c "ECDH curve: secp521r1" \
3023 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3024 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3025 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3026
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3027requires_gnutls_tls1_3
3028requires_gnutls_next_no_ticket
3029requires_gnutls_next_disable_tls13_compat
3030requires_config_enabled MBEDTLS_DEBUG_C
3031requires_config_enabled MBEDTLS_SSL_CLI_C
3032requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3033requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3034run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,ecdsa_secp521r1_sha512" \
3035 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3036 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3037 0 \
3038 -c "HTTP/1.0 200 OK" \
3039 -c "ECDH curve: secp521r1" \
3040 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3041 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3042 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3043
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3044requires_openssl_tls1_3
3045requires_config_enabled MBEDTLS_DEBUG_C
3046requires_config_enabled MBEDTLS_SSL_CLI_C
3047requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3048requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3049run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
3050 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3051 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3052 0 \
3053 -c "HTTP/1.0 200 ok" \
3054 -c "ECDH curve: x25519" \
3055 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3056 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3057 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3058
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3059requires_gnutls_tls1_3
3060requires_gnutls_next_no_ticket
3061requires_gnutls_next_disable_tls13_compat
3062requires_config_enabled MBEDTLS_DEBUG_C
3063requires_config_enabled MBEDTLS_SSL_CLI_C
3064requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3065requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3066run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,ecdsa_secp521r1_sha512" \
3067 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3068 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3069 0 \
3070 -c "HTTP/1.0 200 OK" \
3071 -c "ECDH curve: x25519" \
3072 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3073 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3074 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3075
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3076requires_openssl_tls1_3
3077requires_config_enabled MBEDTLS_DEBUG_C
3078requires_config_enabled MBEDTLS_SSL_CLI_C
3079requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3080requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3081run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
3082 "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3083 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3084 0 \
3085 -c "HTTP/1.0 200 ok" \
3086 -c "ECDH curve: x448" \
3087 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3088 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3089 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3090
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3091requires_gnutls_tls1_3
3092requires_gnutls_next_no_ticket
3093requires_gnutls_next_disable_tls13_compat
3094requires_config_enabled MBEDTLS_DEBUG_C
3095requires_config_enabled MBEDTLS_SSL_CLI_C
3096requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3097requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3098run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,ecdsa_secp521r1_sha512" \
3099 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-ECDSA-SECP521R1-SHA512:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3100 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca2.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448,secp521r1 sig_algs=ecdsa_secp521r1_sha512" \
3101 0 \
3102 -c "HTTP/1.0 200 OK" \
3103 -c "ECDH curve: x448" \
3104 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3105 -c "Certificate Verify: Signature algorithm ( 0603 )" \
3106 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3107
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3108requires_openssl_tls1_3
3109requires_config_enabled MBEDTLS_DEBUG_C
3110requires_config_enabled MBEDTLS_SSL_CLI_C
3111requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3112requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3113requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3114run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3115 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-256 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3116 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
3117 0 \
3118 -c "HTTP/1.0 200 ok" \
3119 -c "ECDH curve: secp256r1" \
3120 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3121 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3122 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3123
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3124requires_gnutls_tls1_3
3125requires_gnutls_next_no_ticket
3126requires_gnutls_next_disable_tls13_compat
3127requires_config_enabled MBEDTLS_DEBUG_C
3128requires_config_enabled MBEDTLS_SSL_CLI_C
3129requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3130requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3131requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3132run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp256r1,rsa_pss_rsae_sha256" \
3133 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP256R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3134 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp256r1 sig_algs=rsa_pss_rsae_sha256" \
3135 0 \
3136 -c "HTTP/1.0 200 OK" \
3137 -c "ECDH curve: secp256r1" \
3138 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3139 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3140 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3141
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3142requires_openssl_tls1_3
3143requires_config_enabled MBEDTLS_DEBUG_C
3144requires_config_enabled MBEDTLS_SSL_CLI_C
3145requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3146requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3147requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3148run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3149 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-384 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3150 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
3151 0 \
3152 -c "HTTP/1.0 200 ok" \
3153 -c "ECDH curve: secp384r1" \
3154 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3155 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3156 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3157
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3158requires_gnutls_tls1_3
3159requires_gnutls_next_no_ticket
3160requires_gnutls_next_disable_tls13_compat
3161requires_config_enabled MBEDTLS_DEBUG_C
3162requires_config_enabled MBEDTLS_SSL_CLI_C
3163requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3164requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3165requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3166run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp384r1,rsa_pss_rsae_sha256" \
3167 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP384R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3168 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp384r1 sig_algs=rsa_pss_rsae_sha256" \
3169 0 \
3170 -c "HTTP/1.0 200 OK" \
3171 -c "ECDH curve: secp384r1" \
3172 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3173 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3174 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3175
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3176requires_openssl_tls1_3
3177requires_config_enabled MBEDTLS_DEBUG_C
3178requires_config_enabled MBEDTLS_SSL_CLI_C
3179requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3180requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3181requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3182run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3183 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups P-521 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3184 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
3185 0 \
3186 -c "HTTP/1.0 200 ok" \
3187 -c "ECDH curve: secp521r1" \
3188 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3189 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3190 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3191
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3192requires_gnutls_tls1_3
3193requires_gnutls_next_no_ticket
3194requires_gnutls_next_disable_tls13_compat
3195requires_config_enabled MBEDTLS_DEBUG_C
3196requires_config_enabled MBEDTLS_SSL_CLI_C
3197requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3198requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3199requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3200run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,secp521r1,rsa_pss_rsae_sha256" \
3201 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-SECP521R1:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3202 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=secp521r1 sig_algs=rsa_pss_rsae_sha256" \
3203 0 \
3204 -c "HTTP/1.0 200 OK" \
3205 -c "ECDH curve: secp521r1" \
3206 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3207 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3208 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3209
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3210requires_openssl_tls1_3
3211requires_config_enabled MBEDTLS_DEBUG_C
3212requires_config_enabled MBEDTLS_SSL_CLI_C
3213requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3214requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3215requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3216run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3217 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X25519 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3218 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
3219 0 \
3220 -c "HTTP/1.0 200 ok" \
3221 -c "ECDH curve: x25519" \
3222 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3223 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3224 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3225
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3226requires_gnutls_tls1_3
3227requires_gnutls_next_no_ticket
3228requires_gnutls_next_disable_tls13_compat
3229requires_config_enabled MBEDTLS_DEBUG_C
3230requires_config_enabled MBEDTLS_SSL_CLI_C
3231requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3232requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3233requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3234run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x25519,rsa_pss_rsae_sha256" \
3235 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X25519:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3236 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x25519 sig_algs=rsa_pss_rsae_sha256" \
3237 0 \
3238 -c "HTTP/1.0 200 OK" \
3239 -c "ECDH curve: x25519" \
3240 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3241 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3242 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3243
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3244requires_openssl_tls1_3
3245requires_config_enabled MBEDTLS_DEBUG_C
3246requires_config_enabled MBEDTLS_SSL_CLI_C
3247requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3248requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3249requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3250run_test "TLS 1.3 m->O: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3251 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -accept $SRV_PORT -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups X448 -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
3252 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
3253 0 \
3254 -c "HTTP/1.0 200 ok" \
3255 -c "ECDH curve: x448" \
3256 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3257 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3258 -c "Verifying peer X.509 certificate... ok"
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3259
Jerry Yu31018ad2021-11-26 20:36:17 +0800[diff] [blame]3260requires_gnutls_tls1_3
3261requires_gnutls_next_no_ticket
3262requires_gnutls_next_disable_tls13_compat
3263requires_config_enabled MBEDTLS_DEBUG_C
3264requires_config_enabled MBEDTLS_SSL_CLI_C
3265requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
3266requires_config_disabled MBEDTLS_USE_PSA_CRYPTO
3267requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
Jerry Yudda036d2021-11-30 11:19:41 +0800[diff] [blame^]3268run_test "TLS 1.3 m->G: TLS_AES_128_CCM_8_SHA256,x448,rsa_pss_rsae_sha256" \
3269 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AEAD:+AES-128-CCM-8:+GROUP-X448:+SHA256:+SIGN-RSA-PSS-RSAE-SHA256:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
Jerry Yucdcb6832021-11-29 16:50:13 +0800[diff] [blame]3270 "$P_CLI server_addr=127.0.0.1 server_port=$SRV_PORT debug_level=4 force_version=tls1_3 ca_file=data_files/test-ca_cat12.crt force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 curves=x448 sig_algs=rsa_pss_rsae_sha256" \
3271 0 \
3272 -c "HTTP/1.0 200 OK" \
3273 -c "ECDH curve: x448" \
3274 -c "server hello, chosen ciphersuite: ( 1305 ) - TLS1-3-AES-128-CCM-8-SHA256" \
3275 -c "Certificate Verify: Signature algorithm ( 0804 )" \
3276 -c "Verifying peer X.509 certificate... ok"